“…The manual work may be facilitated by relevant knowledge, e.g., from industry-specic catalogues of threats or threat ontologies [6]. Recently, automated and assisted attack tree generation techniques have emerged [14,35,27,11,15]. However, all these approaches work with static scenarios, and they do not take into account potential evolution in the considered threat structure.…”