We introduce the notion of Attack-Connectivity Graph (ACG) that allows us to perform simultaneous modeling of attack paths and network connectivity. In this formalization, we obviate the need for traditional monotonicity assumptions of attack graphs. We show how ACG can be captured using AI planning models, and we provide complexity results for this process.
Our approach, called iEXAM, automatically converts network configurations and vulnerability descriptions into planning models expressed in Planning Domain Definition Language (PDDL). This allows us to leverage highly scalable AI planners for various analyses, empowering iEXAM to scale to large networks. The system supports:
Attack graphs have been widely used to help cyber defenders understand how networked systems can be attacked and how defenses can be deployed. However, prior approaches rely on complete cost models which are difficult to obtain in large systems. Our iEXAM approach offers: