Attack paths are the potential chain of malicious activities an attacker performs to compromise network assets and acquire privileges through exploiting network vulnerabilities. Attack path analysis helps organizations to identify new/unknown chains of attack vectors that reach critical assets within the network, as opposed to individual attack vectors in signature-based attack analysis. Timely identification of attack paths enables proactive mitigation of threats. Nevertheless, manual analysis of complex network configurations, vulnerabilities, and security events to identify attack paths is rarely feasible. This work proposes a novel transferable graph neural network-based model for shortest path identification. The proposed shortest path detection approach, integrated with a novel holistic and comprehensive model for identifying potential network vulnerabilities interactions, is then utilized to detect network attack paths. Our framework automates the risk assessment of attack paths indicating the propensity of the paths to enable the compromise of highly-critical assets (e.g., databases) given the network configuration, assets' criticality, and the severity of the vulnerabilities in-path to the asset. The proposed framework, named SPGNN-API, incorporates automated threat mitigation through a proactive timely tuning of the network firewall rules and zero-trust policies to break critical attack paths and bolster cyber defenses. Our evaluation process is twofold; evaluating the performance of the shortest path identification and assessing the attack path detection accuracy. Our results show that SPGNN-API largely outperforms the baseline model for shortest path identification with an average accuracy >= 95% and successfully detects 100% of the potentially compromised assets, outperforming the attack graph baseline by 47%.

翻译：攻击路径是攻击者为入侵网络资产并通过利用网络漏洞获取权限而执行的潜在恶意活动链条。攻击路径分析帮助组织识别网络中到达关键资产的新/未知攻击向量链，而非基于签名的攻击分析中的单个攻击向量。及时识别攻击路径能够主动缓解威胁。然而，手动分析复杂的网络配置、漏洞和安全事件以识别攻击路径几乎不可行。本文提出一种基于可迁移图神经网络的新型最短路径识别模型。该最短路径检测方法结合一种新颖的整体性综合模型（用于识别潜在的网络漏洞相互作用），进而用于检测网络攻击路径。我们的框架自动对攻击路径进行风险评估，根据网络配置、资产关键性以及路径中漏洞的严重程度，指示路径导致高关键性资产（例如数据库）受损的可能性。所提出的框架名为SPGNN-API，通过主动及时调整网络防火墙规则和零信任策略来打破关键攻击路径并增强网络防御，从而实现自动化威胁缓解。我们的评估过程分为两部分：评估最短路径识别的性能及攻击路径检测的准确性。结果表明，SPGNN-API在最短路径识别上以平均准确率≥95%大幅超越基线模型，并成功检测出100%的潜在受损资产，相较于攻击图基线性能提升47%。