-
Attack Tree Distance: a practical examination of tree difference measurement within cyber security
Authors:
Nathan D. Schiele,
Olga Gadyatskaya
Abstract:
CONTEXT. Attack treesare a recommended threat modeling tool, but there is no established method to compare them. OBJECTIVE. We aim to establish a method to compare "real" attack trees, based on both the structure of the tree itself and the meaning of the node labels. METHOD. We define four methods of comparison (three novel and one established) and compare them to a dataset of attack trees created…
▽ More
CONTEXT. Attack treesare a recommended threat modeling tool, but there is no established method to compare them. OBJECTIVE. We aim to establish a method to compare "real" attack trees, based on both the structure of the tree itself and the meaning of the node labels. METHOD. We define four methods of comparison (three novel and one established) and compare them to a dataset of attack trees created from a study run on students (n = 39). These attack trees all follow from the same scenario, but have slightly different labels. RESULTS. We find that applying semantic similarity as a means of comparing node labels is a valid approach. Further, we find that treeedit distance (established) and radical distance (novel) are themost promising methods of comparison in most circumstances. CONCLUSION. We show that these two methods are valid as means of comparing attack trees, and suggest a novel technique for using semantic similarity to compare node labels. We further suggest that these methods can be used to compare attack trees in a real-world scenario, and that they can be used to identify similar attack trees.
△ Less
Submitted 4 March, 2025;
originally announced March 2025.
-
A limited technical background is sufficient for attack-defense tree acceptability
Authors:
Nathan Daniel Schiele,
Olga Gadyatskaya
Abstract:
Attack-defense trees (ADTs) are a prominent graphical threat modeling method that is highly recommended for analyzing and communicating security-related information. Despite this, existing empirical studies of attack trees have established their acceptability only for users with highly technical (computer science) backgrounds while raising questions about their suitability for threat modeling stak…
▽ More
Attack-defense trees (ADTs) are a prominent graphical threat modeling method that is highly recommended for analyzing and communicating security-related information. Despite this, existing empirical studies of attack trees have established their acceptability only for users with highly technical (computer science) backgrounds while raising questions about their suitability for threat modeling stakeholders with a limited technical background. Our research addresses this gap by investigating the impact of the users' technical background on ADT acceptability in an empirical study.
Our Method Evaluation Model-based study consisted of n = 102 participants (53 with a strong computer science background and 49 with a limited computer science background) who were asked to complete a series of ADT-related tasks. By analyzing their responses and comparing the results, we reveal that a very limited technical background is sufficient for ADT acceptability. This finding underscores attack trees' viability as a threat modeling method.
△ Less
Submitted 29 March, 2025; v1 submitted 17 February, 2025;
originally announced February 2025.
-
Comparative Evaluation of Bipartite, Node-Link, and Matrix-Based Network Representations
Authors:
Moataz Abdelaal,
Nathan D. Schiele,
Katrin Angerbauer,
Kuno Kurzhals,
Michael Sedlmair,
Daniel Weiskopf
Abstract:
This work investigates and compares the performance of node-link diagrams, adjacency matrices, and bipartite layouts for visualizing networks. In a crowd-sourced user study (n = 150), we measure the task accuracy and completion time of the three representations for different network classes and properties. In contrast to the literature, which covers mostly topology-based tasks (e.g., path finding)…
▽ More
This work investigates and compares the performance of node-link diagrams, adjacency matrices, and bipartite layouts for visualizing networks. In a crowd-sourced user study (n = 150), we measure the task accuracy and completion time of the three representations for different network classes and properties. In contrast to the literature, which covers mostly topology-based tasks (e.g., path finding) in small datasets, we mainly focus on overview tasks for large and directed networks. We consider three overview tasks on networks with 500 nodes: (T1) network class identification, (T2) cluster detection, and (T3) network density estimation, and two detailed tasks: (T4) node in-degree vs. out-degree and (T5) representation mapping, on networks with 50 and 20 nodes, respectively. Our results show that bipartite layouts are beneficial for revealing the overall network structure, while adjacency matrices are most reliable across the different tasks.
△ Less
Submitted 8 August, 2022;
originally announced August 2022.
-
A Novel Approach for Attack Tree to Attack Graph Transformation: Extended Version
Authors:
Nathan Daniel Schiele,
Olga Gadyatskaya
Abstract:
Attack trees and attack graphs are both common graphical threat models used by organizations to better understand possible cybersecurity threats. These models have been primarily seen as separate entities, to be used and researched in entirely different contexts, but recently there has emerged a new interest in combining the strengths of these models and in transforming models from one notation in…
▽ More
Attack trees and attack graphs are both common graphical threat models used by organizations to better understand possible cybersecurity threats. These models have been primarily seen as separate entities, to be used and researched in entirely different contexts, but recently there has emerged a new interest in combining the strengths of these models and in transforming models from one notation into the other. The existing works in this area focus on transforming attack graphs into attack trees. In this paper, we propose an approach to transform attack trees into attack graphs based on the fundamental understanding of how actions are represented in both structures. From this, we hope to enable more versatility in both structures.
△ Less
Submitted 6 October, 2021;
originally announced October 2021.
