KGB-Path: a knowledge graph-based framework for penetration test path generation in intelligent connected vehicles
摘要
Penetration testing serves as a pivotal technique for evaluating system security through the simulation of malicious attacks. With the rapid proliferation of Intelligent Connected Vehicles (ICVs), the profound integration and elevated complexity of their systems have precipitated a dramatic expansion of attack surfaces, thereby posing significant challenges to existing penetration testing methodologies. To address the core limitations of traditional testing paradigms—specifically, their heavy reliance on human expert expertise and the static nature of knowledge bases—this study proposes KGB-Path (Knowledge Graph-Based Path generation), an automated framework for penetration testing path generation. This framework leverages the vehicle's electrical/electronic (E/E) architecture as its core backbone, constructing a knowledge graph through the fusion of multi-source security data. Furthermore, this paper introduces a Penetration State Machine (PSM) model designed to transform static knowledge into dynamic, inferable attack logic. Experimental results across multiple real-world vehicle architectures demonstrate that the proposed framework not only achieves efficient, automated generation of historical attack paths for designated targets but, more critically, enables Zero-Shot path generation for unknown threats, thereby validating the comprehensive advantages of the framework in the automated analysis of architecture-level risks.