Print Email Facebook Twitter Investigating the modeling assumptions of alert-driven attack graphs Title Investigating the modeling assumptions of alert-driven attack graphs: A cognitive load-based quantification approach of interpretability in attack graphs Author Constantinescu, Vlad (TU Delft Electrical Engineering, Mathematics and Computer Science) Contributor Verwer, S.E. (mentor) Nadeem, A. (mentor) Katsifodimos, A (graduation committee) Degree granting institution Delft University of Technology Programme Computer Science and Engineering Project CSE3000 Research Project Date 2023-06-28 Abstract The interpretability of an attack graph is a key principle as it reflects the difficulty of a specialist to take insights into attacker strategies. However, the quantification of interpretability is considered to be a subjective manner and complex attack graphs can be challenging to read and interpret. In this research paper, we propose a new metric for quantifying the interpretability of attack graphs, aiming for comparable results between attack graphs regardless of the chosen drawing configuration or generation method. We address the gap in existing metrics by combining elements from the theory of cognitive chunks of information and user-experience-related fields to measure interpretability in terms of cognitive load. Our metric leverages Gestalt principles to formalize the quantification of interpretability based on cognitive overload. Compared to a similar approach, the proposed metric reveals a high level of similarity with the baseline, however, qualitative analysis revealed the proposed metric eliminates certain discrepancies with the expert's opinion that the baseline metric presented. Furthermore, a use case of the metric is presented and we evaluate our metric by comparing attack graphs generated using different methods, such as deterministic finite automaton (S-PDFA), Markov chain, and suffix tree. Finally, further work is proposed toward the goal of completing the metric by incorporating the remaining Gestalt principles. Subject attack graphsinterpretabilitycognitive loadcybersecuritynetwork security To reference this document use: http://resolver.tudelft.nl/uuid:6334a4cf-348a-4157-af42-bde082077204 Part of collection Student theses Document type bachelor thesis Rights © 2023 Vlad Constantinescu Files PDF Vlad_Mihai_Constantinescu ... graphs.pdf 686.24 KB Close viewer /islandora/object/uuid:6334a4cf-348a-4157-af42-bde082077204/datastream/OBJ/view