It Is Time To Steer: A Scalable Framework for Analysis-driven Attack Graph Generation

TL;DR

This paper introduces a scalable, analysis-driven framework for attack graph generation that allows real-time querying and steering, significantly improving efficiency and responsiveness in cyber risk assessment for large networks.

Contribution

The paper proposes a novel workflow enabling real-time attack graph analysis and introduces a steering mechanism to accelerate generation, addressing scalability and dynamic network changes.

Findings

Enables real-time attack graph analysis before completion.

Significantly improves scalability for large networks.

Effective in fitting common attack path analyses.

Abstract

Attack Graph (AG) represents the best-suited solution to support cyber risk assessment for multi-step attacks on computer networks, although their generation suffers from poor scalability due to their combinatorial complexity. Current solutions propose to address the generation problem from the algorithmic perspective and postulate the analysis only after the generation is complete, thus implying too long waiting time before enabling analysis capabilities. Additionally, they poorly capture the dynamic changes in the networks due to long generation times. To mitigate these problems, this paper rethinks the classic AG analysis through a novel workflow in which the analyst can query the system anytime, thus enabling real-time analysis before the completion of the AG generation with quantifiable statistical significance. Further, we introduce a mechanism to accelerate the generation by steering it with the analysis query. To show the capabilities of the proposed framework, we perform an extensive quantitative validation and present a realistic case study on networks of unprecedented size. It demonstrates the advantages of our approach in terms of scalability and fitting to common attack path analyses.