Modeling and execution of complex attack scenarios using interval timed colored Petri nets

Abstract

The commonly used flaw hypothesis model (FHM) for performing penetration tests provides only limited, high level guidance for the derivation of actual penetration attempts. In this paper, a mechanism for the systematic modeling, simulation, and exploitation of complex multistage and multiagent vulnerabilities in networked and distributed systems based on stochastic and interval-timed colored Petri nets is described and analyzed through case studies elucidating several properties of Petri net variants and their suitability to modeling this type of attack