Abstract
Attack Trees are a graphical model of security used to study threat scenarios. While visually appealing and supported by solid theories and effective tools, one of their main drawbacks remains the amount of effort required by security experts to design them from scratch. This work aims at remedying this by providing a method for the automatic generation of Attack Trees from attack logs. The main original feature of our approach w.r.t. existing ones is the use of Process Mining algorithms to synthesize Attack Trees, which allow users to customize the way a set of logs are summarized as an Attack Tree, for example by discarding statistically irrelevant events. Our approach is supported by a prototype that, apart from the derivation and translation of the model, provides the user with an Attack Tree in the RisQFLan format, a tool used for quantitative risk modeling and analysis with Attack Trees. We use literature case studies to illustrate and explore the capabilities of our approach.
Original language | English |
---|---|
Title of host publication | Proceedings of the 12th International Symposium Leveraging Applications of Formal Methods, Verification and Validation, ISoLA 2024 |
Volume | 15219 |
Publisher | Springer |
Publication date | 2025 |
Pages | 356-372 |
ISBN (Print) | 978-3-031-73708-4 |
ISBN (Electronic) | 978-3-031-73709-1 |
DOIs | |
Publication status | Published - 2025 |
Event | 12th International Symposium on Leveraging Applications of Formal Methods, Verification and Validation (ISoLA 2024) - Crete, Greece Duration: 27 Oct 2024 → 31 Oct 2024 |
Conference
Conference | 12th International Symposium on Leveraging Applications of Formal Methods, Verification and Validation (ISoLA 2024) |
---|---|
Country/Territory | Greece |
City | Crete |
Period | 27/10/2024 → 31/10/2024 |
Keywords
- Attack Trees
- Security
- Threat Modelling
- Process Mining