Modelling Duqu 2.0 Malware using Attack Trees with Sequential Conjunction

Peter Maynard, Kieran McLaughlin, Sakir Sezer

Abstract

In this paper we identify requirements for choosing a threat modelling formalisation for modelling sophisticated malware such as Duqu 2.0. We discuss the gaps in current formalisations and propose the use of Attack Trees with Sequential Conjunction when it comes to analysing complex attacks. The paper models Duqu 2.0 based on the latest information sourced from formal and informal sources. This paper provides a well structured model which can be used for future analysis of Duqu 2.0 and related attacks.

References

  1. Arnold, F., Hermanns, H., Pulungan, R., and Stoelinga, M. (2014). Time-Dependent Analysis of Attacks. In Principles of Security and Trust (POST). Springer.
  2. Bouchti, A. and Haqiq, A. (2012). Modeling cyber-attack for SCADA systems using CoPNet approach. In 2012 International Conference on Complex Systems (ICCS), pages 1-6.
  3. Bouissou, M. and Bon, J.-L. (2003). A new formalism that combines advantages of fault-trees and Markov models: Boolean logic driven Markov processes. Reliability Engineering & System Safety, 82(2):149-163.
  4. Byres, E. J., Franz, M., and Miller, D. (2004). The use of attack trees in assessing vulnerabilities in scada systems. In in IEEE Conf. International Infrastructure Survivability Workshop (IISW 04). Institute for Electrical and Electronics Engineers.
  5. Jhawar, R., Kordy, B., Mauw, S., Radomirovi, S., and Trujillo-Rasua, R. (2015). Attack Trees with Sequential Conjunction. In ICT Systems Security and Privacy Protection, number 455 in IFIP Advances in Information and Communication Technology, pages 339-353.
  6. Kaspersky (2015). The Mystery of Duqu 2.0: a sophisticated cyberespionage actor returns.
  7. Kriaa, S., Bouissou, M., and Pietre-Cambacedes, L. (2012). Modeling the Stuxnet attack with BDMP: Towards more formal risk assessments. In 2012 7th International Conference on Risk and Security of Internet and Systems (CRiSIS), pages 1-8.
  8. Ma, Z. and Smith, P. (2013). Determining Risks from Advanced Multi-step Attacks to Critical Information Infrastructures. In Critical Information Infrastructures Security, number 8328, pages 142-154. Springer.
  9. Pietre-Cambacedes, L. and Bouissou, M. (2010). Attack and Defense Modeling with BDMP. In Kotenko, I. and Skormin, V., editors, Computer Network Security, number 6258, pages 86-101. Springer.
  10. Pietre-Cambacedes, L. and Deflesselle, Y. (2011). Security Modeling with BDMP: From Theory to Implementation. pages 1 - 8.
  11. Pinchinat, S., Acher, M., and Vojtisek, D. (2014). Towards Synthesis of Attack Trees for Supporting ComputerAided Risk Analysis.
  12. Schneier, B. (1999). Attack Trees. Dr. Dobb's.
  13. Schneier, B. (2015). Duqu 2.0. Schneier on Security.
  14. Tanu, E. and Arreymbi, J. (2010). An examination of the security implications of the supervisory control and data acquisition (SCADA) system in a mobile networked environment. Proceedings of Advances in Computing and Technology, (AC&T).
  15. Ten, C.-W., Liu, C.-C., and Govindarasu, M. (2007). Vulnerability Assessment of Cybersecurity for SCADA Systems Using Attack Trees. In IEEE Power Engineering Society General Meeting, 2007, pages 1-8.
  16. Zetter, K. (2015). Kaspersky Finds New Nation-State AttackIn Its Own Network.
Download


Paper Citation


in Harvard Style

Maynard P., McLaughlin K. and Sezer S. (2016). Modelling Duqu 2.0 Malware using Attack Trees with Sequential Conjunction . In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-167-0, pages 465-472. DOI: 10.5220/0005745704650472


in Bibtex Style

@conference{icissp16,
author={Peter Maynard and Kieran McLaughlin and Sakir Sezer},
title={Modelling Duqu 2.0 Malware using Attack Trees with Sequential Conjunction},
booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2016},
pages={465-472},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005745704650472},
isbn={978-989-758-167-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Modelling Duqu 2.0 Malware using Attack Trees with Sequential Conjunction
SN - 978-989-758-167-0
AU - Maynard P.
AU - McLaughlin K.
AU - Sezer S.
PY - 2016
SP - 465
EP - 472
DO - 10.5220/0005745704650472