Modelling Security Risk Scenarios Using Subjective Attack Trees

Nasser Al-Hadhrami, Matthew Collinson, Nir Oren

Research output: Chapter in Book/Report/Conference proceedingPublished conference contribution

54 Downloads (Pure)


We propose a novel attack tree model, called a subjective attack tree, aiming to address the limitations of traditional attack trees, which use precise values for likelihoods of security events. In many situations, it is often difficult to elicit accurate probabilities due to lack of knowledge, or insufficient historical data, making the evaluation of risk in existing approaches unreliable. In this paper, we consider the modelling of uncertainty about probabilities, via subjective opinions, resulting in a model taking second-order uncertainty into account. We propose an approach to derive subjective opinions about security events based on two main criteria, namely a vulnerability level and technical difficulty to conduct an attack, using subjective logic. These subjective opinions are then used as input parameters in the proposed model. The propagation method of subjective opinions is also discussed. Our approach is evaluated against traditional attack trees using the Stuxnet self-installation scenario. Our results show that taking uncertainty about probabilities into account during security risk analysis can lead to different outcomes, and therefore different security decisions.
Original languageEnglish
Title of host publicationRisks and Security of Internet and Systems
Subtitle of host publicationCRiSIS 2020
EditorsJoaquin Garcia Alfaro, Jean Leneutre, Nora Cuppens, Reda Yaich
PublisherSpringer Nature Switzerland AG
Number of pages18
ISBN (Electronic)978-3-030-68887-5
ISBN (Print)978-3-030-68886-8
Publication statusPublished - 12 Feb 2021
Event15th International Conference: CRiSIS 2020 - Paris, France
Duration: 4 Nov 20206 Nov 2020
Conference number: 15th

Publication series

NameLecture Notes in Computer Science
ISSN (Electronic)0302-9743


Conference15th International Conference
Internet address


  • Attack trees
  • Risk analysis
  • Subjective logic


Dive into the research topics of 'Modelling Security Risk Scenarios Using Subjective Attack Trees'. Together they form a unique fingerprint.

Cite this