Automated Vulnerability Analysis Using AI Planning
نویسندگان
چکیده
As networked systems become more complex, and they support more critical applications, there is a compelling need to augment the Red Team approach to vulnerability analysis with more formal, automated methods. Artificial Intelligence (AI) Planning, with its welldeveloped theory and rich set of tools, offers an attractive approach. By adopting this approach we have been able to generate attack graphs for a simple but realistic web-based system in five seconds or less, which is an order of magnitude improvement over previous efforts at automated analysis. In this paper we describe our methods and the results. Since vulnerability analysis is a new application of AI planning, our work has uncovered issues with both modeling techniques and planning tools. We discuss these issues and suggest methods for addressing them.
منابع مشابه
PDDLAssistant: A tool for assisting construction and maintenance of attack graphs using PDDL
Attack graph is a well-known representation for computer security vulnerabilities, which captures how malicious activities can lead to a system compromise. A key weakness in the attack graph representation is that it scales poorly, particularly in large domains where the graph needs to enumerate both user and system interactions. One way to address this problem is to translate the attack graph ...
متن کاملSTAN4: A Hybrid Planning Strategy Based on Subproblem Abstraction
as route planning and resource handling. Using static domain analysis techniques, we have been able to identify certain commonly occurring subproblems within planning domains, making it possible to abstract these subproblems from the overall goals of the planner and deploy specialized technology to handle them in a way integrated with the broader planning activities. Using two such subsolvers o...
متن کاملLearning-Assisted Automated Planning: Looking Back, Taking Stock, Going Forward
analysis of research work related to machine learning as it applies to automated planning over the past 30 years. Major research contributions are broadly characterized by learning method and then descriptive subcategories. Survey results reveal learning techniques that have extensively been applied and a number that have received scant attention. We extend the survey analysis to suggest promis...
متن کاملApplying Integer Programming to AI Planning∗
Despite the historical difference in focus between AI planning techniques and Integer Programming (IP) techniques, recent research has shown that IP techniques show significant promise in their ability to solve AI planning problems. This paper provides approaches to encode AI planning problems as IP problems, describes some of the more significant issues that arise in using IP for AI planning, ...
متن کاملPlanning-based Integrated Decision Support Systems
This paper describes a system that uses AI planning and representation techniques as the core of a decision support system.* The planning technology is supplemented with other AI and non-AI technologies. The overall system and initial application domain, military operations planning, are described first. We then describe the integration of SIPE-2, a generative planning system, with three indepe...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2005