Abstract
This paper studies the security issues for cyber–physical systems, aimed at countering potential malicious cyber-attacks. The main focus is on solving the problem of extracting the most vulnerable attack path in a known attack graph, where an attack path is a sequence of steps that an attacker can take to compromise the underlying network. Determining an attacker’s possible attack path is critical to cyber defenders as it helps identify threats, harden the network, and thwart attacker’s intentions. We formulate this problem as a path-finding optimization problem with logical constraints represented by AND and OR nodes. We propose a new Dijkstra-type algorithm that combines elements from Dijkstra’s shortest path algorithm and the critical path method. Although the path extraction problem is generally NP-hard, for the studied special case, the proposed algorithm determines the optimal attack path in polynomial time, (Formula presented.), where (Formula presented.) is the number of nodes and (Formula presented.) is the number of edges in the attack graph. To our knowledge this is the first exact polynomial algorithm that can solve the path extraction problem for different attack graphs, both cycle-containing and cycle-free. Computational experiments with real and synthetic data have shown that the proposed algorithm consistently and quickly finds optimal solutions to the problem.
Original language | English |
---|---|
Article number | 504 |
Journal | Algorithms |
Volume | 17 |
Issue number | 11 |
DOIs | |
State | Published - Nov 2024 |
Bibliographical note
Publisher Copyright:© 2024 by the authors.
Keywords
- AND/OR graph
- attack path
- attack path extraction
- attack time assessment
- cyber-attack
- cybersecurity
- cyclic attack graph
- polynomial algorithm