Automated Planning for Cyber-Security Red-Teaming



Research areas


Cyber security evaluation is often carried out through security professionals mounting a "simulated" attack on the target network in order to find its weaknesses. The goal of this project is to automate some of this process, using AI planning techniques. From an attacker's point of view, the planning problem features uncertainty (the attacker has a limited view of what is on a network or host) and multiple criteria to optimise (speed, stealth, effort, etc). Challenges in making this work are many: How to derive planning models from the information about security vulnerabilities that is available, and how to obtain realistic estimates of the information that is not? How to exploit the structure of the problem to achieve both scalable planning (making plans for networks with hundreds or thousands of hosts) while making realistic assumptions.  Finally, many types of cyber attacks are not only technical but target people's and organisation's vulnerabilities. How to incorporate those in a planning model is one more open research question.

Background Literature

Updated:  1 June 2019/Responsible Officer:  Dean, CECS/Page Contact:  CECS Marketing