{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,15]],"date-time":"2025-05-15T04:08:25Z","timestamp":1747282105804,"version":"3.40.5"},"reference-count":51,"publisher":"EDP Sciences","license":[{"start":{"date-parts":[[2025,4,28]],"date-time":"2025-04-28T00:00:00Z","timestamp":1745798400000},"content-version":"vor","delay-in-days":117,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security and Safety"],"accepted":{"date-parts":[[2025,3,10]]},"published-print":{"date-parts":[[2025]]},"abstract":"<jats:p>Traditional attack descriptions and threat modeling are discussed directly from the perspective of attacking infrastructure, <jats:italic>i.e.<\/jats:italic>, platforms, using malicious code. For example, it is believed that exploiting vulnerabilities to access the system, and then invading the target platform that support the specified business through lateral movement can achieve the purpose of attacking the business. The most classic Cyber Kill Chain model expresses the attack process almost directly as a life cycle of malicious code execution, but in fact there are many ways can be utilized by adversary, such as the dependencies among businesses. In this paper, we discuss threat transmission from a business perspective. In a business dependency sequence, if any of the businesses prior to the specified business is abnormal, it is unlikely that the business will operate normally either. This leads adversary to target various business support platforms of the business dependent sequence in order to disrupt the normal operation of the target business, rather than attacking through lateral movement. For adversary organizations whose goal is to paralyze the architecture which includes many systems, they will utilize the interrelationships of businesses in the architecture to make the effects of the attack transmit from business to business, this attack pattern cannot be described by traditional threat models. This paper constructs an architecture model that integrates the platform and business, and also constructs a threat model that reflects the ripple effect of threats utilizing the dependency among businesses. The threat model is able to characterize the logic of the transmission of the threat in the architecture after it encounters an attack. By using our architecture model and threat model to characterize real attack event and to model the financial scenario, this paper indicates that our threat modeling approach can be used for threat event assessment and threat effect inference.<\/jats:p>","DOI":"10.1051\/sands\/2025003","type":"journal-article","created":{"date-parts":[[2025,3,10]],"date-time":"2025-03-10T19:46:36Z","timestamp":1741635996000},"page":"2025003","source":"Crossref","is-referenced-by-count":0,"title":["Threat ripple model: A model to characterize business-oriented attacks based on business dependencies"],"prefix":"10.1051","volume":"4","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-8539-7752","authenticated-orcid":false,"given":"Shiliang","family":"Ao","sequence":"first","affiliation":[]},{"given":"Binxing","family":"Fang","sequence":"additional","affiliation":[]},{"given":"Xinguang","family":"Xiao","sequence":"additional","affiliation":[]},{"given":"Hongli","family":"Zhang","sequence":"additional","affiliation":[]}],"member":"250","published-online":{"date-parts":[[2025,4,28]]},"reference":[{"key":"R1","doi-asserted-by":"crossref","first-page":"1206","DOI":"10.1016\/j.procs.2019.11.234","volume":"161","author":"Al Fikri","year":"2019","journal-title":"Procedia Comput Sci"},{"key":"R2","doi-asserted-by":"crossref","unstructured":"Caralli RA, Stevens JF and Young LR et al. Introducing Octave Allegro: Improving the Information Security Risk Assessment Process. MA: Hansom AFB, 2007","DOI":"10.21236\/ADA470450"},{"key":"R3","doi-asserted-by":"crossref","unstructured":"Nagaraju V, Fiondella L and Wandji T. A survey of fault and attack tree modeling and analysis for cyber risk management. In: 2017 IEEE International Symposium on Technologies for Homeland Security (HST), IEEE, 2017: 1\u20136","DOI":"10.1109\/THS.2017.7943455"},{"key":"R4","first-page":"46","volume":"800","author":"Souppaya","year":"2016","journal-title":"NIST Spec Publ"},{"key":"R5","doi-asserted-by":"crossref","first-page":"509","DOI":"10.1007\/s10207-021-00566-3","volume":"21","author":"Zhang","year":"2022","journal-title":"Int J Inf Secur"},{"key":"R6","doi-asserted-by":"crossref","unstructured":"Abhishta A, Joosten R and Dragomiretskiy S et al. Impact of successful ddos attacks on a major crypto-currency exchange. In: 2019 27th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP). IEEE, 2019: 