Fast Algorithm for Cyber-Attack Estimation and Attack Path Extraction Using Attack Graphs with AND/OR Nodes

Eugene Levner, Dmitry Tsadikovich

Research output: Contribution to journalArticlepeer-review

Abstract

This paper studies the security issues for cyber–physical systems, aimed at countering potential malicious cyber-attacks. The main focus is on solving the problem of extracting the most vulnerable attack path in a known attack graph, where an attack path is a sequence of steps that an attacker can take to compromise the underlying network. Determining an attacker’s possible attack path is critical to cyber defenders as it helps identify threats, harden the network, and thwart attacker’s intentions. We formulate this problem as a path-finding optimization problem with logical constraints represented by AND and OR nodes. We propose a new Dijkstra-type algorithm that combines elements from Dijkstra’s shortest path algorithm and the critical path method. Although the path extraction problem is generally NP-hard, for the studied special case, the proposed algorithm determines the optimal attack path in polynomial time, (Formula presented.), where (Formula presented.) is the number of nodes and (Formula presented.) is the number of edges in the attack graph. To our knowledge this is the first exact polynomial algorithm that can solve the path extraction problem for different attack graphs, both cycle-containing and cycle-free. Computational experiments with real and synthetic data have shown that the proposed algorithm consistently and quickly finds optimal solutions to the problem.

Original languageEnglish
Article number504
JournalAlgorithms
Volume17
Issue number11
DOIs
StatePublished - Nov 2024

Bibliographical note

Publisher Copyright:
© 2024 by the authors.

Keywords

  • AND/OR graph
  • attack path
  • attack path extraction
  • attack time assessment
  • cyber-attack
  • cybersecurity
  • cyclic attack graph
  • polynomial algorithm

Fingerprint

Dive into the research topics of 'Fast Algorithm for Cyber-Attack Estimation and Attack Path Extraction Using Attack Graphs with AND/OR Nodes'. Together they form a unique fingerprint.

Cite this