Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Fuzzy quantitative attack tree analysis

Thi Kim Nhung Dang, Milan Lopuhaä-Zwakenberg, Mariëlle Stoelinga

TL;DR

This work addresses the challenge of uncertainty in quantitative attack tree analysis by introducing a general, mathematically rigorous framework for fuzzy AT metrics based on Zadeh's extension principle. It defines fuzzy AT metrics by equipping BAS with fuzzy values and applying the extension to the crisp metric, and it proves a modular decomposition theorem that enables a linear‑time bottom‑up algorithm for tree‑structured ATs. The contributions include a robust, generic definition of fuzzy AT metrics, a practical bottom‑up computation method, and a discussion of limitations for DAGs with directions for future research. The approach enables uncertainty‑aware security assessments and lays groundwork for extending quantitative AT analysis to more complex structures and uncertain data.

Abstract

Attack trees are important for security, as they help to identify weaknesses and vulnerabilities in a system. Quantitative attack tree analysis supports a number security metrics, which formulate important KPIs such as the shortest, most likely and cheapest attacks. A key bottleneck in quantitative analysis is that the values are usually not known exactly, due to insufficient data and/or lack of knowledge. Fuzzy logic is a prominent framework to handle such uncertain values, with applications in numerous domains. While several studies proposed fuzzy approaches to attack tree analysis, none of them provided a firm definition of fuzzy metric values or generic algorithms for computation of fuzzy metrics. In this work, we define a generic formulation for fuzzy metric values that applies to most quantitative metrics. The resulting metric value is a fuzzy number obtained by following Zadeh's extension principle, obtained when we equip the basis attack steps, i.e., the leaves of the attack trees, with fuzzy numbers. In addition, we prove a modular decomposition theorem that yields a bottom-up algorithm to efficiently calculate the top fuzzy metric value.

Fuzzy quantitative attack tree analysis

TL;DR

This work addresses the challenge of uncertainty in quantitative attack tree analysis by introducing a general, mathematically rigorous framework for fuzzy AT metrics based on Zadeh's extension principle. It defines fuzzy AT metrics by equipping BAS with fuzzy values and applying the extension to the crisp metric, and it proves a modular decomposition theorem that enables a linear‑time bottom‑up algorithm for tree‑structured ATs. The contributions include a robust, generic definition of fuzzy AT metrics, a practical bottom‑up computation method, and a discussion of limitations for DAGs with directions for future research. The approach enables uncertainty‑aware security assessments and lays groundwork for extending quantitative AT analysis to more complex structures and uncertain data.

Abstract

Attack trees are important for security, as they help to identify weaknesses and vulnerabilities in a system. Quantitative attack tree analysis supports a number security metrics, which formulate important KPIs such as the shortest, most likely and cheapest attacks. A key bottleneck in quantitative analysis is that the values are usually not known exactly, due to insufficient data and/or lack of knowledge. Fuzzy logic is a prominent framework to handle such uncertain values, with applications in numerous domains. While several studies proposed fuzzy approaches to attack tree analysis, none of them provided a firm definition of fuzzy metric values or generic algorithms for computation of fuzzy metrics. In this work, we define a generic formulation for fuzzy metric values that applies to most quantitative metrics. The resulting metric value is a fuzzy number obtained by following Zadeh's extension principle, obtained when we equip the basis attack steps, i.e., the leaves of the attack trees, with fuzzy numbers. In addition, we prove a modular decomposition theorem that yields a bottom-up algorithm to efficiently calculate the top fuzzy metric value.
Paper Structure (13 sections, 2 figures)

This paper contains 13 sections, 2 figures.

Table of Contents

  1. Introduction
  2. Attack trees.
  3. Quantitative analysis.
  4. Uncertain parameters.
  5. Fuzzy theory.
  6. Contributions.
  7. Related work
  8. Attack tree analysis with fuzzy numbers.
  9. Fault tree analysis.
  10. Fault tree analysis with fuzzy probabilities.
  11. Fault tree reliability analysis with interval arithmetic.
  12. Fuzzy FTA by conversion of fuzzy number of BEs to crisp probability of BEs.
  13. Fundamentals of fuzzy theory

Figures (2)

  • Figure 1: The AT model visualises the attack steps by which an attacker can illegally take money from a bank. The attacker needs to enter the bank by breaking in or sneaking in, and also needs to open a vault. Sneaking in, breaking in, and opening a vault cost 30, 5 and 60 minutes, respectively. Hence, the quantitative metric minimal cost for the attacks is $\min(30+60,5+60)=65$.
  • Figure 2: A non-fuzzy, 'crisp' element $x$ (a) and a fuzzy element $\mathsf{x}$ (b).

Theorems & Definitions (1)

  • definition thmcounterdefinition