Advances in Automated Attack Planning

Advances in Automated Attack Planning

The problem of automating network attacks (in particular, penetration tests) has gained importance, since the pentester's work requires a high level of expertise and is time and resources consuming. We show the limitations of classical approaches based on the construction of attack graphs. We propose a solution focused on the attacker's point of view, which can be efficiently applied to real size networks, deals with uncertainty and changes in the attacker's knowledge of the network by constructing a dynamic graph, modified in real time as new information is gathered. This model easily allows the incorporation of expert knowledge in the form of strategies that reduce planning complexity.

Related information

Projects
Attack Planning | Attack Simulation

Publications
New Algorithms for Attack Planning

Saturday, November 1, 2008