Attack Planning in the Real World

TL;DR

This paper introduces a method to automatically generate and validate attack paths in real networks by integrating attack graph analysis with automated planning and execution, enhancing penetration testing accuracy.

Contribution

It presents a complete PDDL attack model and an implementation that combines planning with real-world attack execution, addressing scalability and validation challenges.

Findings

The approach scales to medium-sized networks.

Automated attack path generation and validation is feasible.

Performance analysis demonstrates practical applicability.

Abstract

Assessing network security is a complex and difficult task. Attack graphs have been proposed as a tool to help network administrators understand the potential weaknesses of their network. However, a problem has not yet been addressed by previous work on this subject; namely, how to actually execute and validate the attack paths resulting from the analysis of the attack graph. In this paper we present a complete PDDL representation of an attack model, and an implementation that integrates a planner into a penetration testing tool. This allows to automatically generate attack paths for penetration testing scenarios, and to validate these attacks by executing the corresponding actions -including exploits- against the real target network. We present an algorithm for transforming the information present in the penetration testing tool to the planning domain, and show how the scalability issues of attack graphs can be solved using current planners. We include an analysis of the performance of our solution, showing how our model scales to medium-sized networks and the number of actions available in current penetration testing tools.