I'm facing a problem with understanding attack graphs, attack paths in both: logical and topological view - I conisder generated graphs are inconsistent.
Firstly I tried to analyze this input file from examples: https://github.com/fiware-cybercaptor...
I uploaded the xml and generated graph with no errors or warnings. Graph has only one attack path.
As far as I understand Attack Path differs from Attack graph in that way the directed arcs/arrows are aimed at opposite direction. In a Graph theory a Path is a subgraph of a Graph. The problem is that both generated logical graphs (attack path and attack graph) are structurally different: Major differences are marked on the picture above. A subpath containing most important vertex (the attack indicator - rule
execCode()) is marked green. Marked vertices (green and purple) are directly connected to that subpath on the Attack Graph, but not on the Attack Path. Why?
The structure of topological attack graph and attack path have different direction of edges. Why?
Second example is from this appendix: https://github.com/fiware-cybercaptor... [end of the page]
There are generated 2 attack paths - only first is considered. Example 2 (three screenshots): Logical and topological view of attack path and topological attack graph
Logical attack path shows that the consequence of an attack is code execution on linux-user-2
execCode('linux-user-2', user) - which is show and marked with a rectangle. Topological attack path shows that the target is linux-user-1. This looks like contradiction of targets! Isn't it?
Bottom screenshot show topological view of attack graph where one of the targets is linux-user-2.
For me these observed differences are crucial and discredit whole attack graph analysis. Please correct me if I'm wrong, maybe I understand these graphs in wrong way, so please explain me the process of reading the results - how and why these graphs are so different. I'm desirious to involve myself into this project, it's great and after 2 weeks of fiddling with it I've got with many ideas how to improve it. If these issues are real please guide me how to fix them.