In modern computer networks where sophisticated cyber attacks occur daily, a timely cyber risk assessment becomes paramount. Attack Graph (AG) represents the best-suited solution to model and analyze multi-step attacks on computer networks, although they suffer from poor scalability due to their combinatorial complexity. This paper introduces an analysis-driven framework for AG generation. It enables real-time attack path analysis before the completion of the AG generation with a quantifiable statistical significance. We further accelerate the AG generation by steering it with the analysis query and supporting a novel workflow in which the analyst can query the system anytime. To show the capabilities of the proposed framework, we perform an extensive quantitative validation and we present a realistic case study on networks of unprecedented size. It demonstrates the advantages of our approach in terms of scalability and fitting to common attack path analyses.

翻译：在现代计算机网络中，复杂网络攻击每日频发，及时的网络风险评估变得至关重要。攻击图（Attack Graph, AG）是建模和分析计算机网络中多步攻击的最佳解决方案，但其组合复杂性导致可扩展性较差。本文提出了一种面向分析的攻击图生成框架。该框架能够在攻击图生成完成之前，以可量化的统计显著性实现实时攻击路径分析。我们进一步通过分析查询来引导生成过程，并支持一种新颖的工作流，使分析人员可以随时查询系统，从而加速攻击图生成。为展示所提框架的能力，我们进行了广泛的定量验证，并在前所未有的规模网络上呈现了一个实际案例研究。这证明了我们的方法在可扩展性和对常见攻击路径分析的适应性方面的优势。