Abstract
With the convergence of IT and OT networks, more opportunities can be found to destroy physical processes by cyberattacks. Discovering attack paths plays a vital role in describing possible sequences of exploitation. Automated planning that is an important branch of artificial intelligence (AI) is introduced into the attack graph modeling. However, while adopting the modeling method for large-scale IT and OT networks, it is difficult to meet urgent demands, such as scattered data management, scalability, and automation. To that end, an automatic planning-based attack path discovery approach is proposed in this paper. At first, information of the attacking knowledge and network topology is formally represented in a standardized planning domain definition language (PDDL), integrated into a graph data model. Subsequently, device reachability graph partitioning algorithm is introduced to obtain subgraphs that are small enough and of limited size, which facilitates the discovery of attack paths through the AI planner as soon as possible. In order to further cope with scalability problems, a multithreading manner is used to execute the attack path enumeration for each subgraph. Finally, an automatic workflow with the assistance of a graph database is provided for constructing the PDDL problem file for each subgraph and traversal query in an interactive way. A case study is presented to demonstrate effectiveness of attack path discovery and efficiency with the increase in number of devices.
Highlights
Since information technology (IT) was introduced into all walks of life, the threat from hackers and virus attacks have never been got rid of. It does not prevent industrial enterprises from adopting the commercial-off-the-shelf software and hardware and the general network connectivity into operational technology (OT) networks, such as industrial control networks [1]. e IT/OT convergence provides attackers more opportunities to launch targeted attacks whose consequences can be disastrous against the real physical world. e industrial control security incidents in the past decade are the best proof that cyberattacks are gradually infiltrating from the IT networks to the OT networks [2]
Apart from the cyberattacks migrated from IT networks, some inherent issues exist in the OTnetworks, such as design defects in industrial control network protocols [3] and vulnerabilities of proprietary devices [4]
Combining with the query results from the graph database and the templates, domain and problem files can be generated within a short time, even if the reachability and device configuration are modified in the previous phases
Summary
Since information technology (IT) was introduced into all walks of life, the threat from hackers and virus attacks have never been got rid of. Since the attack graph model was first constructed in 1997, quantities of generation methods for it have been widely used in a variety of scenarios to discovery attack paths [6]. Among them, automated planning, a branch of the artificial intelligence (AI), is adopted in the attack graph generation, which transforms finding valid paths into solving problems of a given attack scenario by a planner [9]. When implementing into the IT and OT networks, the planning-based method suffers from several problems mainly in three aspects: (1) Despite the advantage of the PDDL descriptions in the modeling, it loses some heterogeneous and scattered information with the abstraction of the attacking knowledge and the network topology, which is unconducive to make sense of attack paths.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
