Verizon's DBIR 2016 is out! Includes interactive Attack Graph by TREsPASS Project

Attack graphs provide the perfect tool to map and analyze an organization’s attack surface. Incidents are a great source of data to build attack graphs as they show the attack paths attackers actually take. As part of the TREsPASS project, LUST worked with the Verizon Enterprise team on coming up with a novel way to visualise the data presented in their yearly Data Breach Investigations Report (DBIR). The 2016 DBIR Attack Graph uses the actions taken and attributes compromised in the 100,000+ incidents from 2015 to show the attack surface of the entire 2016 DBIR.

The previous method, found at, does a great job illustrating the complex structure of the DBIR Attack Surface, but falls short of providing digestible information to a viewer. Using an arc diagram, viewers can get a quick overview of potential categories of attacks that have seen a high frequency in past incidents and understand potential paths of vulnerability. By clicking on each individual node, the visualisation also displays all the sub-actions and sub-attributes contained in that node, as well as the incident count. This allows the viewer to obtain an in-depth understanding of the data in the attack surface without being overwhelmed. Other pages include a comparison between the 2015 and 2016 DBIR Surface, as well as all nodes without any semantic zooming.

More information about the process and techniques used to come to this visualisation can be found in an upcoming paper.

Explore the interactive Attack Graph at