Start Here

Attack models are structured representations of how an adversary can progress from an initial foothold to an objective. They turn security from a list of threats into an explicit set of paths, preconditions, and actions that you can reason about, test, and defend.

This hub is designed to be practical. Each model family is explained in plain terms, then tied to how it is used in engineering, incident response, red teaming, and cyber-physical risk analysis.

Threat Model vs Attack Model

A threat model is a risk framing exercise: what matters, what could go wrong, and what controls you expect to hold. An attack model goes further by describing the adversary's route through the system, including dependencies between steps.

When you have an attack model, you can do concrete work: enumerate attack paths, score critical prerequisites, map detections, and validate mitigations with targeted tests. This is why attack models sit at the center of modern engineering security and cyber resilience.

What You Will Find Here

  • Layered attack model plates

    Model Families

    Trees, graphs, technique knowledge bases, lifecycles, and probabilistic models.

  • Abstract network graph background

    CPS and OT Focus

    Attack modeling for industrial systems where safety, availability, and physics matter.

Quick Links

The Model Map

Attack models come in multiple shapes because security questions come in multiple shapes. The goal is not to pick one model forever, but to understand which representation matches your question, your data, and your operational constraints.

  • Abstract layered icon plates

    Attack Trees and Attack Defense Trees

    Best when you want to reason about goals, alternative strategies, and the defenses that break a branch. Great for design time analysis and executive communication.

  • Branching attack path visual

    Attack Graphs and Path Analysis

    Best when you want to compute reachable states, enumerate multi stage paths, and measure how a vulnerability in one place enables impact somewhere else.

  • Chain link and network nodes

    Technique Knowledge Bases

    Best when you want a shared vocabulary for attacker behavior. Map detections and controls to techniques, then use that mapping to close gaps.

  • Analyst desk with abstract visuals

    Lifecycle and Intrusion Models

    Best when you want to explain sequence and tempo. These models help structure investigations, response playbooks, and adversary emulation plans.

A Practical Build Process

Go Deeper in Foundations Abstract network spotlight background

Seven Steps That Produce a Defensible Model

1) Define the objective. Pick one attacker goal that you can verify, such as unauthorized PLC logic change or privileged cloud credential theft.

2) Bound the system. Draw trust boundaries, assets, and assumptions. For OT, include safety and availability requirements.

3) Choose the representation. Tree for alternative strategies, graph for path computation, technique model for operational mapping.

4) Define primitives. Preconditions, actions, and postconditions. For CPS, add physical constraints and process invariants.

5) Populate evidence. Inventory, vulnerability data, observed techniques, logs, and control coverage.

6) Analyze and prioritize. Critical paths, chokepoints, and high leverage controls. Validate with tests, not opinions.

7) Operationalize. Turn the model into detections, hardening tasks, and repeatable exercises. Update as the system changes.