Visualising Attack Trees: Multiple views

Visualising an attack tree in a tree structure may do a good job at displaying how the nodes are connected, but it does a poor job at examining frequency. Therefore, it makes sense to split this into two visualisations: an attack tree visualisation structured as a tree, as well as a tree map visualisation that focuses just on the relative frequency of each node (Fig. \ref{fig:treemap}). The frequency of the node determines the size of each box, while the colour depicts the relative difficulty of each node. A hover over each box in the tree map shows its label and highlights the nodes in the attack tree, allowing a user to understand the visualisation. Together, they paint a more complete picture. We consider the tree map as part visualisation and part legend.

Tree map visualisation that shows frequency of an attack step.Bottom: figure shows a user hovering over the treemap, highlighting the "im-personate technician" box. All repeating instances of this node are highlightedin the attack tree visualisation.
Tree map visualisation that shows frequency of an attack step.Bottom: figure shows a user hovering over the treemap, highlighting the “im-personate technician” box. All repeating instances of this node are highlightedin the attack tree visualisation.

 

One thought on “Visualising Attack Trees: Multiple views

Comments are closed.