The Library
A review of attack graph and attack tree visual syntax in cyber security
Tools
Tools
Tools
Lallie, Harjinder Singh, Debattista, Kurt and Bal, Jay (2020) A review of attack graph and attack tree visual syntax in cyber security. Computer Science Review, 35 . 100219. ISSN 1574-0137.
|
PDF
WRAP-review-attack-graph-attack-tree-visual-syntax-cyber-security-Lallie-2019.pdf - Accepted Version - Requires a PDF viewer. Available under License Creative Commons Attribution Non-commercial No Derivatives 4.0. Download (5Mb) | Preview |
Abstract
Perceiving and understanding cyber-attacks can be a difficult task, and more effective techniques are needed to aid cyber-attack perception. Attack modelling techniques (AMTs) - such as attack graphs, attack trees and fault trees, are a popular method of mathematically and visually representing the sequence of events that lead to a successful cyber-attack. These methods are useful visual aids that can aid cyber-attack perception.
This survey paper describes the fundamental theory of cyber-attack before describing how important elements of a cyber-attack are represented in attack graphs and attack trees. The key focus of the paper is to present empirical research aimed at analysing more than 180 attack graphs and attack trees to identify how attack graphs and attack trees present cyber-attacks in terms of their visual syntax.
There is little empirical or comparative research which evaluates the effectiveness of these methods. Furthermore, despite their popularity, there is no standardised attack graph visual syntax configuration, and more than seventy self-nominated attack graph and twenty attack tree configurations have been described in the literature - each of which presents attributes such as preconditions and exploits in a different way. The survey demonstrates that there is no standard method of representing attack graphs or attack trees and that more research is needed to standardise the representation.
| Item Type: | Journal Article | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Subjects: | Q Science > QA Mathematics > QA76 Electronic computers. Computer science. Computer software | ||||||||
| Divisions: | Faculty of Science, Engineering and Medicine > Science > Computer Science Faculty of Science, Engineering and Medicine > Engineering > WMG (Formerly the Warwick Manufacturing Group) |
||||||||
| Library of Congress Subject Headings (LCSH): | Computer security, Computer networks -- Security measures, Computer crimes -- Prevention | ||||||||
| Journal or Publication Title: | Computer Science Review | ||||||||
| Publisher: | Elsevier | ||||||||
| ISSN: | 1574-0137 | ||||||||
| Official Date: | February 2020 | ||||||||
| Dates: |
|
||||||||
| Volume: | 35 | ||||||||
| Article Number: | 100219 | ||||||||
| Status: | Peer Reviewed | ||||||||
| Publication Status: | Published | ||||||||
| Access rights to Published version: | Restricted or Subscription Access | ||||||||
| Date of first compliant deposit: | 23 December 2019 | ||||||||
| Date of first compliant Open Access: | 11 January 2021 | ||||||||
| Related URLs: |
Request changes or add full text files to a record
Repository staff actions (login required)
 |
View Item |
Downloads
Downloads per month over past year
