Attack paths are the potential chain of malicious activities an attacker performs to compromise network assets and acquire privileges through exploiting network vulnerabilities. Attack path analysis helps organizations to identify new/unknown chains of attack vectors that reach critical assets within the network, as opposed to individual attack vectors in signature-based attack analysis. Timely identification of attack paths enables proactive mitigation of threats. Nevertheless, manual analysis of complex network configurations, vulnerabilities, and security events to identify attack paths is rarely feasible. This work proposes a novel transferable graph neural network-based model for shortest path identification. The proposed shortest path detection approach, integrated with a novel holistic and comprehensive model for identifying potential network vulnerabilities interactions, is then utilized to detect network attack paths. Our framework automates the risk assessment of attack paths indicating the propensity of the paths to enable the compromise of highly-critical assets (e.g., databases) given the network configuration, assets' criticality, and the severity of the vulnerabilities in-path to the asset. The proposed framework, named SPGNN-API, incorporates automated threat mitigation through a proactive timely tuning of the network firewall rules and zero-trust policies to break critical attack paths and bolster cyber defenses. Our evaluation process is twofold; evaluating the performance of the shortest path identification and assessing the attack path detection accuracy. Our results show that SPGNN-API largely outperforms the baseline model for shortest path identification with an average accuracy >= 95% and successfully detects 100% of the potentially compromised assets, outperforming the attack graph baseline by 47%.

翻译：攻击路径是攻击者通过利用网络漏洞来破坏网络资产并获取特权的一系列潜在恶意活动链。与基于签名的攻击分析中针对单个攻击向量的方法不同，攻击路径分析有助于组织识别网络中能够触及关键资产的新颖/未知攻击向量链。及时识别攻击路径能够实现对威胁的主动缓解。然而，针对复杂网络配置、漏洞和安全事件的手动分析以实现攻击路径识别几乎不可行。本文提出了一种基于可迁移图神经网络的新型最短路径识别模型。该最短路径检测方法与一种新颖的整体性综合模型相结合，用于识别潜在的网络漏洞交互关系，进而用于检测网络攻击路径。我们的框架可自动对攻击路径进行风险评估，根据网络配置、资产关键性以及路径中漏洞的严重程度，指示这些路径导致高关键性资产（如数据库）受损的可能性。该框架名为SPGNN-API，通过主动及时调整网络防火墙规则和零信任策略来打破关键攻击路径并增强网络防御，从而实现了自动化的威胁缓解。我们的评估过程分为两部分：评估最短路径识别的性能以及评估攻击路径检测的准确性。结果表明，SPGNN-API在最短路径识别方面大幅优于基线模型，平均准确率超过95%，并能成功检测出100%的潜在受损资产，比攻击图基线模型高出47%。