A Python tool to convert MulVAL logic attack graphs to PDDL (Planning Domain Definition Language) files for automated attack planning.
This tool bridges the gap between network security analysis and AI planning by converting attack graphs generated by MulVAL into PDDL format. This enables:
- Automated attack path planning
- Security policy synthesis
- Proactive defense strategy generation
- Integration with automated planning tools
- 🔄 MulVAL Integration: Parse MulVAL attack graph outputs
- 📄 PDDL Generation: Create domain.pddl and problem.pddl files
- 🎯 Attack Planning: Enable AI planning for security analysis
- 🔗 Planner Compatible: Works with PDDL-compatible planners
- Language: Python 3.x (developed on Python 3.5+)
- Dependencies:
- pandas (for CSV processing)
MulVAL must be installed to generate attack graphs:
- Download: http://people.cs.ksu.edu/~xou/mulval/
- MulVAL generates
AttackGraph.dot,ARCS.CSV, andVERTICES.CSV
# Clone the repository
git clone https://github.com/leelening/MulVAL-to-pddl.git
cd MulVAL-to-pddl
# Install dependencies
pip install pandasFirst, use MulVAL to analyze your network and generate attack graphs:
# This creates AttackGraph.dot, ARCS.CSV, VERTICES.CSV
# (MulVAL execution steps...)Generate the PDDL domain file:
python create_domain.py ./example/VERTICES.CSV ./example/ARCS.CSVThis creates domain.pddl describing the attack actions and predicates.
Generate the PDDL problem file:
python create_problem.py ./example/VERTICES.CSVThis creates problem.pddl describing the initial network state and attack goals.
Use an online PDDL editor to solve the planning problem:
Upload domain.pddl and problem.pddl to find attack paths.
.
├── create_domain.py # Generate PDDL domain file
├── create_problem.py # Generate PDDL problem file
├── example/ # Example MulVAL outputs
│ ├── VERTICES.CSV # Attack graph vertices
│ └── ARCS.CSV # Attack graph edges
├── domain.pddl # Generated domain (after running)
└── problem.pddl # Generated problem (after running)
VERTICES.CSV: Contains attack graph nodes (facts, rules, privileges)
id, fact_type, description
ARCS.CSV: Contains attack graph edges (causal relationships)
source_id, target_id
domain.pddl: Defines:
- Types: host, vulnerability, account, etc.
- Predicates: network conditions, access levels
- Actions: exploit steps, privilege escalation
problem.pddl: Defines:
- Objects: network hosts, accounts, vulnerabilities
- Initial state: network configuration
- Goal: attacker objectives
- Parse VERTICES.CSV to identify fact types
- Parse ARCS.CSV to understand causal dependencies
- Generate PDDL predicates for each fact type
- Create PDDL actions from attack rules
- Identify initial network conditions
- Define attacker starting position
- Specify target conditions (goals)
- Generate PDDL objects and initial state
# 1. Run MulVAL (produces VERTICES.CSV, ARCS.CSV)
# (MulVAL commands...)
# 2. Convert to PDDL
python create_domain.py example/VERTICES.CSV example/ARCS.CSV
python create_problem.py example/VERTICES.CSV
# 3. Solve attack planning problem
# Upload domain.pddl and problem.pddl to http://editor.planning.domains/This tool works with PDDL-Parser:
# 1. Generate PDDL files
python create_domain.py ...
python create_problem.py ...
# 2. Parse to transition system
python constructor.py domain.pddl problem.pddlThis tool was developed for research on:
- Proactive sensor placement in probabilistic attack graphs
- Automated synthesis of defense strategies
- Security planning using formal methods
See related publications:
- Supports MulVAL output format only
- Assumes deterministic attack effects
- State space may become large for complex networks
MIT License - see LICENSE.md for details
- MulVAL - For attack graph generation
- PDDL Editor - For online planning
- Research inspiration:
- B, T. G., Puzis, R., & Shapira, B. (2017). Scalable Attack Path Finding. https://doi.org/10.1007/978-3-319-60080-2
Lening Li
- GitHub: @leelening