Attack trees (ATs) are an important tool in security analysis, and an important part of AT analysis is computing metrics. However, metric computation is NP-complete in general. In this paper, we showcase the use of mixed integer linear programming (MILP) as a tool for quantitative analysis. Specifically, we use MILP to solve the open problem of calculating the min time metric of dynamic ATs, i.e., the minimal time to attack a system. We also present two other tools to further improve our MILP method: First, we show how the computation can be sped up by identifying the modules of an AT, i.e. subtrees connected to the rest of the AT via only one node. Second, we define a general semantics for dynamic ATs that significantly relaxes the restrictions on attack trees compared to earlier work, allowing us to apply our methods to a wide variety of ATs. Experiments on a synthetic testing set of large ATs verify that both the integer linear programming approach and modular analysis considerably decrease the computation time of attack time analysis.

翻译：攻击树（ATs）是安全分析中的重要工具，而攻击树分析的关键环节之一是度量计算。然而，一般情况下度量计算属于NP完全问题。本文展示了混合整数线性规划（MILP）作为定量分析工具的应用。具体而言，我们利用MILP解决了动态攻击树最小时间度量的开放问题，即攻击系统所需的最短时间。我们还提出了另外两种工具以进一步改进MILP方法：首先，我们展示了如何通过识别攻击树的模块（即仅通过一个节点与攻击树其余部分相连的子树）来加速计算。其次，我们为动态攻击树定义了一种通用语义，与先前工作相比，该语义显著放宽了对攻击树的限制，使得我们的方法能够应用于多种攻击树。在大型攻击树的合成测试集上进行的实验验证表明，整数线性规划方法和模块化分析均能显著降低攻击时间分析的计算耗时。