Efficient High Quality Plan Exploration for Network Security

We consider the application of planning in network security. In this application, plans represent possible attacks on the network, and network administrators need tools that would allow them to explore the plan space quickly and efficiently. Multiple aspects of this problem require generating and inspecting more than one plan, primarily due to limited information about the possible actions of the attacker, and a variety of possible attacks. This problem can be modeled as diverse planning, with the caveat that high quality (or, equivalently, low cost) plans must be prioritized, since those plans typically represent the most efficient attacks that are of highest importance to the administrators. Hence, there is a need for a systematic approach to finding such plans. We propose a new technique based on a top-k planner that finds k optimal or near-optimal plans, followed by plan consolidation, for generating diverse high quality plans. Comparing to existing diverse planners, we show that it is able to meet the high quality and plan diversity requirements efficiently, and therefore we can recommend it for this application.