Project Abstract

In the digital age, understanding and mitigating threats is of utmost importance. As threats evolve, the need for sophisticated tools to analyse potential attack paths becomes invaluable. This work addresses the gap in efficient threat modelling by automating the generation of trees (traditionally a time consuming task). The research aims to leverage the comprehensive attack pattern data from the Common Attack Pattern Enumeration and Classification (CAPEC) database to generate a robust library of attack trees. This project employs a developmental approach, iterating through multiple generations of a tool that constructs attack trees from CAPEC data. Initially reliant on manual input, the methodology evolved to incorporate XML parsing and regular expressions, enabling the tool to automatically structure data into hierarchical models. This tool successfully reduces time required to generate trees, simultaneously ensuring these trees comprehensively cover potential attack paths as outlined in CAPEC. This tool has the ability to generate detailed, accurate trees that can be dynamically updated. The library of templates created provides a ready to use resource for security analysis and education.

Keywords: Cyber Security, Attack Tree Generation, CAPEC

 Conference Details

Session: Poster Session A at Poster Stand 16

Location: Sir Stanley Clarke Auditorium at Tuesday 7th 13:30 – 17:00

Markers: Hoang Nga Nguyen, Alma Rahat

Course: BSc Computer Science, 3rd Year

Future Plans: I’m looking for work