TY - GEN
T1 - Analysing Cyberattacks Using Attack Tree and Fuzzy Rules
AU - Naik, Nitin
AU - Jenkins, Paul
AU - Grace, Paul
AU - Naik, Dishita
AU - Prajapat, Shaligram
AU - Song, Jingping
AU - Xu, Jian
AU - M. Czekster, Ricardo
PY - 2024/2/1
Y1 - 2024/2/1
N2 - Understanding the development and execution of a cyberattack is intrinsic in its prevention and mitigation. A suitable cyberattack analysis method can be utilised in analysing cyberattacks. However, not every analysis method can be utilised for analysing every type of cyberattack due to the specific aim, strategy, requirements and skills of an analysis method. Therefore, deciding on a simple and suitable analysis method is always a challenging task, which requires a continuous exploration of new analysis methods. This paper presents a simple and generic method for cyberattack analysis using an attack tree and fuzzy rules. The attack tree provides a graphical and granular relationship between a cyberattacker and a victim to understand the taxonomy of an attack. Subsequently, the probability and risk of each leaf node in the attack tree is calculated using the proposed formulas. Finally, fuzzy rules formalise human reasoning to manage the approximation and uncertainty of the data to determine the overall risk of attack. This method proposes a process consisting of a sequence of steps to perform a step-by-step analysis of a cyberattack and evaluate its potential risk in a simple and efficient manner, hence its prevention and mitigation can be determined beforehand. Furthermore, the paper presents a case study of an information theft attack on an organisation and its analysis using the proposed analysis method, which can be beneficial in the analysis of other similar attacks.
AB - Understanding the development and execution of a cyberattack is intrinsic in its prevention and mitigation. A suitable cyberattack analysis method can be utilised in analysing cyberattacks. However, not every analysis method can be utilised for analysing every type of cyberattack due to the specific aim, strategy, requirements and skills of an analysis method. Therefore, deciding on a simple and suitable analysis method is always a challenging task, which requires a continuous exploration of new analysis methods. This paper presents a simple and generic method for cyberattack analysis using an attack tree and fuzzy rules. The attack tree provides a graphical and granular relationship between a cyberattacker and a victim to understand the taxonomy of an attack. Subsequently, the probability and risk of each leaf node in the attack tree is calculated using the proposed formulas. Finally, fuzzy rules formalise human reasoning to manage the approximation and uncertainty of the data to determine the overall risk of attack. This method proposes a process consisting of a sequence of steps to perform a step-by-step analysis of a cyberattack and evaluate its potential risk in a simple and efficient manner, hence its prevention and mitigation can be determined beforehand. Furthermore, the paper presents a case study of an information theft attack on an organisation and its analysis using the proposed analysis method, which can be beneficial in the analysis of other similar attacks.
KW - cyberattack analysis
KW - attack tree
KW - fuzzy logic
KW - fuzzy rules
KW - Probability of attack
KW - Risk of attack
KW - Severity of attack
KW - information theft attack
UR - https://link.springer.com/chapter/10.1007/978-3-031-47508-5_29
U2 - 10.1007/978-3-031-47508-5_29
DO - 10.1007/978-3-031-47508-5_29
M3 - Conference publication
SN - 9783031475078
T3 - Advances in Computational Intelligence Systems
SP - 364
EP - 378
BT - Contributions Presented at the 22nd UK Workshop on Computational Intelligence (UKCI 2023), September 6–8, 2023, Birmingham, UK
A2 - Naik, Nitin
A2 - Jenkins, Paul
A2 - Grace, Paul
A2 - Yang, Longzhi
A2 - Prajapat, Shaligram
ER -