open access publication

Article, 2024

Survey: Automatic generation of attack trees and attack graphs

Computers & Security, ISSN 1872-6208, 0167-4048, Volume 137, Page 103602, 10.1016/j.cose.2023.103602

Contributors

Konsta, Alyzia-Maria 0000-0002-0206-5217 (Corresponding author) [1] Lafuente, Alberto Lluch 0000-0001-7405-0818 [1] Spiga, Beatrice [1] Dragoni, Nicola 0000-0001-9575-2990 [1]

Affiliations

  1. [1] Technical University of Denmark
    2. [NORA names: DTU Technical University of Denmark; University; Denmark; Europe, EU; Nordic; OECD]

Abstract

Graphical security models constitute a well-known, user-friendly way to represent the security of a system. These classes of models are used by security experts to identify vulnerabilities and assess the security of a system. The manual construction of these models can be tedious, especially for large enterprises. Consequently, the research community is trying to address this issue by proposing methods for the automatic generation of such models. In this work, we present a survey illustrating the current status of the automatic generation of two popular kinds of graphical security models: Attack Trees and Attack Graphs. The goal of this survey is to present the current methodologies used in the field, compare them, and present the challenges and future directions to the research community.

Keywords

attack graph, attack trees, attacks, automatic generation, challenges, class, class of models, community, construction, current methodologies, direction, enterprises, experts, field, generation, goal, graph, graphical security model, issues, manual construction, method, methodology, model, research, research community, security, security experts, security model, status, survey, system, trees, vulnerability

Funders

  • Innovation Fund Denmark

Data Provider: Digital Science

LINKS
-

Matching Records in NORA

SUBJECTS
+

METRICS
+