Graph Reduction to Attack Trees for (Unobservable) Target Analysis
摘要
Attack trees are a cornerstone of formal security analysis, but their effectiveness hinges on a critical prerequisite: a known adversarial objective. In many real-world scenarios ranging from intrusions in secure facilities to sophisticated cyber-attacks this objective is often unknown due to partial observability and deliberate attacker deception. This uncertainty makes the direct synthesis of meaningful attack trees a formidable challenge, leaving defenders without a clear path for threat assessment. This paper introduces a methodology to overcome this limitation. Instead of beginning with a known attack goal, we start with limited observations of an attacker’s actions. We model the target environment as a graph enriched with traversal constraints (such as cost and time), and use temporal reachability to compute the set of all possible locations an adversary could occupy. By correlating these reachable locations with the strategic value of potential assets, we develop a quantitative method to estimate and rank probable high value targets. Finally, we introduce a graph reduction technique that isolates the most relevant attack paths to these high value targets, enabling the computationally tractable generation of focused, target-specific attack trees.