Towards enhanced threat modelling and analysis using a Markov Decision Process
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Malik, Saif U. R. | - |
dc.contributor.author | Anjum, Adeel | - |
dc.contributor.author | Moqurrab, Syed Atif | - |
dc.contributor.author | Srivastava, Gautam | - |
dc.date.accessioned | 2023-07-12T08:40:09Z | - |
dc.date.available | 2023-07-12T08:40:09Z | - |
dc.date.created | 2023-07-12 | - |
dc.date.issued | 2022-10-01 | - |
dc.identifier.issn | 0140-3664 | - |
dc.identifier.uri | https://scholarworks.bwise.kr/gachon/handle/2020.sw.gachon/88489 | - |
dc.description.abstract | The complexity of socio-technical systems using Ambient Intelligence (AmI) and the Internet of Things (IoT) is growing exponentially, involving numerous entities, such as humans, infrastructures, and cyber systems. Achieving and maintaining a specified level of security and privacy in such systems is challenging and crucial. Attack Tree is a powerful technique used in safety and reliability engineering. In this paper, we attempted to enhance Attack Tree analysis by transforming it into a Markov Decision Process (MDP) model. We propose an algorithm to transform an Attack Tree into an MDP model. We argue that formal methods, such as probabilistic model checking can significantly improve the security analysis capabilities. Moreover, the mixture of MDP and probabilistic model checking can overcome the limitations of Attack Trees, such as state explosion, scalability, and manual interaction. We used a probabilistic model checker, namely PRISM to model an attack scenario and perform security analysis on it. To demonstrate the significance, we took a real-world use case and performed a probabilistic analysis on it. The results revealed that formal analysis can prove certain properties, which were not possible to verify using attack trees. | - |
dc.language | 영어 | - |
dc.language.iso | en | - |
dc.publisher | ELSEVIER | - |
dc.relation.isPartOf | COMPUTER COMMUNICATIONS | - |
dc.title | Towards enhanced threat modelling and analysis using a Markov Decision Process | - |
dc.type | Article | - |
dc.type.rims | ART | - |
dc.description.journalClass | 1 | - |
dc.identifier.wosid | 000877591800001 | - |
dc.identifier.doi | 10.1016/j.comcom.2022.07.038 | - |
dc.identifier.bibliographicCitation | COMPUTER COMMUNICATIONS, v.194, pp.282 - 291 | - |
dc.description.isOpenAccess | N | - |
dc.identifier.scopusid | 2-s2.0-85136714963 | - |
dc.citation.endPage | 291 | - |
dc.citation.startPage | 282 | - |
dc.citation.title | COMPUTER COMMUNICATIONS | - |
dc.citation.volume | 194 | - |
dc.contributor.affiliatedAuthor | Moqurrab, Syed Atif | - |
dc.type.docType | Article | - |
dc.subject.keywordAuthor | Attack Trees | - |
dc.subject.keywordAuthor | Formal methods | - |
dc.subject.keywordAuthor | Markov Decision Process | - |
dc.subject.keywordAuthor | Probabilistic model checking | - |
dc.subject.keywordAuthor | Security analysis | - |
dc.subject.keywordPlus | FAULT-TREE ANALYSIS | - |
dc.subject.keywordPlus | CHECKING | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalResearchArea | Engineering | - |
dc.relation.journalResearchArea | Telecommunications | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
dc.relation.journalWebOfScienceCategory | Engineering, Electrical & Electronic | - |
dc.relation.journalWebOfScienceCategory | Telecommunications | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
1342, Seongnam-daero, Sujeong-gu, Seongnam-si, Gyeonggi-do, Republic of Korea(13120)031-750-5114
COPYRIGHT 2020 Gachon University All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.