Multi-Layer Quantitative Threat Modeling for Cybersecurity Risk Assessment

Threat modeling is a foundational technique in cybersecurity, enabling analysts to identify and evaluate potential security threats to systems. How- ever, most existing frameworks are qualitative in nature and rely heavily on static categorizations or expert-driven heuristics. This limits their ability to dynamically prioritize threats based on context, complexity, and potential for propagation. In this paper, we propose a formal, layred and quantitative threat mod- eling framework that integrates structured threat identification with multi- dimensional risk scoring. Each threat is anchored to a specific system layer ranging from the system core to external interfaces capturing its origin, tar- get, and propagation potential. Threats are characterized using four quan- titative dimensions: Exploitability, Impact, Detection Difficulty, and Prop- agation Potential, which are combined into a weighted composite risk score for systematic ranking and prioritization.