English

Model-based Cybersecurity Analysis: Past Work and Future Directions

Cryptography and Security 2022-01-05 v2

Abstract

Model-based evaluation in cybersecurity has a long history. Attack Graphs (AGs) and Attack Trees (ATs) were the earlier developed graphical security models for cybersecurity analysis. However, they have limitations (e.g., scalability problem, state-space explosion problem, etc.) and lack the ability to capture other security features (e.g., countermeasures). To address the limitations and to cope with various security features, a graphical security model named attack countermeasure tree (ACT) was developed to perform security analysis by taking into account both attacks and countermeasures. In our research, we have developed different variants of a hierarchical graphical security model to solve the complexity, dynamicity, and scalability issues involved with security models in the security analysis of systems. In this paper, we summarize and classify security models into the following; graph-based, tree-based, and hybrid security models. We discuss the development of a hierarchical attack representation model (HARM) and different variants of the HARM, its applications, and usability in a variety of domains including the Internet of Things (IoT), Cloud, Software-Defined Networking, and Moving Target Defenses. We provide the classification of the security metrics, including their discussions. Finally, we highlight existing problems and suggest future research directions in the area of graphical security models and applications. As a result of this work, a decision-maker can understand which type of HARM will suit their network or security analysis requirements.

Keywords

Cite

@article{arxiv.2105.08459,
  title  = {Model-based Cybersecurity Analysis: Past Work and Future Directions},
  author = {Simon Yusuf Enoch and Mengmeng Ge and Jin B. Hong and Dong Seong Kim},
  journal= {arXiv preprint arXiv:2105.08459},
  year   = {2022}
}

Comments

10 pages

R2 v1 2026-06-24T02:13:13.624Z