SYSTEMS ANALYSIS OF CYBERATTACK DYNAMICS AND PENETRATION TESTING PROCESSES USING A MULTILAYER RISK MODEL AND GRAPH-BASED STRUCTURES
DOI:
https://doi.org/10.28925/2663-4023.2025.31.1056Keywords:
systems analysis, penetration testing, cyberattack modelling, multilayer risk model, graph-based structures, Node-RED, cyber risk assessment, security visualization, attack simulation, network threats, dynamic monitoringAbstract
This article presents a comprehensive systems-based approach to modelling, analysing, and evaluating the dynamics of cyberattacks, integrating event-driven simulation, graph-based representations of network infrastructures, a multilayer risk assessment model, the MITRE ATT&CK methodology, and time-based incident response performance indicators. The proposed model enables the formalization of adversarial behaviour, reconstruction of key stages of attack scenarios, and assessment of the impact of each attacker action on the overall security posture of an information system. The use of graph structures facilitates the identification of critical nodes, analysis of lateral movement, and estimation of the potential blast radius in the event of a successful intrusion. The multilayer risk model consolidates local events, node-level states, and global resilience indicators within a unified analytical framework. Particular attention is given to penetration testing as a core instrument of proactive cybersecurity. The findings demonstrate that integrating pentesting results into dynamic risk assessment models significantly enhances the accuracy and informational value of security evaluations while enabling timely responses to evolving threat landscapes. The practical implementation of the model was carried out in the Node-RED environment, used as a platform for automated event processing, graph construction, visualization generation, and computation of key security metrics. Node-RED supports seamless integration of pentesting outputs into analytical workflows, transforming static test results into an adaptive monitoring and risk evaluation system. The results indicate the high potential of combining systems analysis, graph-based modelling, and event-driven simulation for the development of advanced, intelligence-driven approaches to cybersecurity assessment. The use of Node-RED as a flexible environment for modelling pentesting data establishes a promising direction for research into automated security analysis systems and highlights the need for further standardization and expansion. The proposed model can be applied to develop more effective adversary behaviour prediction systems, optimize network architectures, and create adaptive mechanisms for cyber risk management.
Downloads
References
Mahamood, A. K., Malik, M., Ruhani, A. B., & Zolkipli, M. F. (2023). Cybersecurity strengthening through penetration testing: Emerging trends and challenges. Borneo International Journal eISSN 2636-9826, 6(1), 44-52.
Sarker, K. U., Yunus, F., & Deraman, A. (2023). Penetration taxonomy: A systematic review on the penetration process, framework, standards, tools, and scoring methods. Sustainability, 15(13), 10471. https://doi.org/10.3390/su151310471
Al-Sinani, H. S., & Mitchell, C. J. (2024). AI-augmented ethical hacking: A practical examination of manual exploitation and privilege escalation in Linux environments. arXiv preprint arXiv:2411.17539. https://doi.org/10.48550/arXiv.2411.17539
Hu, Z., Beuran, R., & Tan, Y. (2020, September). Automated penetration testing using deep reinforcement learning. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (pp. 2-10). IEEE. https://doi.org/10.1109/EuroSPW51379.2020.00010
Adam, H. M., & Putra, G. D. (2023, November). A review of penetration testing frameworks, tools, and application areas. In 2023 IEEE 7th International Conference on Information Technology, Information Systems and Electrical Engineering (ICITISEE) (pp. 319-324). IEEE. https://doi.org/10.1109/ICITISEE58992.2023.10404397
Altulaihan, E. A., Alismail, A., & Frikha, M. (2023). A survey on web application penetration testing. Electronics, 12(5), 1229. https://doi.org/10.3390/electronics12051229
Alanda, A., Satria, D., Mooduto, H. A., & Kurniawan, B. (2020, May). Mobile application security penetration testing based on OWASP. In IOP Conference Series: Materials Science and Engineering (Vol. 846, No. 1, p. 012036). IOP Publishing. https://doi.org/10.1088/1757-899X/846/1/012036
