Learning Policies for Path Selection in Attack Graphs
Abstract: IT systems are indispensable nowadays. With thousands of hacking attempts happening daily, cyber defense mechanisms are crucial for maintaining a working state of those systems. Simulating an attacker is a means of preparing for future hacking attacks by determining the most likely vulnerabilities where an attack could be attempted. In previous work, the simulated attacker had full knowledge over the cyber system that is being compromised and could efficiently select a path that leads to valuable assets. However, a realistic attacker would only see a subset of the system. In this novel scenario, traditional path selection methods are not applicable anymore and the question arises: how well can a path selection policy be learned and correctly applied in a subset of an attack graph? Several graph neural networks (GNNs) were examined as candidates for learning the path selection policy. The chosen GNN, a graph attention network (GAT), was then implemented and trained on generated attack graphs of simple cyber systems. The predicted actions from the approximated policy were compared against the optimal actions in an unseen test set to determine the approximation capabilities of the network. GAT was found to predict the optimal actions almost always. However, the high complexity of the graph generation process resulted in limited variation between graphs, a small number of graphs overall and thus in overfitting to the train set. Nonetheless, we showed that GAT is able to utilize attack graph data of a cyber system to learn a path selection policy and apply it in a subset of an attack graph.
AT THIS PAGE YOU CAN DOWNLOAD THE WHOLE ESSAY. (follow the link to the next page)