Premium Content

Access "Using decision-tree modeling to determine paths of attack"

Published: 01 Jul 2003
Balancing act: Security resource planning helps manage IT risk

This article is part of the July 2003 issue of Balancing act: Security resource planning helps manage IT risk

The use of decision-tree modeling can be an effective way to identify "unwanted outcomes." Amenaza's SecurITree applies decision theory to determine likely paths of attack, starting with the attacker's desired outcome. This generic example reveals the ways an adolescent criminal would attempt to break into a house. Attack vectors that are impractical (e.g., tunneling under the house), too risky or beyond the ability and/or resources of the attacker have already been pruned from the tree. Security startup Amenaza Technologies addresses risk reduction from a different perspective--that of the attacker. Amenaza's SecurITree employs a method of creating an exploit route by linking together various approach paths and vulnerabilities in the same way an attacker might exploit a system to attain his objective. Taking Bruce Schneier's Attack Tree modeling approach, which applies decision theory to security, SecurITree allows an enterprise to identify unwanted outcomes (e.g., stolen credit card information) and work outwards to model various ways an attacker may ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Already a member? Login to access this content.

What's Inside

Features

More Premium Content Accessible For Free

Back to top