Course of Action Generation for Cyber Security Using Classical Planning

We report on the results of applying classical planning techniques to the problem of analyzing computer network vulnerabilities. Specifically, we are concerned with the generation of Adversary Courses of Action, which are extended sequences of exploits leading from some initial state to an attacker's goal. In this application, we have demonstrated the generation of attack plans for a simple but realistic web-based document control system, with excellent performance compared to the prevailing state of the art in this area. In addition to the new capabilities gained in the area of vulnerability analysis, this implementation provided some insights into performance and modeling issues for classical planning systems, both specifically with regard to METRIC-FF and other forward heuristic planners, and more generally for classical planning. To facilitate additional work in this area, the domain model on which this work was done will be made freely available. See the paper's Conclusion for details.

[1]  Jörg Hoffmann,et al.  The Metric-FF Planning System: Translating ''Ignoring Delete Lists'' to Numeric State Variables , 2003, J. Artif. Intell. Res..

[2]  Maria Fox,et al.  PDDL2.1: An Extension to PDDL for Expressing Temporal Planning Domains , 2003, J. Artif. Intell. Res..

[3]  Jeannette M. Wing,et al.  Scenario graphs and attack graphs , 2004 .

[4]  Christer Bäckström,et al.  State-Variable Planning Under Structural Restrictions: Algorithms and Complexity , 1998, Artif. Intell..

[5]  Fangzhen Lin,et al.  Compiling Causal Theories to Successor State Axioms and STRIPS-Like Systems , 2003, J. Artif. Intell. Res..

[6]  Laura Sebastia,et al.  On the extraction, ordering, and usage of landmarks in planning , 2001 .

[7]  Sushil Jajodia,et al.  Efficient minimum-cost network hardening via exploit dependency graphs , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[8]  J. Ho,et al.  The Metric FF Planning System Translating Ignoring Delete Lists to Numeric State Variables , 2003 .

[9]  Terry L. Zimmerman,et al.  Generating parallel plans satisfying multiple criteria in anytime fashion , 2002 .

[10]  Avrim Blum,et al.  Fast Planning Through Planning Graph Analysis , 1995, IJCAI.

[11]  Avishai Wool Architecting the Lumeta Firewall Analyzer , 2001, USENIX Security Symposium.

[12]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[13]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[14]  Paul Ammann,et al.  Using model checking to analyze network vulnerabilities , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[15]  Karl N. Levitt,et al.  NetKuang - A Multi-Host Configuration Vulnerability Checker , 1996, USENIX Security Symposium.