maltoolbox.attackgraph.analyzers.apriori module

MAL-Toolbox Attack Graph Apriori Analyzer Submodule

This submodule contains analyzers that are relevant before attackers are even connected to the attack graph. Currently these are: - Viability = Determine if a node can be traversed under any circumstances or

if the model structure makes it unviable.

Necessity = Determine if a node is necessary for the attacker or if the model structure means it is not needed(it behaves as if it were already compromised) to compromise children attack steps.

maltoolbox.attackgraph.analyzers.apriori.calculate_viability_and_necessity(graph: AttackGraph) → None[source]: Arguments: graph - the attack graph for which we wish to determine the

viability and necessity statuses for the nodes.

maltoolbox.attackgraph.analyzers.apriori.evaluate_necessity(node: AttackGraphNode) → None[source]: Arguments: graph - the node to evaluate necessity for.

maltoolbox.attackgraph.analyzers.apriori.evaluate_viability(node: AttackGraphNode) → None[source]: Arguments: graph - the node to evaluate viability for.

maltoolbox.attackgraph.analyzers.apriori.evaluate_viability_and_necessity(node: AttackGraphNode) → None[source]: Arguments: graph - the node to evaluate viability and necessity for.

maltoolbox.attackgraph.analyzers.apriori.propagate_necessity_from_node(node: AttackGraphNode) → None[source]: Arguments: node - the attack graph node from which to propagate the necessary

status

maltoolbox.attackgraph.analyzers.apriori.propagate_viability_from_node(node: AttackGraphNode) → None[source]: Arguments: node - the attack graph node from which to propagate the viable

status

maltoolbox.attackgraph.analyzers.apriori.propagate_viability_from_unviable_node(unviable_node: AttackGraphNode) → set[AttackGraphNode][source]

Update viability of nodes affected by newly enabled defense unviable_node in the graph and return any attack steps that are no longer viable because of it.

Propagate recursively via children as long as changes occur.

Arguments: unviable_node - the node to propagate viability from

Returns: attack_steps_made_unviable - set of the attack steps that have been

made unviable by a defense enabled in the current step. Builds up recursively.

maltoolbox.attackgraph.analyzers.apriori.prune_unviable_and_unnecessary_nodes(graph: AttackGraph) → None[source]: Arguments: graph - the attack graph for which we wish to remove the

the nodes which are not viable or necessary.