April 13, 2024
Conference Paper

Hybrid Attack Graph Generation with Graph Convolutional Deep-Q Learning


Critical infrastructures such as power grids have become increasingly complex, connected, and vulnerable to adverse scenarios, including cyber and physical attacks and faults. Effective risk mitigation for such cyber-physical energy systems (CPES), requires preemptive knowledge of likely adversarial attack scenarios. Hybrid Attack Graph (HAG) is a structured way to represent an adversarial scenario as an attack sequence using a threat model. However, the scarcity of documented attack sequences hinders analysts and CPES planners’ ability to identify credible attack scenarios for a given CPES. We propose a data-driven Graph Convolutional Deep-Q Network (GCDQ) to address this data challenge through generating HAGs. By leveraging limited real-world observations from the MITRE ATT&CK knowledge base, our GCDQ model synthesizes realistic graphs with the targeted attribute of minimum detectability via reinforcement learning. This generative model is the first step in creating a tool to substantially boost the attack sequence dataset and enhance the performance of CPS defense-related tasks by providing insights into likely attack sequences with given attributes.

Published: April 13, 2024


Donald S., R. Meyur, and S. Purohit. 2023. Hybrid Attack Graph Generation with Graph Convolutional Deep-Q Learning. In IEEE International Conference on Big Data (BigData 2023), December 15-18, 2023, Sorrento, Italy, 3127-3133. Piscataway, New Jersey:IEEE. PNNL-SA-191137. doi:10.1109/BigData59044.2023.10386675