AI Planning in Security

Overview

We introduce the notion of Attack-Connectivity Graph (ACG) that allows us to perform simultaneous modeling of attack paths and network connectivity. In this formalization, we obviate the need for traditional monotonicity assumptions of attack graphs. We show how ACG can be captured using AI planning models, and we provide complexity results for this process.

Research Objectives

Methods

Our approach, called iEXAM, automatically converts network configurations and vulnerability descriptions into planning models expressed in Planning Domain Definition Language (PDDL). This allows us to leverage highly scalable AI planners for various analyses, empowering iEXAM to scale to large networks. The system supports:

Architecture & Results

Impact

Attack graphs have been widely used to help cyber defenders understand how networked systems can be attacked and how defenses can be deployed. However, prior approaches rely on complete cost models which are difficult to obtain in large systems. Our iEXAM approach offers: