Graphical security models constitute a well-known, user-friendly way to represent the security of a system. These kinds of models are used by security experts to identify vulnerabilities and assess the security of a system. The manual construction of these models can be tedious, especially for large enterprises. Consequently, the research community is trying to address this issue by proposing methods for the automatic generation of such models. In this work, we present a survey illustrating the current status of the automatic generation of two kinds of graphical security models -Attack Trees and Attack Graphs. The goal of this survey is to present the current methodologies used in the field, compare them and present the challenges and future directions for the research community.

翻译：图形化安全模型是一种广为人知且用户友好的系统安全表示方式。安全专家利用这类模型识别系统漏洞并评估系统安全性。然而，对于大型企业而言，手动构建这些模型可能异常繁琐。为此，研究界正致力于提出自动生成此类模型的方法以解决这一问题。本文对两种图形化安全模型——攻击树与攻击图——的自动生成现状进行了综述。本综述旨在呈现该领域当前使用的主要方法，对其进行横向比较，并提出研究界面临的挑战与未来发展方向。