Tom Gonda, Rami Puzis, Bracha Shapira, Guy Shani
International Workshop on Artificial Intelligence and Security (2017)
During the past years logical attack graphs wereused to find the most critical vulnerabilities anddevise efficient hardening strategies for organizationalnetworks. Most techniques for ranking vulnerabilitieseither do not scale well, e.g. brute-forceattack plan enumeration, or are not well suited forthe analysis of logical attack graphs, e.g. centralitymeasures.In this paper we suggest an analysis of the planninggraph (from classical planning) derived fromthe logical attack graph to improve the accuracyof centrality-based vulnerability ranking metrics.The planning graph also allows efficient enumerationof the set of possible attack plans that use agiven vulnerability on a specific machine. We suggesta set of centrality based heuristics for reducingthe number of attack plans and compare withpreviously suggested vulnerability ranking metrics.Results show that metrics computed over the planninggraph are superior to metrics computed overthe logical attack graph or the network connectivitygraph.