Regression nodes: Extending attack trees with data from social sciences

JWH Bullee; AL Montoya Morales; W Pieters; M. Junger; P.H. Hartel

doi:10.1109/STAST.2015.11

Regression nodes: Extending attack trees with data from social sciences

JWH Bullee, AL Montoya Morales, W Pieters, M. Junger, P.H. Hartel

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

2 Citations (Scopus)

Abstract

In the field of security, attack trees are often used to assess security vulnerabilities probabilistically in relation to multi-step attacks. The nodes are usually connected via AND-gates, where all children must be executed, or via OR-gates, where only one action is necessary for the attack step to succeed. This logic, however, is not suitable for including human interaction such as that of social engineering, because the attacker may combine different persuasion principles to different degrees, with different associated success probabilities. Experimental results in this domain are typically represented by regression equations rather than logical gates. This paper therefore proposes an extension to attack trees involving a regression-node, illustrated by data obtained from a social engineering experiment. By allowing the annotation of leaf nodes with experimental data from social science, the regression-node enables the development of integrated socio-technical security models.

Original language	English
Title of host publication	Proceedings of the Workshop on Socio-Technical Aspects in Security and Trust (STAST 2015)
Editors	G Bella, G Lenzine
Place of Publication	Piscataway
Publisher	IEEE Society
Pages	17-23
Number of pages	7
ISBN (Print)	978-1-5090-0178-1
DOIs	https://doi.org/10.1109/STAST.2015.11
Publication status	Published - 2015
Event	Proceedings of the Workshop on Socio-Technical Aspects in Security and Trust (STAST 2015),Verona, Italy - Piscataway Duration: 13 Jul 2015 → 13 Jul 2015

Publication series

Name
Publisher	IEEE

Conference

Conference	Proceedings of the Workshop on Socio-Technical Aspects in Security and Trust (STAST 2015),Verona, Italy
Period	13/07/15 → 13/07/15

Bibliographical note

http://www.computer.org/csdl/proceedings/stast/2015/0178/00/0178z003.pdf

Keywords

CSdevelopingscience

Access to Document

10.1109/STAST.2015.11

Cite this

@inproceedings{00dfc3be076e423989343fbd70f389b9,

title = "Regression nodes: Extending attack trees with data from social sciences",

abstract = "In the field of security, attack trees are often used to assess security vulnerabilities probabilistically in relation to multi-step attacks. The nodes are usually connected via AND-gates, where all children must be executed, or via OR-gates, where only one action is necessary for the attack step to succeed. This logic, however, is not suitable for including human interaction such as that of social engineering, because the attacker may combine different persuasion principles to different degrees, with different associated success probabilities. Experimental results in this domain are typically represented by regression equations rather than logical gates. This paper therefore proposes an extension to attack trees involving a regression-node, illustrated by data obtained from a social engineering experiment. By allowing the annotation of leaf nodes with experimental data from social science, the regression-node enables the development of integrated socio-technical security models.",

keywords = "CSdevelopingscience",

author = "JWH Bullee and {Montoya Morales}, AL and W Pieters and M. Junger and P.H. Hartel",

note = "http://www.computer.org/csdl/proceedings/stast/2015/0178/00/0178z003.pdf; Proceedings of the Workshop on Socio-Technical Aspects in Security and Trust (STAST 2015),Verona, Italy ; Conference date: 13-07-2015 Through 13-07-2015",

year = "2015",

doi = "10.1109/STAST.2015.11",

language = "English",

isbn = "978-1-5090-0178-1",

publisher = "IEEE Society",

pages = "17--23",

editor = "G Bella and G Lenzine",

booktitle = "Proceedings of the Workshop on Socio-Technical Aspects in Security and Trust (STAST 2015)",

}

Bullee, JWH, Montoya Morales, AL, Pieters, W, Junger, M & Hartel, PH 2015, Regression nodes: Extending attack trees with data from social sciences. in G Bella & G Lenzine (eds), Proceedings of the Workshop on Socio-Technical Aspects in Security and Trust (STAST 2015). IEEE Society, Piscataway, pp. 17-23, Proceedings of the Workshop on Socio-Technical Aspects in Security and Trust (STAST 2015),Verona, Italy, 13/07/15. https://doi.org/10.1109/STAST.2015.11

Regression nodes: Extending attack trees with data from social sciences. / Bullee, JWH; Montoya Morales, AL; Pieters, W et al.
Proceedings of the Workshop on Socio-Technical Aspects in Security and Trust (STAST 2015). ed. / G Bella; G Lenzine. Piscataway: IEEE Society, 2015. p. 17-23.

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Regression nodes: Extending attack trees with data from social sciences

AU - Bullee, JWH

AU - Montoya Morales, AL

AU - Pieters, W

AU - Junger, M.

AU - Hartel, P.H.

N1 - http://www.computer.org/csdl/proceedings/stast/2015/0178/00/0178z003.pdf

PY - 2015

Y1 - 2015

N2 - In the field of security, attack trees are often used to assess security vulnerabilities probabilistically in relation to multi-step attacks. The nodes are usually connected via AND-gates, where all children must be executed, or via OR-gates, where only one action is necessary for the attack step to succeed. This logic, however, is not suitable for including human interaction such as that of social engineering, because the attacker may combine different persuasion principles to different degrees, with different associated success probabilities. Experimental results in this domain are typically represented by regression equations rather than logical gates. This paper therefore proposes an extension to attack trees involving a regression-node, illustrated by data obtained from a social engineering experiment. By allowing the annotation of leaf nodes with experimental data from social science, the regression-node enables the development of integrated socio-technical security models.

AB - In the field of security, attack trees are often used to assess security vulnerabilities probabilistically in relation to multi-step attacks. The nodes are usually connected via AND-gates, where all children must be executed, or via OR-gates, where only one action is necessary for the attack step to succeed. This logic, however, is not suitable for including human interaction such as that of social engineering, because the attacker may combine different persuasion principles to different degrees, with different associated success probabilities. Experimental results in this domain are typically represented by regression equations rather than logical gates. This paper therefore proposes an extension to attack trees involving a regression-node, illustrated by data obtained from a social engineering experiment. By allowing the annotation of leaf nodes with experimental data from social science, the regression-node enables the development of integrated socio-technical security models.

KW - CSdevelopingscience

U2 - 10.1109/STAST.2015.11

DO - 10.1109/STAST.2015.11

M3 - Conference contribution

SN - 978-1-5090-0178-1

SP - 17

EP - 23

BT - Proceedings of the Workshop on Socio-Technical Aspects in Security and Trust (STAST 2015)

A2 - Bella, G

A2 - Lenzine, G

PB - IEEE Society

CY - Piscataway

T2 - Proceedings of the Workshop on Socio-Technical Aspects in Security and Trust (STAST 2015),Verona, Italy

Y2 - 13 July 2015 through 13 July 2015

ER -

Regression nodes: Extending attack trees with data from social sciences

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Fingerprint

Cite this