DAG-based attack and defense modeling: Don’t miss the forest for the attack trees

• We present an overview of attack and defense modeling techniques based on DAGs.
• We summarize existing methodologies and compare their features.
• We propose a taxonomy of the described formalisms.
• We support the selection of a modeling technique depending on user requirements.
• We point out future research directions in the field of graphical security modeling.

This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals.The objective of this survey is to summarize the existing methodologies, compare their features, and propose a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements.