IDEAS home Printed from https://ideas.repec.org/p/hal/journl/hal-05323716.html
   My bibliography  Save this paper

Physics-Informed Graph Neural Networks for Attack Path Prediction

Author

Listed:
  • Marin François

    (LAMSADE - Laboratoire d'analyse et modélisation de systèmes pour l'aide à la décision - Université Paris Dauphine-PSL - PSL - Université Paris Sciences et Lettres - CNRS - Centre National de la Recherche Scientifique)

  • Pierre-Emmanuel Arduin

    (DRM - Dauphine Recherches en Management - Université Paris Dauphine-PSL - PSL - Université Paris Sciences et Lettres - CNRS - Centre National de la Recherche Scientifique)

  • Myriam Merad

    (LAMSADE - Laboratoire d'analyse et modélisation de systèmes pour l'aide à la décision - Université Paris Dauphine-PSL - PSL - Université Paris Sciences et Lettres - CNRS - Centre National de la Recherche Scientifique)

Abstract

The automated identification and evaluation of potential attack paths within infrastructures is a critical aspect of cybersecurity risk assessment. However, existing methods become impractical when applied to complex infrastructures. While machine learning (ML) has proven effective in predicting the exploitation of individual vulnerabilities, its potential for full-path prediction remains largely untapped. This challenge stems from two key obstacles: the lack of adequate datasets for training the models and the dimensionality of the learning problem. To address the first issue, we provide a dataset of 1033 detailed environment graphs and associated attack paths, with the objective of supporting the community in advancing ML-based attack path prediction. To tackle the second, we introduce a novel Physics-Informed Graph Neural Network (PIGNN) architecture for attack path prediction. Our experiments demonstrate its effectiveness, achieving an F1 score of 0.9308 for full-path prediction. We also introduce a self-supervised learning architecture for initial access and impact prediction, achieving F1 scores of 0.9780 and 0.8214, respectively. Our results indicate that the PIGNN effectively captures adversarial patterns in high-dimensional spaces, demonstrating promising generalization potential towards fully automated assessments.

Suggested Citation

  • Marin François & Pierre-Emmanuel Arduin & Myriam Merad, 2025. "Physics-Informed Graph Neural Networks for Attack Path Prediction," Post-Print hal-05323716, HAL.
    • Handle: RePEc:hal:journl:hal-05323716
    Note: View the original document on HAL open archive server: https://hal.science/hal-05323716v1
    as

