Graphical security models constitute a well-known, user-friendly way to represent the security of a system. These kinds of models are used by security experts to identify vulnerabilities and assess the security of a system. The manual construction of these models can be tedious, especially for large enterprises. Consequently, the research community is trying to address this issue by proposing methods for the automatic generation of such models. In this work, we present a survey illustrating the current status of the automatic generation of two kinds of graphical security models -Attack Trees and Attack Graphs. The goal of this survey is to present the current methodologies used in the field, compare them and present the challenges and future directions for the research community.

翻译：图形化安全模型是一种广为人知且用户友好的系统安全表示方式。安全专家利用此类模型识别漏洞并评估系统安全性。然而，手动构建这些模型可能十分繁琐，尤其对于大型企业而言。为此，研究界正试图通过提出自动生成此类模型的方法来解决这一问题。本综述阐述了攻击树与攻击图这两类图形化安全模型自动生成的研究现状，旨在呈现该领域当前采用的方法论，对其进行对比，并指出研究界面临的挑战与未来发展方向。