Conceptual Abstraction of Attack Graphs - A Use Case of securiCAD

  • Xinyue Mao
  • Mathias EkstedtEmail author
  • Engla Ling
  • Erik Ringdahl
  • Robert Lagerström
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11720)


Attack graphs quickly become large and challenging to understand and overview. As a means to ease this burden this paper presents an approach to introduce conceptual hierarchies of attack graphs. In this approach several attack steps are aggregated into abstract attack steps that can be given more comprehensive names. With such abstract attack graphs, it is possible to drill down, in several steps, to gain more granularity, and to move back up. The approach has been applied to the attack graphs generated by the cyber threat modeling tool securiCAD.


Attack graph Conceptual modeling Cognitive simplification securiCAD 


  1. 1.
    Artz, M.L.: NetSPA: A Network Security Planning Architecture. Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science (2019)Google Scholar
  2. 2.
    Ekstedt, M., Johnson, P., Lagerström, R., Gorton, D., Nydrén, J., Shahzad, K.: Securicad by foreseeti: a cad tool for enterprise cyber security management. In: 2015 IEEE 19th International Enterprise Distributed Object Computing Workshop, pp. 152–155. IEEE (2015)Google Scholar
  3. 3.
    Homer, J., Varikuti, A., Ou, X., McQueen, M.A.: Improving attack graph visualization through data reduction and attack grouping. In: Goodall, J.R., Conti, G., Ma, K.-L. (eds.) VizSec 2008. LNCS, vol. 5210, pp. 68–79. Springer, Heidelberg (2008). Scholar
  4. 4.
    Hong, J., Kim, D.: HARMs: hierarchical attack representation models for network security analysis. In: Australian Information Security Management Conference, p. 12 (2012)Google Scholar
  5. 5.
    Hong, J.B., Kim, D.S., Chung, C.J., Huang, D.: A survey on the usability and practical applications of graphical security models. Comput. Sci. Rev. 26, 1–16 (2017)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Johnson, P., Lagerström, R., Ekstedt, M.: A meta language for threat modeling and attack simulations. In: Proceedings of the 13th International Conference on Availability, Reliability and Security, p. 38. ACM (2018)Google Scholar
  7. 7.
    Johnson, P., Vernotte, A., Ekstedt, M., Lagerström, R.: pwnPr3d: an attack-graph-driven probabilistic threat-modeling approach. In: 2016 11th International Conference on Availability, Reliability and Security (ARES), pp. 278–283 (2016)Google Scholar
  8. 8.
    Kaynar, K.: A taxonomy for attack graph generation and usage in network security. J. Inf. Secur. Appl. 29, 27–56 (2016)Google Scholar
  9. 9.
    Kotenko, I., Stepashkin, M.: Attack graph based evaluation of network security. In: Leitold, H., Markatos, E.P. (eds.) CMS 2006. LNCS, vol. 4237, pp. 216–227. Springer, Heidelberg (2006). Scholar
  10. 10.
    Li, E., Barendse, J., Brodbeck, F., Tanner, A.: From A to Z: developing a visual vocabulary for information security threat visualisation. In: Kordy, B., Ekstedt, M., Kim, D.S. (eds.) GraMSec 2016. LNCS, vol. 9987, pp. 102–118. Springer, Cham (2016). Scholar
  11. 11.
    Mao, X.: Visualization and natural language representation of simulated cyber attacks. Master’s thesis, KTH Royal Institute of Technology (2018)Google Scholar
  12. 12.
    MITRE. About ATT&CK (2018). Accessed 01 Apr 2019
  13. 13.
    MITRE. About CAPEC (2018). Accessed 25 Mar 2019
  14. 14.
    Noel, S., Harley, E., Tam, K.H., Limiero, M., Share, M.: Chapter 4 - cygraph: graph-based analytics and visualization for cybersecurity. In: Cognitive Computing: Theory and Applications, volume 35 of Handbook of Statistics, pp. 117–167. Elsevier (2016)Google Scholar
  15. 15.
    Noel, S., Jajodia, S.: Managing attack graph complexity through visual hierarchical aggregation. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 109–118. ACM (2004)Google Scholar
  16. 16.
    Sommestad, T., Ekstedt, M., Holm, H.: The cyber security modeling language: a tool for assessing the vulnerability of enterprise system architectures. IEEE Syst. J. 7(3), 363–373 (2013)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Xinyue Mao
    • 1
  • Mathias Ekstedt
    • 1
    Email author
  • Engla Ling
    • 1
  • Erik Ringdahl
    • 2
  • Robert Lagerström
    • 1
  1. 1.KTH Royal Institute of TechnologyStockholmSweden
  2. 2.Foreseeti ABStockholmSweden

Personalised recommendations