Pro+ Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
July 2003

Using decision-tree modeling to determine paths of attack

The use of decision-tree modeling can be an effective way to identify "unwanted outcomes." Amenaza's SecurITree applies decision theory to determine likely paths of attack, starting with the attacker's desired outcome. This generic example reveals the ways an adolescent criminal would attempt to break into a house. Attack vectors that are impractical (e.g., tunneling under the house), too risky or beyond the ability and/or resources of the attacker have already been pruned from the tree. Security startup Amenaza Technologies addresses risk reduction from a different perspective--that of the attacker. Amenaza's SecurITree employs a method of creating an exploit route by linking together various approach paths and vulnerabilities in the same way an attacker might exploit a system to attain his objective. Taking Bruce Schneier's Attack Tree modeling approach, which applies decision theory to security, SecurITree allows an enterprise to identify unwanted outcomes (e.g., stolen credit card information) and work outwards to model ...

Access this Pro+ Content for Free!

By submitting you agree to recieve email from TechTarget and its partners. If you reside outside of the United States you consent to having your personal data transferred and processed in the United States. Privacy Policy

Features in this issue

Columns in this issue

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

-ADS BY GOOGLE

Close