In this paper, we present a novel attack tree paradigm called attack countermeasure tree (ACT) comprisingan additional attack resistant element known as the Split-protocol. ACT which circumvent the fabricationand way out of a state-space representation and takes keen on account attack, as well as countermesures(in the form of detection and mitigation events). Split-protocol as an attack resistant element enhances theavailability of the system during or after a security attack on the system. We compare ACT with or withoutSplit-protocol implantation. The split-protocol concept stemmed from splitting the HTTP/TCP protocol inwebserver application. An HTTP/TCP protocol is standard on a webserver can be split into two segments,and each part can be separately run on a different Web server, thus constituting dual servers. These serverscommunicate across a network by using inter-server messages or delegate messages.In ACT, recognitionand alleviation are allowed not just at the leaf node but also at the intermediatenodes,andsimultaneouslythe state-space explosion problem is avoided in its analysis. We study theconsequences of incorporating countermeasures in the ACT and Split-protocol using various case studies.
展开▼
