Vulnerability Correlation, Multi-step Attack and Exploit Chain in Breach and Attack Simulation

As networks continue to expand in scale and complexity, the frequency and severity of network attacks are rapidly increasing. Regular penetration testing is essential to enhance cybersecurity defense. However, manual testing lacks the intelligence necessary for effective assessments. Breach and Attack Simulation (BAS) represents an advanced penetration method for automated evaluation of security situations. Current methodologies primarily focus on individual vulnerabilities or attack behaviors, which exhibit weaknesses in correlation and granularity, and do not adapt well to real-world scenarios. To improve the accuracy and efficacy of BAS, it is imperative to integrate vulnerability correlation, multi-step attacks, and exploit chains. The paper is divided into three sections, providing a comprehensive exposition on vulnerability association. It summarizes the implementation principles of various methods and offers recommendations concerning current research advancements and future research directions.