Leveraging Parent Mitigations and Threats for CAPEC-Driven Hierarchies

We propose a new attack pattern model which focuses on the re-inclusion of the “Parent Threat” and “Parent Mitigation” elements to logically group the background of each of the 101 attack patterns in the Common Attack Pattern Enumeration Classification’s (CAPEC) Release 1 dictionary.  Our approach creates a graphical hierarchy for each of the attack patterns and groups them not only by Parent Threats (such as “Spoofing” and “Injection”), but also by Parent Mitigations (such as “Access Control” and “Configuration Management”). This allows individual attack patterns to be traced upward to its Parent Threat and downward to its Parent Mitigation. The Parent Threat and Parent Mitigation elements are created from the inherit findings in the CAPEC and NIST standards; we are integrating this information into our hierarchy-based attack pattern approach.  The traceability from the top of the tree (Parent Threat), through the detailed elements of the attack patterns, to the roots of the tree (Parent Mitigation) introduces the CAPEC standard to audiences who are not familiar with attack patterns and allows experienced users to leverage the attacks from organized groupings that are widely accepted. There is a great amount of information in the CAPEC dictionary that we are capturing and documenting with this fan-in/fan-out approach.