From Attack Trees to Attack-Defense Trees with Generative AI & Natural Language Processing

Attack-defense trees, an extension of attack trees, are extensively used by security engineers to document potential countermeasures for security threats present in a system’s design. These trees help integrate initial system models with countermeasures, allowing for early testing of their efficiency and impact in the design cycle. Despite advancements in automating attack tree construction, selecting the initial set of countermeasures for conversion into an attack-defense tree remains largely manual. This paper proposes an approach and a tool that extends the TTool-AI attack tree generation feature by leveraging large language models and natural language processing to create a set of countermeasures and generate attack-defense trees based on an input attack tree. To evaluate our contribution, our approach is tested using attack-defense trees generated from attack trees, each representing possible threats to an associated system specification. In addition, we introduce metrics to assess the semantic correctness and completeness of the generated attack-defense trees. We compared, using our metrics, the attack-defense trees created from our methodology to those created by an engineer and found that attack-defense trees created using AI and secondary mitigation data provided better trees than solely using AI. We also discovered that this approach generated trees that were comparable to the quality of attack-defense trees generated from a security engineer at the associate level. From these results, we believe that our contribution could aid engineers in identifying not only appropriate countermeasures for attack trees but also the optimal number of countermeasures, avoiding the complexity of redundant mitigations. Furthermore, our approach complements standard modeling practices, particularly during the initial design phase, reducing the need for time-consuming re-engineering throughout the system’s lifecycle.