DAG-based attack and defense modeling: don’t miss the forest for the attack trees

Barbara Kordy, Ludovic Piètre-Cambacédès, Patrick Schweitzer

Research output: Contribution to journalArticleAcademicpeer-review

233 Citations (Scopus)


This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals. The objective of this survey is to summarize the existing methodologies, compare their features, and propose a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements.
Original languageEnglish
Pages (from-to)1-38
Number of pages38
JournalComputer science review
Publication statusPublished - Nov 2015
Externally publishedYes


  • EC Grant Agreement nr.: FP7/318003
  • EC Grant Agreement nr.: FP7/2007-2013
  • Graphical models for security
  • Quantitative and qualitative security assessment
  • Security measures
  • Attack trees
  • Attack and defense modeling
  • Bayesian Networks


Dive into the research topics of 'DAG-based attack and defense modeling: don’t miss the forest for the attack trees'. Together they form a unique fingerprint.

Cite this