Attack Planning in the Real World

Assessing network security is a complex and difficult task. Attack graphs have been proposed as a tool to help network administrators understand the potential weaknesses of their network. However, a problem has not yet been addressed by previous work on this subject; namely, how to actually execute and validate the attack paths resulting from the analysis of the attack graph. In this paper we present a complete PDDL representation of an attack model, and an implementation that integrates a planner into a penetration testing tool. This allows to automatically generate attack paths for penetration testing scenarios, and to validate these attacks by executing the corresponding actions -including exploits- against the real target network. We present an algorithm for transforming the information present in the penetration testing tool to the planning domain, and show how the scalability issues of attack graphs can be solved using current planners. We include an analysis of the performance of our solution, showing how our model scales to medium-sized networks and the number of actions available in current penetration testing tools.

[1]  Carlos Sarraute,et al.  Building Computer Network Attacks , 2010, ArXiv.

[2]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[3]  Bryan Burns,et al.  Security Power Tools , 2007 .

[4]  Jörg Hoffmann,et al.  FF: The Fast-Forward Planning System , 2001, AI Mag..

[5]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[6]  Jörg Hoffmann,et al.  Extending FF to Numerical State Variables , 2002, ECAI.

[7]  Avrim Blum,et al.  Fast Planning Through Planning Graph Analysis , 1995, IJCAI.

[8]  Paul Ammann,et al.  Using model checking to analyze network vulnerabilities , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[9]  Sushil Jajodia,et al.  Understanding complex network attack graphs through clustered adjacency matrices , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[10]  Nirnay Ghosh,et al.  An Intelligent Technique for Generating Minimal Attack Graph , .

[11]  An Arce Why Attacking Systems Is a Good Idea , 2004 .

[12]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[13]  Sushil Jajodia,et al.  Topological analysis of network attack vulnerability , 2006, PST.

[14]  Yixin Chen,et al.  Temporal Planning using Subgoal Partitioning and Resolution in SGPlan , 2006, J. Artif. Intell. Res..

[15]  Sushil Jajodia,et al.  Advances in Topological Vulnerability Analysis , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[16]  Maria Fox,et al.  PDDL2.1: An Extension to PDDL for Expressing Temporal Planning Domains , 2003, J. Artif. Intell. Res..

[17]  Richard P. Lippmann,et al.  An Annotated Review of Past Papers on Attack Graphs , 2005 .

[18]  Carlos Sarraute,et al.  Simulating Cyber-Attacks for Fun and Profit , 2009, SimuTools.