PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
July 2003

Using decision-tree modeling to determine paths of attack

The use of decision-tree modeling can be an effective way to identify "unwanted outcomes." Amenaza's SecurITree applies decision theory to determine likely paths of attack, starting with the attacker's desired outcome. This generic example reveals the ways an adolescent criminal would attempt to break into a house. Attack vectors that are impractical (e.g., tunneling under the house), too risky or beyond the ability and/or resources of the attacker have already been pruned from the tree. Security startup Amenaza Technologies addresses risk reduction from a different perspective--that of the attacker. Amenaza's SecurITree employs a method of creating an exploit route by linking together various approach paths and vulnerabilities in the same way an attacker might exploit a system to attain his objective. Taking Bruce Schneier's Attack Tree modeling approach, which applies decision theory to security, SecurITree allows an enterprise to identify unwanted outcomes (e.g., stolen credit card information) and work outwards to model ...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

Columns in this issue