In this paper, we position the correct way of using graphical models for enhancing cyber security analysis in enterprise networks. Graphical models can be powerful in representation, analysis and visualization. We describe the need of introducing "intelligence" in security analysis, followed by a critical review of state-of-the-art attack graph approaches. Such review leads to the lessons learned during attack graph research and motivates our unique vision of how we should use graphical models for effective and efficient security analysis.
Jeannette M. Wing