| Issue |
Security and Safety
Volume 4, 2025
Security and Safety in Network Simulation and Evaluation
|
|
|---|---|---|
| Article Number | 2025003 | |
| Number of page(s) | 24 | |
| Section | Information Network | |
| DOI | https://doi.org/10.1051/sands/2025003 | |
| Published online | 28 April 2025 | |
Research Article
Threat ripple model: A model to characterize business-oriented attacks based on business dependencies
1
School of Cyberspace Science, Harbin Institute of Technology Harbin 150001 China
2
Antiy Technology Group Co.,Ltd Beijing 100195 China
* Corresponding author (email: shuaiasl@gmail.com)
Received:
24
December
2024
Revised:
26
February
2025
Accepted:
10
March
2025
Traditional attack descriptions and threat modeling are discussed directly from the perspective of attacking infrastructure, i.e., platforms, using malicious code. For example, it is believed that exploiting vulnerabilities to access the system, and then invading the target platform that support the specified business through lateral movement can achieve the purpose of attacking the business. The most classic Cyber Kill Chain model expresses the attack process almost directly as a life cycle of malicious code execution, but in fact there are many ways can be utilized by adversary, such as the dependencies among businesses. In this paper, we discuss threat transmission from a business perspective. In a business dependency sequence, if any of the businesses prior to the specified business is abnormal, it is unlikely that the business will operate normally either. This leads adversary to target various business support platforms of the business dependent sequence in order to disrupt the normal operation of the target business, rather than attacking through lateral movement. For adversary organizations whose goal is to paralyze the architecture which includes many systems, they will utilize the interrelationships of businesses in the architecture to make the effects of the attack transmit from business to business, this attack pattern cannot be described by traditional threat models. This paper constructs an architecture model that integrates the platform and business, and also constructs a threat model that reflects the ripple effect of threats utilizing the dependency among businesses. The threat model is able to characterize the logic of the transmission of the threat in the architecture after it encounters an attack. By using our architecture model and threat model to characterize real attack event and to model the financial scenario, this paper indicates that our threat modeling approach can be used for threat event assessment and threat effect inference.
Key words: Business dependency / Threat ripple / Architecture model / Threat model / Threat ripple model / Architecture security
Citation: Ao S, Fang B, Xiao X and Zhang H. Threat ripple model: A model to characterize business-oriented attacks based on business dependencies. Security and Safety 2025; 4: 2025003. https://doi.org/10.1051/sands/2025003
© The Author(s) 2025. Published by EDP Sciences and China Science Publishing & Media Ltd.
This is an Open Access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Current usage metrics show cumulative count of Article Views (full-text article views including HTML views, PDF and ePub downloads, according to the available data) and Abstracts Views on Vision4Press platform.
Data correspond to usage on the plateform after 2015. The current usage metrics is available 48-96 hours after online publication and is updated daily on week days.
Initial download of the metrics may take a while.