What are Attack Trees?

The threat posed here is that intruders or thieves open security. The first level provides four types of picklocks, learns to combine, disconnects the safe and installs the wrong mechanism first. Next, the learning portfolio is divided into two levels "or" in order to find written combinations or to target owners of the State Foreign Service Administration. For all possible combinations of attacks, this will continue until all aspects are considered to be well appreciated.

The attack tree process developed by Bruce Schneier replaces existing temporary processes with processes that provide a process of assessing threats of system attacks and what steps they can take to prevent them It is designed. This process is designed to first identify the attacker's goals, then analyze the methods they can use to achieve the goal and allocate resources appropriately. In the attack tree, attacks on the system are represented by a tree structure. "Target acts as the root node and implements targets in the form of leaf nodes in various ways" (page 329).

The attack tree model is a graphical representation of the choices and goals available to attackers. They are represented in a tree structure where the root node of the tree is the attacker's global target, leaf nodes are different ways to achieve the purpose. In the attack tree, the child node of the root node is a refinement of the global target, and the leaf node represents an attack that can not be refined. The refinement is AND or OR. Figure 1 shows an example of an attack tree aimed at taking free lunch. This tree lists three possible ways to achieve this goal. I explain how to adjust these sub goals at the level below the tree. An arc connecting child nodes indicates that this is an improvement of AND (AND). In other words, all sub-goals must be satisfied. If refinement of this connected arc is not separated (OR) it is enough to express subjective expressions.

From an attacker 's point of view, attack trees can help people better understand security issues. The attack tree identifies the majority of the attacks that pose the greatest risk to the defender, determines an effective strategy to lower the defender's risk to an acceptable level, and determines potential strategies between the opponent and the defender A graphical mathematical structure that describes attacks. Provide a communication mechanism for security analysts to acquire content known and trusted by the system and its attackers and store it in a chart that can be understood by later defenders. It is difficult to pinpoint the overall cause which can be thought of intuitively, but it is based on the ability to empirically guess how experience is applied to the new situation. For example, the effectiveness of Internet security, network security, banking system security, installation, and human security can all be modeled using an attack tree.