Speeding up Planning of Cyber Attacks Using AI Techniques: State of the art

In cyber warfare, launching a counter-attack should be done as fast as possible after an incoming attack, ideally cutting it short. This places severe demands on detecting the incoming attack, assessing damage, identifying the attacker, obtaining approval for a counter-attack, planning it, and preparing the resources needed. These processes take weeks or months at present, when hours or minutes are desired. Previous papers have assessed the feasibility of speeding up the digital forensics and parliamentary approval processes. This paper focuses on attack planning, assessing the state of the art in applying Artificial Intelligence (AI) techniques to automate this process. AI researchers began studying the automated generation of plans in the late 1960s. The first successful system was the Stanford Research Institute Planning System (STRIPS), developed in 1971. Since then, research into AI planning and scheduling has flourished. Milestones include the widespread use of the Planning Domain Description Language and the publication of a textbook in 2004. The technology has matured, with commercial applications in logistics, airline operations, and space exploration. The first known application to cyber operations came in 2005, when Boddy and co-workers applied AI planning techniques to generate cyber-attack plans to assess the vulnerability of information systems. The purpose of this paper is to assess the state of the art in applying AI techniques to speed up cyber-attack planning. There are five sections. After the introduction, the second section outlines the relevant literature on offensive cyber and classical AI planning. The third section focuses on adapting the military operation planning process to cyber operations. The fourth section assesses what has been achieved in applying AI techniques and what gaps remain. The fifth section draws conclusions and recommends further research.