Graphene: Infrastructure Security Posture Analysis with AI-generated Attack Graphs
Xin Jin, Charalampos Katsis, Fan Sang, Jiahao Sun, Elisa Bertino, Ramana Rao Kompella, Ashish Kundu
TL;DR
Graphene addresses the challenge of automatically assessing security posture in complex compute infrastructures by combining NLP-based vulnerability extraction with attack graph construction across hardware, system, network, and cryptography layers. It uses named entity recognition and domain-specific word embeddings to convert vulnerability descriptions into structured attack graph nodes and edges, enabling cumulative and layered graphs that reveal cross-layer exploit chains. A CVSS-aligned risk scoring framework computes edge and graph scores (EES, EIS, ERS) and identifies critical paths and patch sets, with a vertex-cover-based mechanism to pinpoint minimal mitigation sets. The approach is implemented as a microservice-based pipeline and evaluated on large CVE datasets and a case study, demonstrating accurate vulnerability extraction, meaningful semantic matching, and practical, scalable security analytics for prioritized defense actions.
Abstract
The rampant occurrence of cybersecurity breaches imposes substantial limitations on the progress of network infrastructures, leading to compromised data, financial losses, potential harm to individuals, and disruptions in essential services. The current security landscape demands the urgent development of a holistic security assessment solution that encompasses vulnerability analysis and investigates the potential exploitation of these vulnerabilities as attack paths. In this paper, we propose Graphene, an advanced system designed to provide a detailed analysis of the security posture of computing infrastructures. Using user-provided information, such as device details and software versions, Graphene performs a comprehensive security assessment. This assessment includes identifying associated vulnerabilities and constructing potential attack graphs that adversaries can exploit. Furthermore, Graphene evaluates the exploitability of these attack paths and quantifies the overall security posture through a scoring mechanism. The system takes a holistic approach by analyzing security layers encompassing hardware, system, network, and cryptography. Furthermore, Graphene delves into the interconnections between these layers, exploring how vulnerabilities in one layer can be leveraged to exploit vulnerabilities in others. In this paper, we present the end-to-end pipeline implemented in Graphene, showcasing the systematic approach adopted for conducting this thorough security analysis.