An approach to analyzing vectors of malicious attacks on information systems using an event-formal model
Abstract
An approach to analyzing vectors of malicious attacks on information systems using an event-formal model
Incoming article date: 11.11.2025This research paper addresses the growing challenge of sophisticated, multi-stage cyberattacks that bypass traditional security measures like firewalls and intrusion detection systems. The study proposes a novel formal approach to model attacker behavior and analyze attack vectors, with a specific focus on estimating the total time required to execute an attack scenario. The core of the methodology is an extension of Labelled Transition Systems (LTS) into a Time-Labelled Transition System (TLTS). This model introduces a time function that assigns a delay to each event, enabling the calculation of the execution time for different attack paths. A formal language, utilizing sequence and choice operators, is developed for the compact description of complex attack scenarios. The paper formulates precise rules for generating all possible paths from a given attack vector and provides a method for calculating their total number. The practical application of the formalism is demonstrated through two detailed case studies: an attack leveraging a malicious mobile application and the compromise of an IoT video surveillance system. For each, the attack vector is presented both graphically and in the proposed notation, and all possible execution paths are explicitly derived. The concluded approach provides a valuable foundation for proactive security assessment, allowing for the formalization of attack surfaces and the estimation of implementation timeframes, which can be instrumental in developing enhanced defense mechanisms. Future work will involve modeling more complex scenarios incorporating active countermeasures.
Keywords: attack modeling, information security, transition system, time delay, formal language, attack scenario, attack trajectory, attack vector, cybersecurity, vulnerability analysis, information protection, attacker behavior