Adversarial dynamics are intrinsic to the nature of offense and defense in cyberspace, with both attackers and defenders continuously evolving their technologies. Given the wide array of security products available, users often face challenges in selecting the most effective solutions. Furthermore, traditional benchmarks based on single-point attacks are increasingly inadequate, failing to accurately reflect the full range of attacker capabilities and falling short in properly evaluating the effectiveness of defense products. Automated multi-stage attack simulations offer a promising approach to enhance system evaluation efficiency and aid in analyzing the effectiveness of detection systems. However, simulating a full attack chain is complex and requires significant time and expertise from security professionals, facing several challenges, including limited coverage of attack techniques, a high level of required expertise, and a lack of execution detail. In this paper, we model automatic attack simulation as a planning problem. By using the Planning Domain Definition Language (PDDL) to formally describe the attack simulation problem, and combining domain knowledge of both the problem and the domain space, we enable the planning of attack paths through standardized, domain-independent planning algorithms. We explore the potential of Large Language Models (LLMs) to summarize and analyze knowledge from existing attack documentation and reports, facilitating automated attack planning. We introduce Aurora, a system that autonomously simulates full attack chains based on external attack tools and threat intelligence reports.

翻译：网络空间中的攻防对抗本质上是动态演进的，攻击者与防御者持续推动技术升级。面对多样化的安全产品，用户往往难以选择最优防护方案。传统基于单点攻击的评估方法日益显现局限性：既无法全面反映攻击者的真实能力，也难以准确衡量防御产品的有效性。自动化多阶段攻击模拟为提高系统评估效率、分析检测体系效能提供了新思路。然而，完整攻击链的模拟具有高度复杂性，需要安全专家投入大量时间与专业知识，且面临多重挑战：攻击技术覆盖有限、专业门槛过高、执行细节缺失等。本文将自动化攻击模拟建模为规划问题，通过规划域定义语言（PDDL）形式化描述攻击模拟任务，结合问题域与规划域知识，利用标准化、领域无关的规划算法实现攻击路径推演。我们探索了大型语言模型（LLMs）在总结分析现有攻击文档与报告知识方面的潜力，以促进自动化攻击规划。本文提出Aurora系统，该系统能够基于外部攻击工具与威胁情报报告自主模拟完整攻击链。