Attack time analysis in dynamic attack trees via integer linear programming

Attack trees are an important tool in security analysis, and an important part of attack tree analysis is computing metrics. This paper focuses on dynamic attack trees and their min time metric, i.e. the minimal time to attack a system. For general attack trees, calculating min time efficiently is an open problem, with the fastest current method being enumerating all minimal attacks, which is NP-hard. This paper presents three tools for calculating min time. First, we introduce a novel method for general dynamic attack trees based on mixed integer linear programming. Second, we show how the computation can be sped up by identifying the modules of an attack tree, i.e. subtrees connected to the rest of the attack tree via only one node. Finally, we define a general semantics for dynamic attack trees that significantly relaxes the restrictions on attack trees compared to earlier work, allowing us to apply our methods to a wide variety of attack trees. Experiments on both a case study of a server cluster and a synthetic testing set of large attack trees verify that both the integer linear programming approach and modular analysis considerably decrease the computation time of attack time analysis.