A Metalanguage for Dynamic Attack Graphs and Lazy Generation
2024 (English)In: ARES 2024 - 19th International Conference on Availability, Reliability and Security, Proceedings, Association for Computing Machinery , 2024, article id 31Conference paper, Published paper (Refereed)
Abstract [en]
Two types of dynamics are important when modeling cyberattacks: how adversaries chain together techniques across systems and how they change the target systems. Attack graphs are prominent within research communities for automatically mapping and chaining together actions. Modeling adversary-driven system changes is comparatively unexplored, however. One reason could be that modeling adversarial change dynamics poses a blend of problems where the typical attack graph approaches could produce state-space explosions and infinite graphs. Therefore, this work presents the core modeling aspects of the Dynamic Meta Attack Language (DynaMAL), a project to lazily generate attack graphs by combining attack graph construction and simulation methods. DynaMAL lets users declare domain-specific modeling and attack graph generation languages. Then, the attack graphs are generated one step at a time based on the actions of an adversary agent. By only generating what is explicitly requested, DynaMAL can demonstrably change the system model as the attack graph grows while sidestepping typical state-space explosions and graph re-calculation problems. Shifting to a lazy generation process poses new challenges, however. Nevertheless, there is likely a point where lazy approaches will prevail when analyzing large and complex systems.
Place, publisher, year, edition, pages
Association for Computing Machinery , 2024. article id 31
Keywords [en]
attack graph, attack simulation, dynamic attack graph, graph construction, lazy generation, metalanguage
National Category
Control Engineering Computer Sciences
Identifiers
URN: urn:nbn:se:kth:diva-351959DOI: 10.1145/3664476.3664508Scopus ID: 2-s2.0-85200386230OAI: oai:DiVA.org:kth-351959DiVA, id: diva2:1890175
Conference
19th International Conference on Availability, Reliability and Security, ARES 2024, Vienna, Austria, Jul 30 2024 - Aug 2 2024
Note
Part of ISBN [9798400717185]
QC 20240830
2024-08-192024-08-192024-08-30Bibliographically approved