DAG-based attack and defense modeling: Don’t miss the forest for the attack trees
This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and...
Gespeichert in:
Veröffentlicht in: | Computer science review 2014-11, Vol.13-14, p.1-38 |
---|---|
Hauptverfasser: | , , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
container_end_page | 38 |
---|---|
container_issue | |
container_start_page | 1 |
container_title | Computer science review |
container_volume | 13-14 |
creator | Kordy, Barbara Piètre-Cambacédès, Ludovic Schweitzer, Patrick |
description | This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals.
The objective of this survey is to summarize the existing methodologies, compare their features, and propose a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements.
•We present an overview of attack and defense modeling techniques based on DAGs.•We summarize existing methodologies and compare their features.•We propose a taxonomy of the described formalisms.•We support the selection of a modeling technique depending on user requirements.•We point out future research directions in the field of graphical security modeling. |
doi_str_mv | 10.1016/j.cosrev.2014.07.001 |
format | Article |
fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1669854648</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S1574013714000100</els_id><sourcerecordid>1669854648</sourcerecordid><originalsourceid>FETCH-LOGICAL-c455t-a4b780d7483a75a6db14e0205f7b7c17069a78f5caf68ee98abbf96e8ddc961a3</originalsourceid><addsrcrecordid>eNp9kE1OwzAQhS0EEqVwAxZZskkYt_4LC6SqQEGqxAJYW449gZQ2KbZbiR3X4HqcBJd0zWpmpHlv3nyEnFMoKFBxuShsFzxuixFQVoAsAOgBGVAlRS4l44ep55LlQMfymJyEsACQAFwMyNPNZJZXJqDLTIzGvmemdZnDGtuA2apzuGza16vspmt_vr5jtmpCyOIbZnXnMcRd-Rv34ugRwyk5qs0y4Nm-DsnL3e3z9D6fP84eppN5bhnnMTeskgqcZGpsJDfCVZQhjIDXspKWShClkarm1tRCIZbKVFVdClTO2VJQMx6Si9537buPTUqjUzqLy6VpsdsETYUoFWciHRgS1q9a34WEqtZr36yM_9QU9I6hXuieod4x1CB1Yphk170M0xvbBr0OtsHWoms82qhd1_xv8AuWUn1s</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1669854648</pqid></control><display><type>article</type><title>DAG-based attack and defense modeling: Don’t miss the forest for the attack trees</title><source>Elsevier ScienceDirect Journals Complete</source><creator>Kordy, Barbara ; Piètre-Cambacédès, Ludovic ; Schweitzer, Patrick</creator><creatorcontrib>Kordy, Barbara ; Piètre-Cambacédès, Ludovic ; Schweitzer, Patrick</creatorcontrib><description>This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals.
The objective of this survey is to summarize the existing methodologies, compare their features, and propose a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements.
•We present an overview of attack and defense modeling techniques based on DAGs.•We summarize existing methodologies and compare their features.•We propose a taxonomy of the described formalisms.•We support the selection of a modeling technique depending on user requirements.•We point out future research directions in the field of graphical security modeling.</description><identifier>ISSN: 1574-0137</identifier><identifier>EISSN: 1876-7745</identifier><identifier>DOI: 10.1016/j.cosrev.2014.07.001</identifier><language>eng</language><publisher>Elsevier Inc</publisher><subject>Attack and defense modeling ; Attack trees ; Bayesian analysis ; Bayesian networks ; Computer information security ; Computer simulation ; Forests ; Formalism ; Graphical models for security ; Graphs ; Mathematical models ; Quantitative and qualitative security assessment ; Security measures ; State of the art ; Trees</subject><ispartof>Computer science review, 2014-11, Vol.13-14, p.1-38</ispartof><rights>2014 Elsevier Inc.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c455t-a4b780d7483a75a6db14e0205f7b7c17069a78f5caf68ee98abbf96e8ddc961a3</citedby><cites>FETCH-LOGICAL-c455t-a4b780d7483a75a6db14e0205f7b7c17069a78f5caf68ee98abbf96e8ddc961a3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://dx.doi.org/10.1016/j.cosrev.2014.07.001$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>314,780,784,3550,27924,27925,45995</link.rule.ids></links><search><creatorcontrib>Kordy, Barbara</creatorcontrib><creatorcontrib>Piètre-Cambacédès, Ludovic</creatorcontrib><creatorcontrib>Schweitzer, Patrick</creatorcontrib><title>DAG-based attack and defense modeling: Don’t miss the forest for the attack trees</title><title>Computer science review</title><description>This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals.
The objective of this survey is to summarize the existing methodologies, compare their features, and propose a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements.