379\u201384","DOI":"10.1109\/EMPDP.2019.8671642"},{"key":"R7","doi-asserted-by":"crossref","first-page":"155","DOI":"10.1016\/j.cose.2017.01.003","volume":"69","author":"Akiyama","year":"2017","journal-title":"Comput Secur"},{"key":"R8","unstructured":"FireEye. Highly evasive attacker leverages SolarWinds supply chain to compromise multiple global victims with SUNBURST backdoor. FireEye Threat Research, 2020"},{"key":"R9","doi-asserted-by":"crossref","unstructured":"Ghafoor I, Jattala I and Durrani S et al. Analysis of OpenSSL Heartbleed vulnerability for embedded systems. In: 17th IEEE International Multi Topic Conference 2014. IEEE, 2014: 314\u201319","DOI":"10.1109\/INMIC.2014.7097358"},{"key":"R10","doi-asserted-by":"crossref","first-page":"209","DOI":"10.1109\/CC.2016.7563724","volume":"13","author":"Gui","year":"2016","journal-title":"China Commun"},{"key":"R11","first-page":"1938","volume":"8","author":"Mohurle","year":"2017","journal-title":"Int J Adv Res Comput Sci"},{"key":"R12","unstructured":"Antiy report, 2019. https:\/\/www.antiy.cn\/research\/notice&report\/researchreport\/20190601.html"},{"key":"R13","first-page":"29","volume":"5","author":"Falliere","year":"2011","journal-title":"Secur Response"},{"key":"R14","doi-asserted-by":"crossref","first-page":"49","DOI":"10.1109\/MSP.2011.67","volume":"9","author":"Langner","year":"2011","journal-title":"IEEE Secur Privacy"},{"key":"R15","doi-asserted-by":"crossref","first-page":"3317","DOI":"10.1109\/TPWRS.2016.2631891","volume":"32","author":"Liang","year":"2016","journal-title":"IEEE Trans Power Syst"},{"key":"R16","unstructured":"McDonald G, Murchu LO and Doherty S et al. Stuxnet 0.5: The missing link. Symantec Rep 2013. https:\/\/docs.broadcom.com\/doc\/stuxnet-missing-link-13-en"},{"key":"R17","doi-asserted-by":"crossref","unstructured":"Yadav T and Rao AM. Technical aspects of cyber kill chain. In: Security in Computing and Communications: Third International Symposium, SSCC 2015, Kochi, India, August 10-13, 2015. Proceedings 3. Springer International Publishing, 2015: 438\u201352","DOI":"10.1007\/978-3-319-22915-7_40"},{"key":"R18","first-page":"1","volume":"7","author":"Gu","year":"2007","journal-title":"In: USENIX Security Symposium."},{"key":"R19","doi-asserted-by":"crossref","unstructured":"Iskhakov A and Iskhakov S. Data Normalization models in the security event management systems. In: 2020 13th International Conference \u201cManagement of large-scale system development\u201d (MLSD). IEEE, 2020: 1\u20135","DOI":"10.1109\/MLSD49919.2020.9247682"},{"key":"R20","first-page":"80","volume":"1","author":"Hutchins","year":"2011","journal-title":"Leading Issues Inf Warfare Secur Res"},{"key":"R21","first-page":"2","volume":"1","author":"Assante","year":"2015","journal-title":"SANS Inst InfoSec Reading Room"},{"key":"R22","unstructured":"Pols P and van den Berg J. The unified kill chain. CSA Thesis, Hague, 2017: 1\u2013104"},{"key":"R23","unstructured":"Strom BE, Applebaum A and Miller DP et al. Mitre att&ck: Design and philosophy. In: Technical report. The MITRE Corporation, 2018"},{"key":"R24","doi-asserted-by":"crossref","unstructured":"Kotenko I and Doynikova E. The CAPEC based generator of attack scenarios for network security evaluation. In: 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS). IEEE, 2015; 1: 436\u201341","DOI":"10.1109\/IDAACS.2015.7340774"},{"key":"R25","unstructured":"Wynn J, Whitmore J and Upton G et al. Threat assessment and remediation analysis (tara). MITRE Corporation, 2014"},{"key":"R26","unstructured":"Bodeau DJ, McCollum CD and Fox DB. Cyber threat modeling: Survey, assessment, and representative framework. Mitre Corp, Mclean, 2018: 2021\u201311"},{"key":"R27","unstructured":"Bodeau D and Graubart R. Cyber Prep 2.0: Motivating Organizational Cyber Strategies in Terms of Preparedness. MITRE CORP BEDFORD MA, 2017; 15\u20130797"},{"key":"R28","unstructured":"Wichers D. Owasp top-10 2013. OWASP Foundation, February, 2013: 12"},{"key":"R29","unstructured":"Shevchenko N, Chick TA and O\u2019Riordan P, et al. Threat Modeling: A Summary of Available Methods. Software Engineering Institute| Carnegie Mellon University, 2018: 1\u201324"},{"key":"R30","doi-asserted-by":"crossref","unstructured":"LeMay E, Ford MD and Keefe K et al. Model-based security metrics using adversary view security evaluation (advise). In: 2011 Eighth International Conference on Quantitative Evaluation of SysTems. IEEE, 2011: 191\u2013200","DOI":"10.1109\/QEST.2011.34"},{"key":"R31","unstructured":"Stix: Assets affected in an incident. 