Attack trees: Visualisations for complex multi-step attacks

An attack tree is a hierarchical graphical diagram for representing and analysing attack scenarios, for instance the steps an attacker needs to take to attack a cloud service. Within the context of TREsPASS, these attack trees are annotated with values for cost, probability, time needed and difficulty, per attack step. This page shows two different approaches to visualise these steps and values.

The first approach starts from the original attack tree adding line thickness and color coding to add information, as well as circular visualisations that allow users to get a better overview. Each visualisation allows for zooming in, adding for instance labels to fully understand the various steps.

The second approach to visualise the attack tree is to convert each branch to straight paths, that shows a user just all the steps that need to be taken in a straight line. One gets more paths this way, but potentially each of those paths are easier to read and explore by the end-user.

Within TREsPASS, these visualisations are key innovations for connecting the technical view of attack navigators to decision support for management and end-users.