Abstract:

Organizations face an ever-changing threat landscape. They must continuously dedicate significant effort to protect their assets, making their adoption of increased cybersecurity automation inevitable. However, process automation requires formalization of input data. Through this paper, we address this need for processes that use attack scenarios as input. We propose a novel formal model for expressing attack scenarios. This formal model could be used, for example, for attack script generation or for attack analysis.