AI Planning for Cyber Red-Teaming

People

Collaborators

Collaborator

Mounting "simulated" attacks on a networked systems in order to find their weaknesses - often known as "pentesting" or "red teaming" - is an important tool in cyber security evaluation and defense. The goal of this project is to automate some aspects of the red-teaming process, using AI planning techniques. Challenges in making this work are many: How to derive planning models from the information about security vulnerabilities that is available, and how to obtain realistic estimates of the information that is not? How to exploit the structure of the problem to achieve both scalable planning (making plans for networks with hundreds or thousands of hosts) while making realistic assumptions. Finally, many types of cyber attacks are not only technical but target people's and organisation's vulnerabilities. How to incorporate those in a planning model is one more open research question.

Funding

The project is funded by the Australian government through the NGTF, 2017-2019.

Partners

The project is a collaboration between the ANU Planning and Optimisation research group, the Australian Defense Science and Technology Group and Data61.

Updated:  10 February 2019/Responsible Officer:  Dean, CECS/Page Contact:  CECS Marketing