Using Attack and Protection Trees to Analyze Threats and Defenses to Homeland Security

Attacks against computer networks are a serious threat and occur quite often. Currently there are methods using attack trees that can be used to model how these attacks may occur. We have extended this concept to a new tree structure called a protection tree as a tool for decision makers to allocate limited resources towards the appropriate defenses against a specified attack. Protection trees ensure these limited resources are used in a manner to achieve the highest probability of success in stopping an attack. Protection trees are produced systematically by first developing an attack tree, computing metrics for each node of an attack, and then developing a corresponding protection tree with similar metrics. Eventually, libraries of attacks and available protections can be used to automate the process of developing the trees. An example attack and protection tree is used to notionally show how an organization such as the department of homeland security can allocate resources to protect their computer networks from being compromised. Decision makers in the organization can use the resultant protection tree to determine where to allocate limited resources for the best protection of their network