    Download full text from publisher

    File URL: https://hal.science/hal-05323716v1/document
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Martin Eling & Michael McShane & Trung Nguyen, 2021. "Cyber risk management: History and future research directions," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 24(1), pages 93-125, March.
    2. Ali Pala & Jun Zhuang, 2019. "Information Sharing in Cybersecurity: A Review," Decision Analysis, INFORMS, vol. 16(3), pages 172-196, September.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Pavel V. Shevchenko & Jiwook Jang & Matteo Malavasi & Gareth W. Peters & Georgy Sofronov & Stefan Truck, 2022. "The Nature of Losses from Cyber-Related Events: Risk Categories and Business Sectors," Papers 2202.10189, arXiv.org, revised Mar 2022.
    2. Arisian, Sobhan & Halat, Kourosh & Hafezalkotob, Ashkan & Maskey, Reenu, 2025. "Coopetitive Resilience: Integrating Cyber Threat Intelligence Platforms in Critical Supply Chains," Transportation Research Part E: Logistics and Transportation Review, Elsevier, vol. 197(C).
    3. Chaitanya Joshi & Jinming Yang & Sergeja Slapnicar & Ryan K L Ko, 2024. "Contrasting the optimal resource allocation to cybersecurity and cyber insurance using prospect theory versus expected utility theory," Papers 2411.18838, arXiv.org.
    4. Gareth W. Peters & Matteo Malavasi & Georgy Sofronov & Pavel V. Shevchenko & Stefan Trück & Jiwook Jang, 2023. "Cyber loss model risk translates to premium mispricing and risk sensitivity," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 372-433, April.
    5. Nadine Gatzert & Madeline Schubert, 2022. "Cyber risk management in the US banking and insurance industry: A textual and empirical analysis of determinants and value," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 89(3), pages 725-763, September.
    6. Hausken, Kjell & Welburn, Jonathan W. & Zhuang, Jun, 2025. "A Review of Game Theory and Risk and Reliability Analysis in Infrastructures and Networks," Reliability Engineering and System Safety, Elsevier, vol. 261(C).
    7. Nguyen, Son & Shu-Ling Chen, Peggy & Du, Yuquan, 2022. "Risk assessment of maritime container shipping blockchain-integrated systems: An analysis of multi-event scenarios," Transportation Research Part E: Logistics and Transportation Review, Elsevier, vol. 163(C).
    8. Alessandro Mazzoccoli & Maurizio Naldi, 2022. "An Overview of Security Breach Probability Models," Risks, MDPI, vol. 10(11), pages 1-29, November.
    9. Aubert, Alice H. & Lienert, Judit, 2024. "Operational Research for, with, and by citizens: An overview," European Journal of Operational Research, Elsevier, vol. 316(3), pages 800-814.
    10. Berlilana & Tim Noparumpa & Athapol Ruangkanjanases & Taqwa Hariguna & Sarmini, 2021. "Organization Benefit as an Outcome of Organizational Security Adoption: The Role of Cyber Security Readiness and Technology Readiness," Sustainability, MDPI, vol. 13(24), pages 1-20, December.
    11. Tahereh Hasani & Norman O’Reilly & Ali Dehghantanha & Davar Rezania & Nadège Levallet, 2023. "Evaluating the adoption of cybersecurity and its influence on organizational performance," SN Business & Economics, Springer, vol. 3(5), pages 1-38, May.
    12. Emilie Peneloux & Thomas Des Grottes & Philippe Lepinard & Cécile Godé, 2024. "Du Risque De "Securite De L’Information" Au "Risque Cyber"," Post-Print hal-04885216, HAL.
    13. Andrea C. Hupman, 2022. "Cutoff Threshold Decisions for Classification Algorithms with Risk Aversion," Decision Analysis, INFORMS, vol. 19(1), pages 63-78, March.
    14. Hausken, Kjell, 2024. "Fifty Years of Operations Research in Defense," European Journal of Operational Research, Elsevier, vol. 318(2), pages 355-368.
    15. Denuit, Michel & Ortega-Jimenez, Patricia & Robert, Christian Y., 2024. "No-sabotage under conditional mean risk sharing of dependent-by-mixture insurance losses," LIDAM Discussion Papers ISBA 2024019, Université catholique de Louvain, Institute of Statistics, Biostatistics and Actuarial Sciences (ISBA).
    16. Amitai Gilad & Asher Tishler, 2024. "Measuring and Mitigating the Risk of Advanced Cyberattackers," Decision Analysis, INFORMS, vol. 21(4), pages 215-234, December.
    17. Matteo Malavasi & Gareth W. Peters & Stefan Treuck & Pavel V. Shevchenko & Jiwook Jang & Georgy Sofronov, 2024. "Cyber Risk Taxonomies: Statistical Analysis of Cybersecurity Risk Classifications," Papers 2410.05297, arXiv.org.
    18. Yong Wu & Mengyao Xu & Dong Cheng & Tao Dai, 2022. "Information Security Strategies for Information-Sharing Firms Considering a Strategic Hacker," Decision Analysis, INFORMS, vol. 19(2), pages 99-122, June.
    19. Tania Wallis & Rafał Leszczyna, 2022. "EE-ISAC—Practical Cybersecurity Solution for the Energy Sector," Energies, MDPI, vol. 15(6), pages 1-23, March.
    20. Erkan-Barlow, Asligul & Nguyen, Trung, 2024. "Cybersecurity and executive compensation: Can inside debt-induced risk aversion improve cyber risk management effectiveness?," International Review of Financial Analysis, Elsevier, vol. 93(C).

    More about this item

    Keywords

    ;
    ;
    ;
    ;

    NEP fields

    This paper has been announced in the following NEP Reports:

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:hal:journl:hal-05323716. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: CCSD (email available below). General contact details of provider: https://hal.archives-ouvertes.fr/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.