A new representation of attack graphs suitable for multi-stage attack emulation
Attack graphs have been proven to be useful for modeling multi-stage attacks for vulnerability analysis, though their use in threat emulation has been hindered by multiple challenges. In this paper, we propose a new type of graph, Activation, Guard, and Effect (AGE) graph, to support emulation of multi-stage attacks. We describe the abstract syntax and execution semantics of AGE graphs and provide examples that illustrate the ability of AGE graphs to model attacks and enable attack execution automation.