Scripts and resources for creating a library of annotated attack trees and using it to semi-automatically augment an annotated attack tree.
Dependencies: PySWIP, see https://github.com/yuce/pyswip .
Necessary external tools: Stanford CoreNLP, see https://stanfordnlp.github.io/CoreNLP/ .
Use instructions:
1.- Run create_file_coll_stanford_corenlp.py to extract plain text CVE vulnerability definitions from NVD.
2.- Run CoreNLP parser ("parse" output, NER off) to obtain dependency parses of vulnerability definitions. Give as input the set of files and the file list generated by create_file_coll_stanford_corenlp.py.
3.- Run fact_extractor.py to extract assumption and guarantees from NVD resources and dependency-parsed vulnerability definitions. The extracted assumption and guarantees will be stored in text files formatted for easy human interpretation.
4.- Run facts_txt_2_prolog.py to translate the assumptions and guarantees extracted in the previous step into a knowledge base of Prolog predicates. Besides adopting the Prolog syntax, a number of modifications are made in the terms extracted from NVD vulnerability definitions to prevent misinterpretation by the Prolog interpreter and/or syntax errors. Human readability may be slightly reduced.
5.- Run grow_tree.py to execute the tree refining algorithm. The resources obtained in the previous steps should be used.
Steps 1 to 4 will usually be executed once to create the necessary resources. Afterwards, tree refining will generally require to run step 5 only.