DAG-based attack and defense modeling: don’t miss the forest for the attack trees

Barbara Kordy; Ludovic Piètre-Cambacédès; Patrick Schweitzer

doi:10.1016/j.cosrev.2014.07.001

DAG-based attack and defense modeling: don’t miss the forest for the attack trees

Barbara Kordy, Ludovic Piètre-Cambacédès, Patrick Schweitzer

Research output: Contribution to journal › Article › Academic › peer-review

196 Citations (Scopus)

Abstract

This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals. The objective of this survey is to summarize the existing methodologies, compare their features, and propose a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements.

Original language	English
Pages (from-to)	1-38
Number of pages	38
Journal	Computer science review
Volume	13-14
DOIs	https://doi.org/10.1016/j.cosrev.2014.07.001
Publication status	Published - Nov 2015
Externally published	Yes

Keywords

EC Grant Agreement nr.: FP7/318003
EC Grant Agreement nr.: FP7/2007-2013
Graphical models for security
Quantitative and qualitative security assessment
Security measures
Attack trees
Attack and defense modeling
Bayesian Networks

Access to Document

10.1016/j.cosrev.2014.07.001

Cite this

@article{c97f211e981849b8b5c19f4a5d156e26,

title = "DAG-based attack and defense modeling: don{\textquoteright}t miss the forest for the attack trees",

abstract = "This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals. The objective of this survey is to summarize the existing methodologies, compare their features, and propose a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements.",

keywords = "EC Grant Agreement nr.: FP7/318003, EC Grant Agreement nr.: FP7/2007-2013, Graphical models for security, Quantitative and qualitative security assessment, Security measures, Attack trees, Attack and defense modeling, Bayesian Networks",

author = "Barbara Kordy and Ludovic Pi{\`e}tre-Cambac{\'e}d{\`e}s and Patrick Schweitzer",

year = "2015",

month = nov,

doi = "10.1016/j.cosrev.2014.07.001",

language = "English",

volume = "13-14",

pages = "1--38",

journal = "Computer science review",

issn = "1574-0137",

publisher = "Elsevier",

}

TY - JOUR

T1 - DAG-based attack and defense modeling: don’t miss the forest for the attack trees

AU - Kordy, Barbara

AU - Piètre-Cambacédès, Ludovic

AU - Schweitzer, Patrick

PY - 2015/11

Y1 - 2015/11

N2 - This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals. The objective of this survey is to summarize the existing methodologies, compare their features, and propose a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements.

AB - This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals. The objective of this survey is to summarize the existing methodologies, compare their features, and propose a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements.

KW - EC Grant Agreement nr.: FP7/318003

KW - EC Grant Agreement nr.: FP7/2007-2013

KW - Graphical models for security

KW - Quantitative and qualitative security assessment

KW - Security measures

KW - Attack trees

KW - Attack and defense modeling

KW - Bayesian Networks

U2 - 10.1016/j.cosrev.2014.07.001

DO - 10.1016/j.cosrev.2014.07.001

M3 - Article

VL - 13-14

SP - 1

EP - 38

JO - Computer science review

JF - Computer science review

SN - 1574-0137

ER -

DAG-based attack and defense modeling: don’t miss the forest for the attack trees

Abstract

Keywords

Access to Document

Fingerprint

Cite this