Attack Countermeasure Tree (ACT) meets with the Split-protocol

In this paper, we present a novel attack tree paradigm called attack countermeasure tree (ACT) comprising an additional attack resistant element known as the Split-protocol. ACT which circumvent the fabrication and way out of a state-space representation and takes keen on account attack, as well as countermesures (in the form of detection and mitigation events). Split-protocol as an attack resistant element enhances the availability of the system during or after a security attack on the system. We compare ACT with or without Split-protocol implantation. The split-protocol concept stemmed from splitting the HTTP/TCP protocol in webserver application. An HTTP/TCP protocol is standard on a webserver can be split into two segments, and each part can be separately run on a different Web server, thus constituting dual servers. These servers communicate across a network by using inter-server messages or delegate messages.In ACT, recognition and alleviation are allowed not just at the leaf node but also at the intermediate nodes,andsimultaneouslythe state-space explosion problem is avoided in its analysis. We study the consequences of incorporating countermeasures in the ACT and Split-protocol using various case studies.