Enhancing Threat Model Validation: A White-Box Approach based on Statistical Model Checking and Process Mining

Roberto Casaluce, Andrea Burratin, Francesca Chiaromonte, Alberto Lluch Lafuente, Andrea Vandin

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

14 Downloads (Pure)

Abstract

Our method addresses the challenge of validating threat models by comparing actual behavior with expected behavior. Statistical Model Checking (SMC) is frequently the more appropriate technique for validating models, as it relies on statistically relevant samples to analyze systems with potentially infinite state spaces. In the case of black-box systems, where it is not possible to make complete assumptions about the transition structure, black-box SMC becomes necessary. However, the numeric results of the SMC analysis lack insights on the model’s dynamics, prompting our proposal to enhance SMC analysis by incorporating visual information on the behavior that led to a given estimation. Our method improves traditional model validation using SMC by enriching its analyses with Process Mining (PM) techniques. Our approach takes simulated event logs as inputs, and uses PM techniques to reconstruct an observed model to be compared with the graphical representation of the original model, obtaining a diff model highlighting discrepancies among expected and actual behavior. This allows the modeler to address unexpected or missing behaviors. In this paper we further customize the diff model for aspects specific to threat model analysis, incorporating features such as new colored edges to symbolize an attacker’s initial assets and a automatic fix for simple classes of modeling errors which generate unexpected deadlocks in the simulated model. Our approach offers an effective and scalable solution for threat model validation, contributing to the evolving landscape of risk modeling and analysis.
Original languageEnglish
Title of host publicationProceedings of the 1st International Workshop on Detection And Mitigation Of Cyber attacks that exploit human vuLnerabilitiES (DAMOCLES)
Volume3713
PublisherCEUR-WS
Publication date2024
Pages9-20
Publication statusPublished - 2024
Event1st International Workshop on Detection And Mitigation Of Cyber attacks that exploit human vuLnerabilitiES - Arenzano , Italy
Duration: 4 Jun 2024 → …

Conference

Conference1st International Workshop on Detection And Mitigation Of Cyber attacks that exploit human vuLnerabilitiES
Country/TerritoryItaly
CityArenzano
Period04/06/2024 → …
SeriesCEUR Workshop Proceedings
ISSN1613-0073

Keywords

  • Attack-defense trees
  • Probabilistic modeling
  • Process mining
  • Statistical model checking
  • Threat models

Fingerprint

Dive into the research topics of 'Enhancing Threat Model Validation: A White-Box Approach based on Statistical Model Checking and Process Mining'. Together they form a unique fingerprint.

Cite this