2018. http:\/\/stixproject.github.io\/documentation\/idioms\/affected-assets\/"},{"key":"R32","first-page":"20","volume":"43","author":"Kotusev","year":"2018","journal-title":"Commun Assoc Inf Syst"},{"key":"R33","doi-asserted-by":"crossref","first-page":"627","DOI":"10.1080\/17517575.2015.1068374","volume":"11","author":"Tao","year":"2017","journal-title":"Enterprise Inf Syst"},{"key":"R34","unstructured":"Veronica AI and Ugochukwu O. Design and Development of a Web-Based Information System for Security Agencies. Technical & Industrial Sponsors, 2016: 237"},{"key":"R35","doi-asserted-by":"crossref","first-page":"682","DOI":"10.3390\/en12040682","volume":"12","author":"Haes Alhelou","year":"2019","journal-title":"Energies"},{"key":"R36","doi-asserted-by":"crossref","unstructured":"AlMasri TN and AlDalaien MN. Detecting Spyware in Android Devices Using Random Forest. In: International Conference on Advances in Computing Research. Cham: Springer Nature Switzerland, 2023: 294\u2013315","DOI":"10.1007\/978-3-031-33743-7_25"},{"key":"R37","doi-asserted-by":"crossref","unstructured":"Alkhadra R, Abuzaid J and AlShammari M et al. Solar winds hack: In-depth analysis and countermeasures. In: 2021 12th International Conference on Computing Communication and Networking Technologies (ICCCNT). IEEE, 2021: 1\u20137","DOI":"10.1109\/ICCCNT51525.2021.9579611"},{"key":"R38","unstructured":"Xiao C. Malware xcodeghost infects 39 ios apps, including wechat, affecting hundreds of millions of users. PaloAlto Network Unit, 2015; 42"},{"key":"R39","unstructured":"Bodeau DJ and McCollum CD. System-of-systems threat model. The Homeland Security Systems Engineering and Development Institute (HSSEDI) MITRE: Bedford, MA, USA, 2018"},{"key":"R40","unstructured":"Brauchle JP, Gbel M and Seiler J et al. Cyber mapping the financial system. Carnegie Endowment Int Peace, 2020. https:\/\/carnegie-production-assets.s3.amazonaws.com\/static\/files\/Brauchle_Cyber_Mapping_the_Financial_System_final.pdf"},{"key":"R41","doi-asserted-by":"crossref","first-page":"84","DOI":"10.1016\/j.procs.2023.01.267","volume":"219","author":"Gulyas","year":"2023","journal-title":"Procedia Comput Sci"},{"key":"R42","unstructured":"Loader D. Clearing, Settlement and Custody. Butterworth-Heinemann, 2019"},{"key":"R43","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/s40854-019-0169-6","volume":"6","author":"Priem","year":"2020","journal-title":"Financ Innovation"},{"key":"R44","first-page":"15","volume":"10","author":"Wewege","year":"2020","journal-title":"J Appl Finance Banking"},{"key":"R45","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1177\/0256090920917789","volume":"45","author":"Desai","year":"2020","journal-title":"Vikalpa"},{"key":"R46","doi-asserted-by":"crossref","first-page":"1143","DOI":"10.1108\/JFC-04-2020-0062","volume":"27","author":"Hashim","year":"2020","journal-title":"J Financ Crime"},{"key":"R47","unstructured":"Kellermann T and Murphy R. Modern bank heists 3.0. Annual \u201cModern Bank Heists\u201d. VMware Carbon Black, 2020"},{"key":"R48","doi-asserted-by":"crossref","unstructured":"Ghelani D, Hua TK and Koduru SKR. Cyber security threats, vulnerabilities, and security solutions models in banking. Authorea Preprints, 2022. https:\/\/doi.org\/10.22541\/au.166385206.63311335\/v1","DOI":"10.22541\/au.166385206.63311335\/v1"},{"key":"R49","first-page":"1264","volume":"20","author":"Melnyk","year":"2022","journal-title":"Rev Econ Finance"},{"key":"R50","doi-asserted-by":"crossref","unstructured":"Pomerleau PL and Lowery DL. Countering cyber threats to financial institutions. In: A Private and Public Partnership Approach to Critical Infrastructure Protection. Springer, 2020","DOI":"10.1007\/978-3-030-54054-8"},{"key":"R51","doi-asserted-by":"crossref","unstructured":"Shkolnyk IO, Kozmenko SM and Polach J et al. State financial security: Comprehensive analysis of its impact factors. 2020; 13: 291\u2013309","DOI":"10.14254\/2071-8330.2020\/13-2\/20"}],"container-title":["Security and Safety"],"original-title":[],"link":[{"URL":"https:\/\/sands.edpsciences.org\/10.1051\/sands\/2025003\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,14]],"date-time":"2025-05-14T08:00:57Z","timestamp":1747209657000},"score":1,"resource":{"primary":{"URL":"https:\/\/sands.edpsciences.org\/10.1051\/sands\/2025003"}},"subtitle":[],"editor":[{"given":"Zhaoqun","family":"Gu","sequence":"first","affiliation":[]},{"given":"Guandong","family":"Xu","sequence":"additional","affiliation":[]},{"given":"Ning","family":"Hu","sequence":"additional","affiliation":[]}],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":51,"alternative-id":["sands20240035"],"URL":"https:\/\/doi.org\/10.1051\/sands\/2025003","relation":{},"ISSN":["2826-1275"],"issn-type":[{"type":"electronic","value":"2826-1275"}],"subject":[],"published":{"date-parts":[[2025]]}}}