Attack trees are an important tool in security analysis, and an important part of attack tree analysis is computing metrics. This paper focuses on dynamic attack trees and their min time metric, i.e. the minimal time to attack a system. For general attack trees, calculating min time efficiently is an open problem, with the fastest current method being enumerating all minimal attacks, which is NP-hard. This paper presents three tools for calculating min time. First, we introduce a novel method for general dynamic attack trees based on mixed integer linear programming. Second, we show how the computation can be sped up by identifying the modules of an attack tree, i.e. subtrees connected to the rest of the attack tree via only one node. Finally, we define a general semantics for dynamic attack trees that significantly relaxes the restrictions on attack trees compared to earlier work, allowing us to apply our methods to a wide variety of attack trees. Experiments on both a case study of a server cluster and a synthetic testing set of large attack trees verify that both the integer linear programming approach and modular analysis considerably decrease the computation time of attack time analysis.

翻译：攻击树是安全分析中的重要工具，而攻击树分析的关键环节之一是度量指标的计算。本文聚焦于动态攻击树及其最小时间度量，即攻击系统所需的最短时间。对于一般攻击树，高效计算最小时间仍是一个开放性问题，当前最快的方法需枚举所有最小攻击，该问题属于NP难问题。本文提出了计算最小时间的三种工具：首先，我们基于混合整数线性规划引入了一种适用于一般动态攻击树的新方法；其次，通过识别攻击树的模块（即仅通过一个节点与攻击树其余部分相连的子树），展示了如何加速计算过程；最后，我们定义了动态攻击树的通用语义，相较于先前工作显著放宽了对攻击树的限制，使我们的方法能够应用于更广泛的攻击树。在服务器集群案例研究与大规模攻击树合成测试集上的实验均验证了：整数线性规划方法与模块化分析均能显著缩短攻击时间分析的计算耗时。