An empirical evaluation of the effectiveness of attack graphs and MITRE ATT&CK matrices in aiding cyber attack perception amongst decision-makers

Decision-makers struggle to understand cyber-security reports, sometimes leading to inadequate cyber-attack responses. Attack modelling techniques (AMTs) can aid cyber-attack perception, but their effectiveness in improving comprehension amongst non-experts is still under-researched. Attack graphs are the most popular AMT amongst academics, while MITRE ATT&CK is becoming the most popular tool amongst practitioners. This research evaluates the effectiveness of attack graphs and MITRE ATT&CK in aiding cyber-attack perception after an attack has taken place. 157 participants were divided into expert and non-expert groups and further subdivided within respective groups. Participants underwent a test designed to demonstrate their comprehension of two cyber-attacks. Participants were also required to express personal preferences, in particular outlining which of the two AMTs was better at aiding their cyber-attack perception. Paired T-Tests reveal that both groups performed better with the attack graph compared to MITRE ATT&CK. Furthermore, both groups outlined a personal preference for the attack graph over MITRE ATT&CK.