Add to ORKGAttack trees provide a formal, methodical way of describing the security of systems, based on varying attacks. Basically, you represent attacks against a system in a tree structure, with the goal as the root node [1]. We need a model of threats against computer systems. If we can understand all the different ways in which a system can be attacked, we can likely design countermeasures to thwart those attacks. And if we can understand who the attackers are - not to mention their abilities, motivations, and goals - maybe we can install the proper countermeasures to deal with the real threats [1]