Title: Proposal of an Improved Event Tree and Defense Tree Combined Method for Risk Evaluation with Common Events

Year of Publication: Sep - 2016
Page Numbers: 46-53
Authors: Ryo Aihara, Ryohei Ishii, Ryoichi Sasaki
Conference Name: The Third International Conference on Digital Security and Forensics (DigitalSec2016)
- Malaysia


Damage caused by targeted attacks has increased in recent years. In order to cope with the issue, we previously developed the event tree and defense tree combined (EDC) method for obtaining the optimal combination of countermeasures against targeted attacks based on security analyses. However, the original EDC method cannot deal with common events, i.e., events that are the common cause of more than one type of problem", here and in the main text. In order to deal with common events, instead of minimal cut set (MCS) operation, we introduce the prime implicant set (PIS) operation, which can obtain cut sets, including negative events, for the sequence of the event tree. The results of a numerical experiment confirm that the occurrence probability can be calculated correctly by introducing the PIS. Moreover, if PIS operation is not implemented, the overall risk may be underestimated by a factor of three.