D 2026

Keep it simple, or teach them logics: Attack-Defense Tree Perception by Laypeople

DORFHUBER, Florian Sebastian; Marisol BARRIENTOS; Julia EISENTRAUT; Jan KŘETÍNSKÝ; Jana HALÁMKOVÁ et al.

Základní údaje

Originální název

Keep it simple, or teach them logics: Attack-Defense Tree Perception by Laypeople

Název česky

Zjednodušte to, nebo je naučte logice: Vnímání stromu útoku a obrany laiky

Autoři

DORFHUBER, Florian Sebastian; Marisol BARRIENTOS; Julia EISENTRAUT; Jan KŘETÍNSKÝ a Jana HALÁMKOVÁ

Vydání

Oxford, The 11th International Symposium on Dependable Software Engineering Theories, Tools and Applications, 21 s. 2026

Nakladatel

Springer

Další údaje

Jazyk

angličtina

Typ výsledku

Stať ve sborníku

Obor

10201 Computer sciences, information science, bioinformatics

Utajení

není předmětem státního či obchodního tajemství

Forma vydání

tištěná verze "print"

Odkazy

Impakt faktor

Impact factor: 0.402 v roce 2005

Označené pro přenos do RIV

Ne

Organizační jednotka

Fakulta informatiky

ISSN

Klíčová slova anglicky

Attack-Defense Tree; Attack Model Techniques; Tech- nology Acceptance Model; Cyber-attack.
Změněno: 2. 4. 2026 15:08, Jana Halámková

Anotace

V originále

Threat modelling is crucial for analysing how attacks may af- fect security-critical systems, detecting present vulnerabilities, and man- aging risk. System designers use attack trees and their extensions during an application’s design and implementation phase for these tasks. How- ever, it is equally essential that end-users know how to use the final system securely. The competence profiles of end-users highly differ from the profiles of system designers. Therefore, we aim to reflect these differ- ent levels of competences in our proposition to enhance the models. Our research examines the perception of attack trees and their extensions among laypeople. We conducted a task-oriented survey (n=133), where non-experts in cyber-security had to interpret three attack-defense tree representations of two different attack scenarios. Additionally, we use the technology acceptance model (TAM) to investigate how participants perceived these representations. Our survey demonstrates that standard attack-defense tree visualisations are on average as effective as running text for risk communication to laypeople. However, they may currently not evolve their full potential as laypeople usually lack logical skills. Basic logic is a crucial element for teaching laypeople about security. Motivated by the results, we suggest ways the models could be simpli- fied for the users, to ease the access through simpler perspectives on the logical relationships described by the models.

Návaznosti

MUNI/I/1757/2021, interní kód MU
Název: MUNI Award in Science and Humanities (Akronym: Křetínský)
Investor: Masarykova univerzita, MUNI Award in Science and Humanities, MASH - MUNI Award in Science and Humanities
101171844, interní kód MU
Název: Intelligence-Oriented Verification&Controller Synthesis
Investor: Evropská unie, Intelligence-Oriented Verification&Controller Synthesis, Evropská rada pro výzkum (ERC)
101212818, interní kód MU
Název: ROBUSTIFYING GENERATIVE AI THROUGH HUMAN-CENTRIC INTEGRATION OF NEURAL AND SYMBOLIC METHODS
Investor: Evropská unie, ROBUSTIFYING GENERATIVE AI THROUGH HUMAN-CENTRIC INTEGRATION OF NEURAL AND SYMBOLIC METHODS, Klastr 4 - Digitalizace, průmysl a vesmír