Realizing Knock-Out Effect and Parent Mitigation Power for Detailed Attack Patterns: A Case Study

P.H. Engebretson and J.J. Pauli (USA)


Attack Pattern, CAPEC, Mitigation Strategies, Hierarchy, Abstraction


We propose the creation of two security metrics to measure NIST-based mitigation strategies when applied to the Common Attack Pattern Enumeration Classification (CAPEC) Release 1 Dictionary. Our approach refines and organizes CAPEC’s vast repository of 101 attack patterns into usable hierarchies that are based on 11 Parent Threats and include the critical elements of each attack pattern. We also group the mitigation strategies of each attack pattern into Parent Mitigations by mapping the detailed necessary mitigation elements from CAPEC to the more generalized NIST mitigation families. Knock-out Effect (KOE) is a measure of how many Parent Mitigation strategies are needed to fully mitigate a detailed attack pattern. Each of the 101 attack patterns has a KOE calculated and stored as part of the detailed hierarchy. Parent Mitigation Power (PMP) is a measure of the total number of unique attack patterns that were partially mitigated by an individual Parent Mitigation strategy and the total number of Child Mitigation strategies that can be traced to the Parent Mitigation. A case study is used to illustrate our approach to leveraging these metrics by including 1 attack pattern from each of the 11 Parent Threats.

Important Links:

Go Back