DAG-based attack and defense modeling: Don’t miss the forest for the attack trees
This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and...
Gespeichert in:
Veröffentlicht in: | Computer science review 2014-11, Vol.13-14, p.1-38 |
---|---|
Hauptverfasser: | , , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals.
The objective of this survey is to summarize the existing methodologies, compare their features, and propose a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements.
•We present an overview of attack and defense modeling techniques based on DAGs.•We summarize existing methodologies and compare their features.•We propose a taxonomy of the described formalisms.•We support the selection of a modeling technique depending on user requirements.•We point out future research directions in the field of graphical security modeling. |
---|---|
ISSN: | 1574-0137 1876-7745 |
DOI: | 10.1016/j.cosrev.2014.07.001 |