Home // CYBER 2018, The Third International Conference on Cyber-Technologies and Cyber-Systems // View article
Authors:
Umezawa Katsuyuki
Mishina Yusuke
Wohlgemuth Sven
Takaragi Kazuo
Keywords: Threat Analysis; Vulnerability Information; Attack Tree.
Abstract:
In this paper, we propose a threat analysis method utilizing vulnerability databases and system design information. The method is based on attack tree analysis. We created an attack tree on a evaluation target system and some attack trees on a known vulnerability, and combined the two types of attack trees to create more concrete attack trees. This enables us to calculate the probability of occurrence of a safety accident and to utilize attack trees in future analysis. Since any document has a latent topic and keywords can be generated from that topic, our vulnerability analysis algorithms use topic model analysis for natural language processing to create and analyze attack trees. The National Institute of Advanced Industrial Science and Technology (AIST) has developed a security requirement analysis support tool using topic model analysis technology. Specifically, we performed matching of attack case papers to vulnerability databases and could find about 20 items, including exact matches, from 500 items of a vulnerability database on the basis of an attack method description.
Pages: 74 to 77
Copyright: Copyright (c) IARIA, 2018
Publication date: November 18, 2018
Published in: conference
ISSN: 2519-8599
ISBN: 978-1-61208-683-5
Location: Athens, Greece
Dates: from November 18, 2018 to November 22, 2018