%0 Conference Proceedings
%T AGBuilder: An AI Tool for Automated Attack Graph Building, Analysis, and Refinement
%+ Mahindra Ecole Centrale [Hyderabad] (MEC)
%+ Colorado State University [Fort Collins] (CSU)
%+ National Science Foundation [Arlington] (NSF)
%A Bezawada, Bruhadeshwar
%A Ray, Indrajit
%A Tiwary, Kushagra
%Z Part 1: Attacks
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 33th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec)
%C Charleston, SC, United States
%Y Simon N. Foley
%I Springer International Publishing
%3 Data and Applications Security and Privacy XXXIII
%V LNCS-11559
%P 23-42
%8 2019-07-15
%D 2019
%R 10.1007/978-3-030-22479-0_2
%K AI Planning
%K CVE
%K NVD
%K Attack graphs
%K Planning Domain Definition Language (PDDL)
%Z Computer Science [cs]Conference papers
%X Attack graphs are widely used for modeling attack scenarios that exploit vulnerabilities in computer systems and networked infrastructures. Essentially, an attack graph illustrates a what-if analysis, thereby, helping the network administrator to plan for potential security threats. However, current attack graph representations not only suffer from scaling issues, but also are difficult to generate. Despite efforts from the research community there are no automated tools for generating attack graphs from textual descriptions of vulnerabilities such as those from the Common Vulnerabilities and Exposures (CVE) in the National Vulnerability Database (NVD). Additionally, there is little support for incremental updates and refinements to an attack graph model. This is needed to reflect changes to an attack graph that arise because of changes to the vulnerability state of the underlying system being modeled. In this work, we present an artificial intelligence (AI) based planning tool, AGBuilder – Attack Graph Builder, for automatically generating, updating and refining attack graphs. A key contribution of AGBuilder is that it uses textual descriptions of vulnerabilities to automatically generate attack graphs. Another significant contribution is that, using AGBuilder, we describe a methodology to incrementally update attack graphs when the system changes. This aspect has not been addressed in prior research and is a crucial step for achieving resiliency in the face of evolving adversarial strategies. Finally, AGBuilder has the ability to reuse smaller attack graphs, e.g., when building a network of networks, and join them together to create larger attack graphs.
%G English
%Z TC 11
%Z WG 11.3
%2 https://inria.hal.science/hal-02384601/document
%2 https://inria.hal.science/hal-02384601/file/480962_1_En_2_Chapter.pdf
%L hal-02384601
%U https://inria.hal.science/hal-02384601
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC11
%~ IFIP-WG11-3
%~ IFIP-DBSEC
%~ IFIP-LNCS-11559