Threat Analysis of Cyber Attacks with Attack Tree+

Defenders have developed various threat risk analysis schemes to recognize the intruder attack profile, identify the system weakness, and implement the security safeguards to protect the information asset from cyber-attacks. Attack trees (AT) technique play an important role to investigate the threat analysis problem to known cyber-attacks for risk assessment. For example, protection trees and defense Tree were used to analyze the system weaknesses against network threat. However, existing AT-based scheme provided a converse thinking to counter against attacks, ignored the dynamic interactions between threats and defenses and lacked the defense metrics for probabilistic analysis to real cyber-attack cases. Accordingly, the present study proposes a new method for solving threat analysis and risk assessment problem by means of an improved Attack–Defense Tree (ADT) scheme. Especially, defense evaluation metrics using Attack Tree+ for each node for probabilistic analysis is used to assisting defender validate the simulated attack results. Finally, a case of threat analysis of Zeus attack is given to demonstrate our approach.