Building Computer Network Attacks

In this work we start walking the path to a new perspective for viewing cyberwarfare scenarios, by introducing conceptual tools (a formal model) to evaluate the costs of an attack, to describe the theater of operations, targets, missions, actions, plans and assets involved in cyberwarfare attacks. We also describe two applications of this model: autonomous planning leading to automated penetration tests, and attack simulations, allowing a system administrator to evaluate the vulnerabilities of his network.

[1]  Iván Arce,et al.  The Weakest Link Revisited , 2003, IEEE Secur. Priv..

[2]  David E. Smith,et al.  Planning Under Continuous Time and Resource Uncertainty: A Challenge for AI , 2002, AIPS Workshop on Planning for Temporal Domains.

[3]  W. B. Harvey,et al.  The Weakest Link , 2008 .

[4]  Avrim Blum,et al.  Fast Planning Through Planning Graph Analysis , 1995, IJCAI.

[5]  T. Tidwell,et al.  Modeling Internet Attacks , 2022 .

[6]  Bruce Schneier,et al.  Secrets and Lies: Digital Security in a Networked World , 2000 .

[7]  John Langford,et al.  Probabilistic Planning in the Graphplan Framework , 1999, ECP.

[8]  J. Adamson "The weakest link". , 1981, The Journal of plastic and reconstructive surgical nursing : official organ of the American Society of Plastic and Reconstructive Surgical Nurses.

[9]  R Ghanea-Hercock,et al.  Mobile Software Agents — Insect-Inspired Computing , 2000 .

[10]  Laura Painton Swiler,et al.  A graph-based network-vulnerability analysis system , 1997, S&P 1998.

[11]  Somesh Jha,et al.  Minimization and Reliability Analyses of Attack Graphs , 2002 .

[12]  Erland Jonsson,et al.  How to systematically classify computer security intrusions , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[13]  James A. Hendler,et al.  HTN Planning: Complexity and Expressivity , 1994, AAAI.

[14]  Thomas A. Longstaff,et al.  A common language for computer security incidents , 1998 .

[15]  Andrew P. Moore,et al.  Attack Modeling for Information Security and Survivability , 2001 .