Towards Modeling Simultaneous Attacks

Unlike early attacks, launched by a single attacker to a single victim, recent attacks are better coordinated, difficult to discover, and procure a greater damage in systems networks. Unfortunately, existing response systems consider the case of a single ongoing intrusion ; such limitation must be addressed in order to secure operational networks threatened by multiple collaborating attacks, and even concurrent ones. In order to conceive a response system to react against such kind of attacks, a model of potential simultaneous attacks has to be established. For this purpose, this paper presents a formal description of attacks actions covering individual and coordinated attacks, and then, proposes to model these actions using an efficient modeling language, the Situation Calculus. Additionally, to offer system administrators a better visualization of how simultaneous attackers can exploits their systems vulnerabilities and attend their goals, this paper proposes a new definition of simultaneous attacks graphs and a mean to generate them. This paper also discusses belief revision, which is a critical issue that the system should consider when dealing with collaborating attackers.