Survivability Analysis of Network Specifications [1]: This approach presents a system architecture that injects fault and intrusion events into a given specification of a network and then visualizes the effects of the injected events in the form of scenario graphs. Using model checking, Bayesian analysis and probabilistic analysis, they provide a multi-faceted view of a network with respect to a desired service.

Attack Trees [2]: This approach determines which attacks are most feasible and therefore most likely in the environment. Vulnerability is quantified by mapping known attacks scenarios into trees. Attack trees assume that all vulnerability paths are known and can be defined as possible or impossible. This can change as new attacks are discovered, thereby rendering a previously impossible node suddenly possible.

A Graph-Based Network-Vulnerability Analysis System [3]: This approach analyzes risks to a specific network asset, or examines the possible consequences following a successful attack. The analysis system requires as input a database of common attacks, broken into atomic steps, specific network configuration and topology information, and an attacker profile. Nodes identify a stage of attack, for example the class of machines the attacker has accessed and the user privilege level he or she has compromised.

[1]S. Jha, R. Linger, T. Longstaff, and J. Wing (2000) "Survivability Analysis of Network Specifications", Workshop on Dependability Despite Malicious Faults.

[2]Schneier, B. (1999). "Attack Trees". Dr. Dobb's Journal.

[3]Swiler, L.P., Phillips, C. and Gaylor, T. (1998), "A Graph-Based Network-Vulnerability Analysis System". Sandia National Laboratories.