Method for automatic derivation of attack paths in a network

• Main Authors: Cavallaro Corti, Alessandro, Bruttomesso, Roberto, Carullo, Moreno, Carcano, Andrea
• Format: Patent
• Language: English
• Published: 28.11.2023
• Subjects: ELECTRIC COMMUNICATION TECHNIQUE; ELECTRICITY; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION

The present invention relates to a method for automatic derivation of attack paths in a network comprising defining the topology of the network as an enriched network topology, identifying the vulnerabilities of the topology as vulnerabilities information artifacts, building the atomic attack database of the network based on the topology and the vulnerabilities, translating the enriched network topology, the vulnerabilities information artifacts and the atomic attack database into a predefined formal model, executing a predefined SMT-based model checker for the predefined formal model to seek counterexamples and deriving the attack paths from the counterexamples, wherein the defining the topology comprises running, by a computerized data processing unit operatively connected to the network, a module of deep packet inspection of the network to build a network topology based on the information derived from the deep packet inspection module, running, by the computerized data processing unit, a module of active queries of the network to add further information to the network topology based on the information derived from the active queries to build the enriched network topology, wherein the identifying the vulnerabilities comprises running, by the computerized data processing unit, a vulnerability assessment module to identify the vulnerabilities information artifacts of each node of the network based on the matching between nodes information of the enriched network topology and known vulnerabilities of a predefined vulnerabilities database and wherein the building the atomic attack database comprises finding, by the computerized data processing unit, one or more atomic attacks for the network as preconditions and actions to capture the state of the system at a given moment in time, wherein the actions are expressed in terms of a set of features of said nodes.