Performance Modelling of Attack Graphs

Almutairi, O; Thomas, N

doi:10.1007/978-3-031-44053-3_1

Performance Modelling of Attack Graphs

Lookup NU author(s): Ohud Almutairi, Dr Nigel Thomas

Downloads

Accepted version [.pdf]

Licence

This is the authors' accepted manuscript of a conference proceedings (inc. abstract) that has been published in its final definitive form by Springer, 2023.

For re-use rights please refer to the publisher's terms and conditions.

Abstract

This paper represents an initial study into using Performance Evaluation Process Algebra (PEPA) to model and analyse attack graphs. Such an approach adds timing information into the model and therefore extends the range of available analysis techniques. Two methods are proposed to generate a PEPA model based on a pre-existing attack graph with known vulnerabilities. The first method builds a PEPA model consisting of a single sequential component representing both a system and an attacker. The second method generates two sequential components and the system equation. The created PEPA models allow us to perform path analysis, sensitivity analysis and to estimate the time it takes for an attacker to compromise a system. We present two case studies of building and evaluating PEPA models of an attack graph. The PEPA Eclipse plug-in is used to support the evaluation of the PEPA model. We perform passage-time analysis on the models for each attack path in the attack graph, from the first vulnerability in a path until the system was compromised by the attacker. The results illustrate the most and least threatening attack paths and the time it takes the attacker to compromise the system for each path in the attack graph. They also show the impact of the attacker skills and the probability of exploit code availability on an attacker’s time to compromise the system.