Cyber-Attack Modeling Analysis Techniques: An Overview

Governments and businesses are constantly threatened by increasingly advanced and frequent cyber attacks. As a result, it is important for organizations to be one step ahead of attackers, by understanding attacks before they occur. This is done through a method called cyber attack modelling. A cyber attack model is a model that is applied to a cyber attack in order to understand the attack and find vulnerabilities in an organization’s network. This paper is a survey of three cyber attack modelling techniques: the Diamond Model, the Kill Chain and the Attack Graph, and how they can be used by organizations to understand and efficiently handle cyber attacks.

The Diamond Model helps identify how and why an attack occurs, by breaking it down into four major components: identification of an adversary, identification of a victim, the infrastructure of the system under attack, and the capabilities of the adversary and victim. This model is useful when dealing with advanced attackers like those who’ve already attained partial control of a network. The Kill chain gives detailed steps of a cyber attack by modelling it as a sequence of ordered actions split into two phases. The first phase contains the steps before an attack occurs and the second phase contains the steps after an attack take starts. An attack graph shows the ways an attack can occur, by modelling a network system as a directed graph and searching for attack paths. This paper goes further into detail about all three of these cyber attack models and applies each model to an example.