Modelling Duqu 2.0 Malware using Attack Trees with Sequential Conjunction

Peter Maynard; Kieran McLaughlin; Sakir Sezer

doi:10.5220/0005745704650472

Modelling Duqu 2.0 Malware using Attack Trees with Sequential Conjunction

Peter Maynard
, Kieran McLaughlin
, Sakir Sezer

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

12 Citations (Scopus)

1029 Downloads (Pure)

Abstract

In this paper we identify requirements for choosing a threat modelling formalisation for modelling sophisticated malware such as Duqu 2.0. We discuss the gaps in current formalisations and propose the use of Attack Trees with Sequential Conjunction when it comes to analysing complex attacks. The paper models Duqu 2.0 based on the latest information sourced from formal and informal sources. This paper provides a well structured model which can be used for future analysis of Duqu 2.0 and related attacks.

Original language	English
Title of host publication	Proceedings of the 2nd International Conference on Information Systems Security and Privacy
Publisher	SciTePress
Pages	465-472
Number of pages	8
ISBN (Electronic)	978-989-758-167-0
DOIs	https://doi.org/10.5220/0005745704650472
Publication status	Published - 21 Feb 2016
Event	2nd International Conference on Information Systems Security and Privacy - Barceló Aran Mantegna Hotel, Rome, Italy Duration: 19 Jan 2016 → 21 Feb 2016

Conference

Conference	2nd International Conference on Information Systems Security and Privacy
Country/Territory	Italy
City	Rome
Period	19/01/2016 → 21/02/2016

Access to Document

10.5220/0005745704650472

Modelling Duqu 2.0 Malware using Attack Trees with Sequential Conjunction
Copyright 2016 Scitepress
Final published version, 1.19 MB

R1594ECI: Analysing and Detecting Advanced Multistage Attacks Against ICS
McLaughlin, K. (PI)
13/01/2016 → 30/09/2018
Project: Research

SCADA Intrusion Detection System
McLaughlin, K. (Speaker)
08 Sept 2015
Activity: Talk or presentation types › Invited talk

File
SPARKS Smart Grid Cybersecurity Stakeholder Workshop
McLaughlin, K. (Keynote/plenary speaker)
Mar 2015
Activity: Participating in or organising an event types › Participation in workshop, seminar, course

12 Citations
1 Chapter
1 Paper

Secure Communications in Smart Grid: Networking and Protocols
McLaughlin, K., Friedberg, I., Kang, B., Maynard, P., Sezer, S. & McWilliams, G., Jul 2015, Smart Grid Security: Innovative Solutions for a Modernized Grid. Elsevier, p. 113-148
Research output: Chapter in Book/Report/Conference proceeding › Chapter
18 Link opens in a new tab Citations (Scopus)
Towards Understanding Man-In-The-Middle Attacks on IEC 60870-5-104 SCADA Networks
Maynard, P., McLaughlin, K. & Haberler, B., 12 Sept 2014.
Research output: Contribution to conference › Paper › peer-review

Open Access

Cite this

@inproceedings{71dfc912d7af4e2fb6b03844ab7cb654,

title = "Modelling Duqu 2.0 Malware using Attack Trees with Sequential Conjunction",

abstract = "In this paper we identify requirements for choosing a threat modelling formalisation for modelling sophisticated malware such as Duqu 2.0. We discuss the gaps in current formalisations and propose the use of Attack Trees with Sequential Conjunction when it comes to analysing complex attacks. The paper models Duqu 2.0 based on the latest information sourced from formal and informal sources. This paper provides a well structured model which can be used for future analysis of Duqu 2.0 and related attacks.",

author = "Peter Maynard and Kieran McLaughlin and Sakir Sezer",

year = "2016",

month = feb,

day = "21",

doi = "10.5220/0005745704650472",

language = "English",

pages = "465--472",

booktitle = "Proceedings of the 2nd International Conference on Information Systems Security and Privacy",

publisher = "SciTePress",

note = "2nd International Conference on Information Systems Security and Privacy ; Conference date: 19-01-2016 Through 21-02-2016",

}

Maynard, P, McLaughlin, K & Sezer, S 2016, Modelling Duqu 2.0 Malware using Attack Trees with Sequential Conjunction. in Proceedings of the 2nd International Conference on Information Systems Security and Privacy. SciTePress, pp. 465-472, 2nd International Conference on Information Systems Security and Privacy, Rome, Italy, 19/01/2016. https://doi.org/10.5220/0005745704650472

TY - GEN

T1 - Modelling Duqu 2.0 Malware using Attack Trees with Sequential Conjunction

AU - Maynard, Peter

AU - McLaughlin, Kieran

AU - Sezer, Sakir

PY - 2016/2/21

Y1 - 2016/2/21

N2 - In this paper we identify requirements for choosing a threat modelling formalisation for modelling sophisticated malware such as Duqu 2.0. We discuss the gaps in current formalisations and propose the use of Attack Trees with Sequential Conjunction when it comes to analysing complex attacks. The paper models Duqu 2.0 based on the latest information sourced from formal and informal sources. This paper provides a well structured model which can be used for future analysis of Duqu 2.0 and related attacks.

AB - In this paper we identify requirements for choosing a threat modelling formalisation for modelling sophisticated malware such as Duqu 2.0. We discuss the gaps in current formalisations and propose the use of Attack Trees with Sequential Conjunction when it comes to analysing complex attacks. The paper models Duqu 2.0 based on the latest information sourced from formal and informal sources. This paper provides a well structured model which can be used for future analysis of Duqu 2.0 and related attacks.

U2 - 10.5220/0005745704650472

DO - 10.5220/0005745704650472

M3 - Conference contribution

SP - 465

EP - 472

BT - Proceedings of the 2nd International Conference on Information Systems Security and Privacy

PB - SciTePress

T2 - 2nd International Conference on Information Systems Security and Privacy

Y2 - 19 January 2016 through 21 February 2016

ER -

Modelling Duqu 2.0 Malware using Attack Trees with Sequential Conjunction

Abstract

Conference

Access to Document

Fingerprint

Projects

R1594ECI: Analysing and Detecting Advanced Multistage Attacks Against ICS

Activities

SCADA Intrusion Detection System

SPARKS Smart Grid Cybersecurity Stakeholder Workshop

Research output

Secure Communications in Smart Grid: Networking and Protocols

Towards Understanding Man-In-The-Middle Attacks on IEC 60870-5-104 SCADA Networks

Cite this