Course of Action Generation for Cyber Security Using Classical Planning

Mark Boddy, Johnathan Gohde, Tom Haigh, and Steven Harp

We report on the results of applying classical planning techniques to the problem of analyzing computer network vulnerabilities. Specifically, we are concerned with the generation of Adversary Courses of Action, which are extended sequences of exploits leading from some initial state to an attacker’s goal. In this application, we have demonstrated the generation of attack plans for a simple but realistic web-based document control system, with excellent performance compared to the prevailing state of the art in this area. In addition to the new capabilities gained in the area of vulnerability analysis, this implementation provided some insights into performance and modeling issues for classical planning systems, both specifically with regard to Metric-FF and other forward heuristic planners, and more generally for classical planning. To facilitate additional work in this area, the domain model on which this work was done will be made freely available. See the paper’s Conclusion for details.

This page is copyrighted by AAAI. All rights reserved. Your use of this site constitutes acceptance of all of AAAI's terms and conditions and privacy policy.