Bella, G., Biondi, P., Bognanni, S., & Esposito, S. (2023). Petiot: Penetration testing the internet of things. Internet of Things, 22, 100707. https://doi.org/10.1016/j.iot.2023.100707
Branescu, I., Grigorescu, O., & Dascalu, M. (2024). Automated mapping of common vulnerabilities and exposures to mitre att&ck tactics. Information, 15(4), 214. https://doi.org/10.3390/info15040214
Georgiadou, A., Mouzakitis, S., & Askounis, D. (2021). Assessing mitre att&ck risk using a cyber-security culture framework. Sensors, 21(9), 3267. https://doi.org/10.3390/s21093267
Chamkar, S. A., Maleh, Y., & Gherabi, N. (2024). Security Operations Centers: Use Case Best Practices, Coverage, and Gap Analysis Based on MITRE Adversarial Tactics, Techniques, and Common Knowledge. Journal of Cybersecurity and Privacy, 4(4), 777-793. https://doi.org/10.3390/jcp4040036
Jiang, Y., Meng, Q., Shang, F., Oo, N., Minh, L. T. H., Lim, H. W., & Sikdar, B. (2025). MITRE ATT&CK Applications in Cybersecurity and The Way Forward. arXiv preprint arXiv:2502.10825. https://doi.org/10.1109/ISI58743.2023.10297134
Adamos, K., Stergiopoulos, G., Karamousadakis, M., & Gritzalis, D. (2024). Enhancing attack resilience of cyber-physical systems through state dependency graph models. International Journal of Information Security, 23(1), 187-198. https://doi.org/10.1007/s10207-023-00731-w
Presekal, A., Ştefanov, A., Rajkumar, V. S., & Palensky, P. (2023). Attack graph model for cyber-physical power systems using hybrid deep learning. IEEE Transactions on Smart Grid, 14(5), 4007-4020. https://doi.org/10.1109/TSG.2023.3237011
Rabzelj, M., Bohak, C., Južnič, L. Š., Kos, A., & Sedlar, U. (2023). Cyberattack graph modeling for visual analytics. IEEE Access, 11, 86910-86944. https://doi.org/10.1109/ACCESS.2023.3304640
Chamkar, S. A., Maleh, Y., & Gherabi, N. (2023). SOC Analyst Performance Metrics: Towards an optimal performance model. Edpacs, 68(3), 16-29. https://doi.org/10.1080/07366981.2023.2259046
Mohammed, A. (2024). Transforming SOC Operations: Harnessing the Power of AI and ML for Enhanced Threat Detection. INTERNATIONAL JOURNAL OF RESEARCH CULTURE SOCIETY Monthly Peer-Reviewed, Refereed, Indexed, 8. https://doi.org/10.2017/IJRCS/ICCDMP01
Stefanov, M., Stefanov, K., Kandel, L. N., Crouse, S., & Jekov, B. (2025). Autonomous agentic ai architectures for optimizing security operations centers (SOC) KPIs: methodology, impact on detection, response, and recovery. Land Forces Academy Review, 30(3). https://doi.org/10.2478/raft-2025-0046
Murthy, A. S. R. C., Sravani, M., Ruthmani, G., & Chandra, V. U. (2024, July). An In-Depth Analysis of Contemporary Security Breaches using Time Series Analysis. In International Conference on Computational Innovations and Emerging Trends (ICCIET-2024) (pp. 701-709). Atlantis Press. https://doi.org/10.2991/978-94-6463-471-6_68
Naidu, P. R., Laya, N., Vinay, T. R., & Satish, E. G. (2025, May). Machine Learning Based Analysis and Visualization of Cyber Security Attacks on a Company. In 2025 6th International Conference for Emerging Technology (INCET) (pp. 1-8). IEEE. https://doi.org/10.1109/INCET64471.2025.11140330
Rana, A., Rawat, P., Vats, S., & Sharma, V. (2024). Heatmap-Based Deep Learning Model for Network Attacks Classification. SN Computer Science, 5(8), 1113. https://doi.org/10.1007/s42979-024-03447-3
Ajmal, A. B., Khan, S., Alam, M., Mehbodniya, A., Webber, J., & Waheed, A. (2023). Toward effective evaluation of cyber defense: threat based adversary emulation approach. IEEE Access, 11, 70443-70458. https://doi.org/10.1109/ACCESS.2023.3272629
Wang, Y., Liu, S., Wang, W., Zhou, C., Zhang, C., Jin, J., & Zhu, C. (2025). A unified modeling framework for automated penetration testing. arXiv preprint arXiv:2502.11588. https://doi.org/10.48550/arXiv.2502.11588
Savchenko, T., Lutska, N., Vlasenko, L., Sashnova, M., Zahorulko, A., Minenko, S., Ibaiev, E., & Tytarenko, N. (2025). Risk analysis and cybersecurity enhancement of Digital Twins in dairy production. Technology audit and production reserves, 2(2(82)), 37–49. https://doi.org/10.15587/2706-5448.2025.325422
Savchenko, T., Lutska, N., Vlasenko, L., & Tomenko, N. (2025). Analysis of the effectiveness of border traffic anomaly detection based on machine learning models. Cybersecurity: Education, Science, Technique, 1(29), 464–479. https://doi.org/10.28925/2663-4023.2025.29.898
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Тетяна Савченко, Лідія Власенко, Михайло Пілат
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
