Streamlining Attack Tree Generation: A Fragment-Based Approach

TL;DR

This paper introduces a fragment-based method for efficiently generating attack graphs using public security data and a new domain-specific language, aiding in modeling complex, evolving systems.

Contribution

It presents a novel fragment-based attack graph generation approach and a domain-specific language tailored for attack modeling, improving scalability and adaptability.

Findings

Successfully replicates verified attack chains

Reduces resources needed for attack graph generation

Enhances modeling of complex, dynamic systems

Abstract

Attack graphs are a tool for analyzing security vulnerabilities that capture different and prospective attacks on a system. As a threat modeling tool, it shows possible paths that an attacker can exploit to achieve a particular goal. However, due to the large number of vulnerabilities that are published on a daily basis, they have the potential to rapidly expand in size. Consequently, this necessitates a significant amount of resources to generate attack graphs. In addition, generating composited attack models for complex systems such as self-adaptive or AI is very difficult due to their nature to continuously change. In this paper, we present a novel fragment-based attack graph generation approach that utilizes information from publicly available information security databases. Furthermore, we also propose a domain-specific language for attack modeling, which we employ in the proposed attack graph generation approach. Finally, we present a demonstrator example showcasing the attack generator's capability to replicate a verified attack chain, as previously confirmed by security experts.