Course of Action Generation for Cyber Security Using Classical Planning

Authors:

Mark Boddy; Johnathan Gohde; J. Thomas Haigh; Steven Harp

Source:

ICAPS-05 (2005)

Abstract:

We report on the results of applying classical planning techniques to the problem of analyzing computer network vulnerabilities. Specifically, we are concerned with the generation of Adversary Courses of Action, which are extended sequences of exploits leading from some initial state to an attacker’s goal. In this application, we have demonstrated the generation of attack plans for a simple but realistic web-based document control system, with excellent performance com- pared to the prevailing state of the art in this area. In addition to the new capabilities gained in the area of vulnerability analysis, this implementation provided some insights into performance and modeling issues for classical planning systems, both specifically with regard to METRIC-FF and other forward heuristic planners, and more generally for classical planning. To facilitate additional work in this area, the domain model on which this work was done will be made freely available. See the paper’s Conclusion for details.
Attachment Size
PDF 261.79 KB
U_050207.pdf 923.8 KB