•We present an overview of attack and defense modeling techniques based on DAGs.•We summarize existing methodologies and compare their features.•We propose a taxonomy of the described formalisms.•We support the selection of a modeling technique depending on user requirements.•We point out future research directions in the field of graphical security modeling.</description><subject>Attack and defense modeling</subject><subject>Attack trees</subject><subject>Bayesian analysis</subject><subject>Bayesian networks</subject><subject>Computer information security</subject><subject>Computer simulation</subject><subject>Forests</subject><subject>Formalism</subject><subject>Graphical models for security</subject><subject>Graphs</subject><subject>Mathematical models</subject><subject>Quantitative and qualitative security assessment</subject><subject>Security measures</subject><subject>State of the art</subject><subject>Trees</subject><issn>1574-0137</issn><issn>1876-7745</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2014</creationdate><recordtype>article</recordtype><recordid>eNp9kE1OwzAQhS0EEqVwAxZZskkYt_4LC6SqQEGqxAJYW449gZQ2KbZbiR3X4HqcBJd0zWpmpHlv3nyEnFMoKFBxuShsFzxuixFQVoAsAOgBGVAlRS4l44ep55LlQMfymJyEsACQAFwMyNPNZJZXJqDLTIzGvmemdZnDGtuA2apzuGza16vspmt_vr5jtmpCyOIbZnXnMcRd-Rv34ugRwyk5qs0y4Nm-DsnL3e3z9D6fP84eppN5bhnnMTeskgqcZGpsJDfCVZQhjIDXspKWShClkarm1tRCIZbKVFVdClTO2VJQMx6Si9537buPTUqjUzqLy6VpsdsETYUoFWciHRgS1q9a34WEqtZr36yM_9QU9I6hXuieod4x1CB1Yphk170M0xvbBr0OtsHWoms82qhd1_xv8AuWUn1s</recordid><startdate>20141101</startdate><enddate>20141101</enddate><creator>Kordy, Barbara</creator><creator>Piètre-Cambacédès, Ludovic</creator><creator>Schweitzer, Patrick</creator><general>Elsevier Inc</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20141101</creationdate><title>DAG-based attack and defense modeling: Don’t miss the forest for the attack trees</title><author>Kordy, Barbara ; Piètre-Cambacédès, Ludovic ; Schweitzer, Patrick</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c455t-a4b780d7483a75a6db14e0205f7b7c17069a78f5caf68ee98abbf96e8ddc961a3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2014</creationdate><topic>Attack and defense modeling</topic><topic>Attack trees</topic><topic>Bayesian analysis</topic><topic>Bayesian networks</topic><topic>Computer information security</topic><topic>Computer simulation</topic><topic>Forests</topic><topic>Formalism</topic><topic>Graphical models for security</topic><topic>Graphs</topic><topic>Mathematical models</topic><topic>Quantitative and qualitative security assessment</topic><topic>Security measures</topic><topic>State of the art</topic><topic>Trees</topic><toplevel>online_resources</toplevel><creatorcontrib>Kordy, Barbara</creatorcontrib><creatorcontrib>Piètre-Cambacédès, Ludovic</creatorcontrib><creatorcontrib>Schweitzer, Patrick</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computer science review</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Kordy, Barbara</au><au>Piètre-Cambacédès, Ludovic</au><au>Schweitzer, Patrick</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>DAG-based attack and defense modeling: Don’t miss the forest for the attack trees</atitle><jtitle>Computer science review</jtitle><date>2014-11-01</date><risdate>2014</risdate><volume>13-14</volume><spage>1</spage><epage>38</epage><pages>1-38</pages><issn>1574-0137</issn><eissn>1876-7745</eissn><abstract>This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals.
The objective of this survey is to summarize the existing methodologies, compare their features, and propose a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements.
•We present an overview of attack and defense modeling techniques based on DAGs.•We summarize existing methodologies and compare their features.•We propose a taxonomy of the described formalisms.•We support the selection of a modeling technique depending on user requirements.•We point out future research directions in the field of graphical security modeling.</abstract><pub>Elsevier Inc</pub><doi>10.1016/j.cosrev.2014.07.001</doi><tpages>38</tpages><oa>free_for_read</oa></addata></record> |
fulltext | fulltext |
identifier | ISSN: 1574-0137 |
ispartof | Computer science review, 2014-11, Vol.13-14, p.1-38 |
issn | 1574-0137 1876-7745 |
language | eng |
recordid | cdi_proquest_miscellaneous_1669854648 |
source | Elsevier ScienceDirect Journals Complete |
subjects | Attack and defense modeling Attack trees Bayesian analysis Bayesian networks Computer information security Computer simulation Forests Formalism Graphical models for security Graphs Mathematical models Quantitative and qualitative security assessment Security measures State of the art Trees |
title | DAG-based attack and defense modeling: Don’t miss the forest for the attack trees |
url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-25T15%3A47%3A14IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=DAG-based%20attack%20and%20defense%20modeling:%20Don%E2%80%99t%20miss%20the%20forest%20for%20the%20attack%20trees&rft.jtitle=Computer%20science%20review&rft.au=Kordy,%20Barbara&rft.date=2014-11-01&rft.volume=13-14&rft.spage=1&rft.epage=38&rft.pages=1-38&rft.issn=1574-0137&rft.eissn=1876-7745&rft_id=info:doi/10.1016/j.cosrev.2014.07.001&rft_dat=%3Cproquest_cross%3E1669854648%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1669854648&rft_id=info:pmid/&rft_els_id=S1574013714000100&rfr_iscdi=true |