# Attack tree > conceptual diagrams showing how an asset, or target, might be attacked, often used to describe threats on computer systems and possible attacks to realize those threats **Wikidata**: [Q4818024](https://www.wikidata.org/wiki/Q4818024) **Wikipedia**: [English](https://en.wikipedia.org/wiki/Attack_tree) **Source**: https://4ort.xyz/entity/attack-tree ## Summary An attack tree is a conceptual diagram used to illustrate how a target or asset might be attacked. It acts as a method of threat modelling, visually breaking down potential threats against computer systems and identifying the specific attacks required to realize those threats. This structure allows security professionals to view system vulnerabilities from a hypothetical attacker's perspective. ## Key Facts * **Definition:** Attack trees are conceptual diagrams showing how an asset or target might be attacked. * **Primary Use Case:** They are most often used to describe threats on computer systems and to map out possible attacks to realize those threats. * **Classification:** The concept is classified as an instance of both "threat modelling" and "tree structure." * **Structure:** It is a subclass of "workflow" specifically where the applies_to_part qualifier is "cyberattack." * **Methodology:** Attack trees are part of the threat modelling process, which involves identifying, enumerating, and prioritizing potential threats and structural vulnerabilities. * **Perspective:** The analysis is constructed entirely from a hypothetical attacker’s point of view. * **Global Presence:** The concept is documented in Wikipedia across four languages: English, Russian, Turkish, and Chinese. * **Identifiers:** The entity holds a Freebase ID of `/m/0bxyvw` and a Microsoft Academic ID of `2777513146`. ## FAQs ### Q: What is the primary purpose of an attack tree? A: The primary purpose of an attack tree is to provide a visual diagram that details how a specific asset or target can be attacked. It helps security teams understand the paths an attacker might take to exploit threats on computer systems. ### Q: How does an attack tree relate to threat modelling? A: An attack tree is a specific technique used within the broader process of threat modelling. While threat modelling is the overall discipline of identifying and prioritizing vulnerabilities, attack trees provide the structural diagrams used to visualize these threats from an attacker's perspective. ### Q: What specific perspective is used when creating an attack tree? A: Attack trees are constructed from a hypothetical attacker’s point of view. This approach ensures that the analysis focuses on actionable attack vectors and structural vulnerabilities rather than purely defensive postures. ## Why It Matters Attack trees matter because they transform abstract security concerns into structured, actionable data. By utilizing a tree structure—a format familiar in logic and computer science—these diagrams allow analysts to decompose complex security scenarios into discrete, manageable components. This decomposition is critical for identifying structural vulnerabilities that might be missed by less rigorous methods. The tool plays a pivotal role in the "threat modelling" process, serving as a bridge between theoretical risks and real-world attack scenarios. By forcing an organization to prioritize threats from a "hypothetical attacker’s point of view," attack trees ensure that defensive resources are allocated to the most probable and damaging attack paths. This methodology is particularly significant in the context of cyberattacks, where understanding the "workflow" of an intrusion is essential for building resilient systems. ## Notable For * **Visualizing Attacker Workflows:** It is distinct for classifying as a "workflow" specifically applied to "cyberattack," offering a process-flow view of security failures. * **Structured Decomposition:** Unlike simple lists of vulnerabilities, it uses a hierarchical "tree structure" to show relationships between attack goals and sub-goals. * **Adversarial Perspective:** It is a primary tool for shifting security analysis from a defensive posture to a "hypothetical attacker’s point of view." * **Integration:** It functions both as a standalone diagrammatic concept and as an integral component of the "threat modelling" process. ## Body ### Concept and Structure Attack trees are defined as conceptual diagrams that serve as a visual representation of security attacks. Structurally, they rely on a "tree structure" format to organize information. The root of the tree typically represents the ultimate goal of an attacker (such as compromising a specific asset), while the branches and leaves represent the different methods and sub-goals required to achieve that objective. In terms of formal classification, the attack tree is considered a subclass of "workflow" with a specific application to "cyberattack." This highlights that the diagram is not static; it represents a series of actions or steps an adversary takes to reach a conclusion. ### Role in Threat Modelling Attack trees are a fundamental component of threat modelling. Threat modelling is defined as the process by which potential threats, such as structural vulnerabilities, are identified, enumerated, and prioritized. Within this process, attack trees provide the specific output mechanism to describe: * Threats on computer systems. * Possible attacks to realize those threats. By mapping these elements out, the attack tree facilitates the core goals of threat modelling: identifying where the system is weak (vulnerabilities) and determining which threats are most critical (prioritization). ### Analytical Perspective The defining characteristic of the attack tree methodology is its perspective. The analysis is conducted exclusively from a "hypothetical attacker’s point of view." This adversarial mindset distinguishes it from other security auditing methods that might focus on compliance or system stability. By simulating the decision-making process of an attacker, the attack tree helps defenders anticipate specific moves rather than reacting to general threats.