Technology and Attack Trees

Various structures have been developed since the 1990s. One of them is "attack tree". [4] Attack tree is a hierarchical graphical model that explains security threats. Attack tree model was proposed by Bruce Schneier. It is also used to find vulnerabilities in the system and design plans to eliminate them. In the attack tree, we explain in detail all the ways security experts can attack the system. This model is used for computer security, but it can also be used for home security.

The attack tree model is a graphical representation of the choices and goals available to attackers. They are represented in a tree structure where the root node of the tree is the attacker's global target, leaf nodes are different ways to achieve the purpose. In the attack tree, the child node of the root node is a refinement of the global target, and the leaf node represents an attack that can not be refined. The refinement is AND or OR. Figure 1 shows an example of an attack tree aimed at taking free lunch. This tree lists three possible ways to achieve this goal. I explain how to adjust these sub goals at the level below the tree. An arc connecting child nodes indicates that this is an improvement of AND (AND). In other words, all sub-goals must be satisfied. If refinement of this connected arc is not separated (OR) it is enough to express subjective expressions.

From an attacker 's point of view, attack trees can help people better understand security issues. The attack tree identifies the majority of the attacks that pose the greatest risk to the defender, determines an effective strategy to lower the defender's risk to an acceptable level, and determines potential strategies between the opponent and the defender A graphical mathematical structure that describes attacks. Provide a communication mechanism for security analysts to acquire content known and trusted by the system and its attackers and store it in a chart that can be understood by later defenders. It is difficult to pinpoint the overall cause which can be thought of intuitively, but it is based on the ability to empirically guess how experience is applied to the new situation. For example, the effectiveness of Internet security, network security, banking system security, installation, and human security can all be modeled using an attack tree.