Interactive tool for applying graph algorithms to MAL attack graphs generated by mal-toolbox.
Contact: Beata Johansson, [email protected]
Set up a virtual environment with necessary dependencies.
python -m venv env
source env/bin/activate
pip install mal-toolbox
pip install py2neo
Note: You need a Python version >= 3.9, the latest the better.
We need an open Neo4j instance running with a database with the following credentials:
- username: neo4j
- password: mgg12345!
- dbname: neo4j
Note that the Neo4j project name and the DBMS name used within the project are irrelevant, the most important thing is that the password matches as the username and specific database name are set to default values.
Run the tool with:
python main.py
Algorithm | Description |
---|---|
Step by step attack | Simulate the attack path from the attacker node by manually choosing which nodes to compromise. |
Shortest path Dijkstra | Get the shortest path from the attacker node to a target attack step. |
Random path | Get a random path of attack steps. It is possible to search for a target attack step or add a cost budget for the attacker. |
BFS | Get a subgraph where all nodes are within the cost budget of the attacker in all directions. Note that the attack graph logic is not considered. |
- Run the program with
python main.py
. - Now you can choose the algorithm to apply from the command line.
- Select an algorithm.
- Input an example from the Examples section below. Note: The attacker and its entry points for all simulations are fixed in the code and are specific for a model and this will be necessary to modify.
- Query
match (n) return n
in Neo4j to see the output path.
Random path input example:
- Leave target and attacker cost budget empty.
- Set target to
Data:4:accessDecryptedData
(this is a reachable node), and leave attacker cost budget empty or try with limited cost budget e.g.10
. - The target should be in the path, and if the random path is run twice with the same input it is unlikely to get the same path or cost.
Shortest path Dijkstra input example:
- Set target to
Data:4:accessDecryptedData
(this is a reachable node). - The target should be in the path, and the cost is 64.
The file test.py contains tests for the Shortest path Dijkstra and the Random path algorithms in the model.json coreLang attack graph. Run the test file with python test.py
. These test cases use special settings of node necessity, node viability, attacker entry points, target nodes, and attacker cost budgets.
To use Time-To-Comprimse (TTC) for attack steps, instanciate the AttackSimulation object with use_ttc=True.