Home // International Journal On Advances in Security, volume 12, numbers 1 and 2, 2019 // View article
Authors:
Katsuyuki Umezawa
Yusuke Mishina
Sven Wohlgemuth
Kazuo Takaragi
Keywords: Threat Analysis; Vulnerability Information; Attack Tree; Topic Model Analysis; System Model Description
Abstract:
We proposed a threat analysis method utilizing topic model analysis and vulnerability databases. The method is based on attack tree analysis. We create an attack tree on a evaluation target system and some attack trees on a known vulnerability, and combine the two types of attack trees to create more concrete attack trees. This enables us to calculate the probability of occurrence of a safety accident and to utilize attack trees in future analysis. In this paper, we formulate a topic model analysis and confirm the feasibility of matching known attack cases to vulnerability databases using a topic model analysis tool. In addition, we show that our proposed method can use the results of past threat analysis for the next one. Moreover, we create a system model description based on the attack tree of Tesla’s case created using our proposed method. It shows that fake commands can be transmitted from the external information system to the in-vehicle control system. Our approach to automatic threat analysis supports risk analysis in discovering previous unknown relationships and so threats including their potential escalation within an connected IT system.
Pages: 130 to 140
Copyright: Copyright (c) to authors, 2019. Used with permission.
Publication date: June 30, 2019
Published in: journal
ISSN: 1942-2636