Publication details

Learning Attack Trees by Genetic Algorithms

Authors

DORFHUBER Florian Sebastian EISENTRAUT Julia KŘETÍNSKÝ Jan

Year of publication 2023
Type Article in Proceedings
Conference Theoretical Aspects of Computing – ICTAC 2023
MU Faculty or unit

Faculty of Informatics

Citation
Doi http://dx.doi.org/10.1007/978-3-031-47963-2_5
Keywords genetic algorithms
Description Attack trees are a graphical formalism for security assessment. They are particularly valued for their explainability and high accessibility without security or formal methods expertise. They can be used, for instance, to quantify the global insecurity of a system arising from the unreliability of its parts, graphically explain security bottlenecks, or identify additional vulnerabilities through their systematic decomposition. However, in most cases, the main hindrance in the practical deployment is the need for a domain expert to construct the tree manually or using further models. This paper demonstrates how to learn attack trees from logs, i.e., sets of traces, typically stored abundantly in many application domains. To this end, we design a genetic algorithm and apply it to classes of trees with different expressive power. Our experiments on real data show that comparably simple yet highly accurate trees can be learned efficiently, even from small data sets.

You are running an old browser version. We recommend updating your browser to its latest version.

More info