Towards Automated Vulnerability Assessment

Vulnerability assessment (VA) is a well established method for determining security weaknesses within a system. The VA process is heavily reliant on expert knowledge, something that is attributed to being in short supply. This paper explores the possibility of automating VA and demonstrates an initial proof-of-concept involving decision-making skills comparable with a human-expert. This is achieved through encoding a domain model to represent expert-like capabilities, and then using model-based VA planning to determine VA tasks. Although security evaluation is a complex task, through the help of such models, we can determine the ways to find potential vulnerabilities without an expert present. This technique allows time constrained assessments, where a ‘risk factor’ is also encoded to represent the significance of each security flaw. The ultimate goal of this work-in-progress is to realistically simulate a human vulnerability auditor. This paper demonstrates the first step towards that goal; a systematic transformation of the VA knowledge into a PDDL representation, accommodating a broad range of time constrained investigative actions. The output plan and its analysis evidently evinces many potential benefits such as increased feasibility