AI Tactics for Attack Modelling
A PhD cyber security research project at University of Edinburgh’s School of Informatics.
Goals
The aim of this project is to use planning and search techniques from AI to help model and discover attacks in a system, specifically ones that may involve large or complex sequences of steps.
We start from Attack Trees, a simple framework for attack modelling popularised by Bruce Schneier in the 1990s. An attack tree is an AND-OR tree whose root describes the goal of an attacker. The AND nodes describe sub-steps which must all be performed to achieve an attack, while OR nodes describe alternative routes. Simple attack trees can be extended in various dimensions, such as ordering the attack steps or counting their occurrences and adding defence notions to model responses to attack.
However, attack trees can become unwieldy to model in a manual fashion. We want to investigate programmatic ways of constructing and exploring attack trees, using AI ideas. An attack tree is rather like a logical proof tree. At its root is a goal to be solved. In tactical theorem proving, planning and search methods are used to construct mathematical proofs. By adapting these to attack trees we will investigate:
- new structuring mechanisms for attack trees and their semantics
- writing attack patterns in a formal language which constructs trees
- implementing structured queries to search, inspect and understand complex attacks.
The research will have a theoretical element and a practical element. The practical element may work towards attack discovery, perhaps working in the domain of software security where automation can be used to help discover software-based attacks very directly.
People
- David Aspinall, Informatics, University of Edinburgh
- Open PhD Position (see below)
Opportunities
PhD studentship, available now
A fully-funded 3.5 year PhD studentship is available on this project, start date in the academic year 2019/20. Applications will be considered immediately.
The position is only open to UK students, funding is provided by HMG.
- You are expected to have a strong background and good undergraduate in computer science, maths or a related topic; a keen interest in computer security is highly desirable.
- The exact project to undertake will be developed together with the student and fitting in with surrounding research and the student’s background.
If you are interested, please contact David Aspinall for futher information.
- More about the Informatics Security & Privacy Group including information about PhD study.
- Part of the wider Cyber Security, Privacy and Trust Institute
- The University of Edinburgh is recognised as a UK Academic Centre of Excellence in Cyber Security Research.
- Information about postgraduate study at Edinburgh