An Automatic Planning-Based Attack Path Discovery Approach from IT to OT Networks
With the convergence of IT and OT networks, more opportunities can be found to destroy physical processes by cyberattacks. Discovering attack paths plays a vital role in describing possible sequences of exploitation. Automated planning that is an important branch of artificial intelligence (AI) is i...
Guardado en:
| Autores principales: | , , , , , |
|---|---|
| Formato: | article |
| Lenguaje: | EN |
| Publicado: |
Hindawi-Wiley
2021
|
| Materias: | |
| Acceso en línea: | https://doaj.org/article/ea22a23d4fd14d5797765663893833ed |
| Etiquetas: |
Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
| id |
oai:doaj.org-article:ea22a23d4fd14d5797765663893833ed |
|---|---|
| record_format |
dspace |
| spelling |
oai:doaj.org-article:ea22a23d4fd14d5797765663893833ed2021-11-08T02:37:01ZAn Automatic Planning-Based Attack Path Discovery Approach from IT to OT Networks1939-012210.1155/2021/1444182https://doaj.org/article/ea22a23d4fd14d5797765663893833ed2021-01-01T00:00:00Zhttp://dx.doi.org/10.1155/2021/1444182https://doaj.org/toc/1939-0122With the convergence of IT and OT networks, more opportunities can be found to destroy physical processes by cyberattacks. Discovering attack paths plays a vital role in describing possible sequences of exploitation. Automated planning that is an important branch of artificial intelligence (AI) is introduced into the attack graph modeling. However, while adopting the modeling method for large-scale IT and OT networks, it is difficult to meet urgent demands, such as scattered data management, scalability, and automation. To that end, an automatic planning-based attack path discovery approach is proposed in this paper. At first, information of the attacking knowledge and network topology is formally represented in a standardized planning domain definition language (PDDL), integrated into a graph data model. Subsequently, device reachability graph partitioning algorithm is introduced to obtain subgraphs that are small enough and of limited size, which facilitates the discovery of attack paths through the AI planner as soon as possible. In order to further cope with scalability problems, a multithreading manner is used to execute the attack path enumeration for each subgraph. Finally, an automatic workflow with the assistance of a graph database is provided for constructing the PDDL problem file for each subgraph and traversal query in an interactive way. A case study is presented to demonstrate effectiveness of attack path discovery and efficiency with the increase in number of devices.Zibo WangYaofang ZhangZhiyao LiuXiaojie WeiYilu ChenBailing WangHindawi-WileyarticleTechnology (General)T1-995Science (General)Q1-390ENSecurity and Communication Networks, Vol 2021 (2021) |
| institution |
DOAJ |
| collection |
DOAJ |
| language |
EN |
| topic |
Technology (General) T1-995 Science (General) Q1-390 |
| spellingShingle |
Technology (General) T1-995 Science (General) Q1-390 Zibo Wang Yaofang Zhang Zhiyao Liu Xiaojie Wei Yilu Chen Bailing Wang An Automatic Planning-Based Attack Path Discovery Approach from IT to OT Networks |
| description |
With the convergence of IT and OT networks, more opportunities can be found to destroy physical processes by cyberattacks. Discovering attack paths plays a vital role in describing possible sequences of exploitation. Automated planning that is an important branch of artificial intelligence (AI) is introduced into the attack graph modeling. However, while adopting the modeling method for large-scale IT and OT networks, it is difficult to meet urgent demands, such as scattered data management, scalability, and automation. To that end, an automatic planning-based attack path discovery approach is proposed in this paper. At first, information of the attacking knowledge and network topology is formally represented in a standardized planning domain definition language (PDDL), integrated into a graph data model. Subsequently, device reachability graph partitioning algorithm is introduced to obtain subgraphs that are small enough and of limited size, which facilitates the discovery of attack paths through the AI planner as soon as possible. In order to further cope with scalability problems, a multithreading manner is used to execute the attack path enumeration for each subgraph. Finally, an automatic workflow with the assistance of a graph database is provided for constructing the PDDL problem file for each subgraph and traversal query in an interactive way. A case study is presented to demonstrate effectiveness of attack path discovery and efficiency with the increase in number of devices. |
| format |
article |
| author |
Zibo Wang Yaofang Zhang Zhiyao Liu Xiaojie Wei Yilu Chen Bailing Wang |
| author_facet |
Zibo Wang Yaofang Zhang Zhiyao Liu Xiaojie Wei Yilu Chen Bailing Wang |
| author_sort |
Zibo Wang |
| title |
An Automatic Planning-Based Attack Path Discovery Approach from IT to OT Networks |
| title_short |
An Automatic Planning-Based Attack Path Discovery Approach from IT to OT Networks |
| title_full |
An Automatic Planning-Based Attack Path Discovery Approach from IT to OT Networks |
| title_fullStr |
An Automatic Planning-Based Attack Path Discovery Approach from IT to OT Networks |
| title_full_unstemmed |
An Automatic Planning-Based Attack Path Discovery Approach from IT to OT Networks |
| title_sort |
automatic planning-based attack path discovery approach from it to ot networks |
| publisher |
Hindawi-Wiley |
| publishDate |
2021 |
| url |
https://doaj.org/article/ea22a23d4fd14d5797765663893833ed |
| work_keys_str_mv |
AT zibowang anautomaticplanningbasedattackpathdiscoveryapproachfromittootnetworks AT yaofangzhang anautomaticplanningbasedattackpathdiscoveryapproachfromittootnetworks AT zhiyaoliu anautomaticplanningbasedattackpathdiscoveryapproachfromittootnetworks AT xiaojiewei anautomaticplanningbasedattackpathdiscoveryapproachfromittootnetworks AT yiluchen anautomaticplanningbasedattackpathdiscoveryapproachfromittootnetworks AT bailingwang anautomaticplanningbasedattackpathdiscoveryapproachfromittootnetworks AT zibowang automaticplanningbasedattackpathdiscoveryapproachfromittootnetworks AT yaofangzhang automaticplanningbasedattackpathdiscoveryapproachfromittootnetworks AT zhiyaoliu automaticplanningbasedattackpathdiscoveryapproachfromittootnetworks AT xiaojiewei automaticplanningbasedattackpathdiscoveryapproachfromittootnetworks AT yiluchen automaticplanningbasedattackpathdiscoveryapproachfromittootnetworks AT bailingwang automaticplanningbasedattackpathdiscoveryapproachfromittootnetworks |
| _version_ |
1718443051177738240 |