Abstract:Summary & Conclusions Model-based evaluation in cybersecurity has a long history. Attack Graphs (AGs) and Attack Trees (ATs) were the earlier developed graphical security models for cybersecurity analysis. However, they have limitations (e.g., scalability problem, state-space explosion problem, etc.) and lack the ability to capture other security features (e.g., countermeasures). To address the limitations and to cope with various security features, a graphical security model named attack countermeasure tree (ACT) was developed to perform security analysis by taking into account both attacks and countermeasures. In our research, we have developed different variants of a hierarchical graphical security model to solve the complexity, dynamicity, and scalability issues involved with security models in the security analysis of systems. In this paper, we summarize and classify security models into the following; graph-based, tree-based, and hybrid security models. We discuss the development of a hierarchical attack representation model (HARM) and different variants of the HARM, its applications, and usability in a variety of domains including the Internet of Things (IoT), Cloud, Software- Defined Networking, and Moving Target Defenses. Moreover, we discuss the pros and cons of each variant of HARM based on its applications and usage. Furthermore, several security metrics have been developed to be used with the graphical security model (including HARMs) to analyze the security posture of the systems and evaluate the effectiveness of defense mechanisms which is also being taken as input into optimization algorithms to compute optimal defense deployment. Thus, we provide the classification of the security metrics, including their discussions. Finally, we highlight existing problems and suggest future research directions in the area of graphical security models and applications. As a result of this work, a decision-maker can understand which type of HARM will suit their network or security analysis requirements.

Model-based Cybersecurity Analysis: Past Work and Future Directions

How Effective Are the Prevailing Attack-Defense Models for Cybersecurity Anyway?

Graph models for Cybersecurity -- A Survey

HARMer: Cyber-attacks Automation and Evaluation

Modeling Attack, Defense and Threat Trees and the Cyber Kill Chain, ATT&CK and STRIDE Frameworks as Blackboard Architecture Networks

Predictive Cyber-security Analytics Framework: A non-homogenous Markov model for Security Quantification

A Predictive Framework for Cyber Security Analytics using Attack Graphs

Model-Based Safety and Security Engineering

A Markov Game Model for AI-based Cyber Security Attack Mitigation

CyberSAGE: The cyber security argument graph evaluation tool

Composite Metrics for Network Security Analysis

A Survey of Automatic Generation of Attack Trees and Attack Graphs

CVSS Based Attack Analysis Using a Graphical Security Model: Review and Smart Grid Case Study

FSM-Based Cyber Security Status Analysis Method.

An Adjacency Matrixes-Based Model for Network Security Analysis

Two Stochastic Models for Security Evaluation Based on Attack Graph

Formal Mental Models for Human-Centered Cybersecurity

Multi-Objective Network Security Evaluation Based on Attack Graph Model

Graph-Theoretic Approach for Manufacturing Cybersecurity Risk Modeling and Assessment

An Investigation on Cyber Security Threats and Security Models

Dynamic Security Risk Evaluation Via Hybrid Bayesian Risk Graph in Cyber-Physical Social Systems