[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"doc-detail-84861-en":3,"doc-seo-84861-105":29,"detail-sidebar-cat-0-en-105":81},{"code":4,"msg":5,"data":6},0,"success",{"doc_id":7,"user_id":8,"nickname":9,"user_avatar":10,"doc_module":4,"category_id":11,"category_name":12,"doc_title":13,"doc_description":14,"doc_content":15,"file_id":16,"file_url":17,"file_type":18,"file_size":19,"view_count":4,"is_deleted":4,"is_public":20,"is_downloadable":20,"audit_status":20,"page_count":21,"language":22,"language_code":23,"site_id":24,"html_lang":23,"table_of_contents":25,"faqs":26,"seo_title":13,"seo_description":14,"update_tm":27,"read_time":28},84861,8796095461564,"Liam","https://ap-avatar.wpscdn.com/davatar_155a257f0dc6eb9ab79c44ca47cae57d",6,"Technology","i-EXAM Instructable and Explainable Attack Connectivity Graph Modeler","i-EXAM is a planning-powered tool that helps system administrators create security profiles for complex networks and run what-if analyses to find effective network hardening strategies. It uses planning compilation with soundness and completeness guarantees to identify attack paths, compute security metrics, generate diverse defensive updates, and explain how each change meets the specified security and functionality goals. Explanations are produced in natural language via Large Language Models interacting with the planner.","i-EXAM: Instructable and Explainable Attack Connectivity Graph Modeler  \nRakesh Podder, Wadia Ganim, Sarath Sreedharan, Indrajit Ray, Indrakshi Ray  \nColorado State University Fort Collins, Colorado, USA  \n{Rakesh.Podder, Wadia.Ganim, Sarath.Sreedharan, Indrajit.Ray, [Indrakshi.Ray](Indrakshi.Ray}@colostate.edu)[}](Indrakshi.Ray}@colostate.edu)[@colostate.edu](Indrakshi.Ray}@colostate.edu)  \narXiv :2607 .05888v 1 [ cs .CR] 7 Jul 2026  \nAbstract  \ni-EXAM is a planning-powered tool that helps system administrators to create security profiles of complex networksand perform what-if analyses to identify network hardening strategies. It leverages planning compilation that provides soundness and completeness guarantees—to identify attack paths, evaluate security metrics, generate diverse hardening strategies, and explain these strategies in natural language using Large Language Models.  \nDemo Video: [https://youtu.be/c4m6EDIpMxM](https://youtu.be/c4m6EDIpMxM)  \nIntroduction  \nSecuring and administering large networks is challenging: a single modification to a component in the network can have an enormous impact on its overall security posture and resiliency. The SPEAR framework proposes how the Attack Connectivity Graph,(ACG) (Podder et al. 2025) a hypergraph, can be compiled into a PDDL planning problem and help system administrators (sysadmins) identify the impact of an attack on the security and functionality of the network.  \nWe now present i-EXAM (instructable and EXplainable Attack connectivity graph Modeler), an interactive tool, built on the SPEAR framework, that leverages state-of-the-art AI planners for network hardening (Podder et al. 2025) . iEXAM, allows sysadmins to (a) visualize the overall network architecture, (b) run analysis methods to identify the overall security posture,(c) highlight potential attack paths,(d) identify diverse ways to update the network to achieve desired level of functionality or security hardening goals, and (e) generate explanations for the sysadmin as to how the proposed changes would achieve the specified goals. iEXAM can generate the planning models directly from network data and configuration files using a suite of different planners and enables reasoning about attack paths and defensive strategies with formal guarantees. i-EXAM uses LLMs that interact with the planner to provide explanationsin natural language for the sysadmins.  \ni-EXAM Tool  \nBuilding Planning Models i-EXAM collects detailed system/host-level attributes such as software, version, files,  \nCopyright © 2026, Association for the Advancement of Artificial Intelligence ([www.aaai.org](www.aaai.org)). All rights reserved.  \netc. & network-level data (i.e., port, protocol, IP, router, switch) using Nmap, Wazuh, and from documented data. It utilizes OpenVAS, Wazuh, and other scanners to getup-to-date vulnerability (CVE) information from external databases like NVD, ExploitDB. The information is then represented in JSON format, and used to create a database. This database is used as input to a PDDL generator to automatically build planning models.  \nNode/Path Visualizations i-EXAM has a visualization system, designed to provide sysadmins with views of the security posture at different levels of abstraction. The network information from the database is loaded to render the entire network as a graph, where each node represents a host and an associated vulnerability, and an edge represents network connections between the hosts. A host having multiple vulnerabilities is represented as multiple nodes, thus providing a better visualization of attack paths. Clicking on the node allows sysadmins to see additional information like the vulnerability ID, vulnerability severity scores, including Common Vulnerability Scoring System (CVSS) score, software, versions, file path, capabilities, cause, vulnerability types, and functionalities. i-EXAM allows visualization of potential paths, which are calculated from the planning model and then ov","cbCaisb7IcuLBAGg","https://ap.wps.com/l/cbCaisb7IcuLBAGg","pdf",1073900,1,3,"English","en",105,"# Introduction\n# i-EXAM Tool\n## Building Planning Models\n## Node/Path Visualizations\n## Network-Level Analysis\n## What-If-Analysis","[{\"question\":\"How does i-EXAM provide explanations for recommended hardening strategies?\",\"answer\":\"i-EXAM uses Large Language Models that interact with the planner to generate natural-language explanations for the sysadmin. These explanations describe how proposed changes achieve the specified security and functionality goals.\"}]",1784198884,8,{"code":4,"msg":30,"data":31},"ok",{"site_id":24,"language":23,"slug":32,"title":13,"keywords":33,"description":14,"schema_data":34,"social_meta":76,"head_meta":78,"extra_data":80,"updated_unix":27},"i-exam-instructable-and-explainable-attack-connectivity-graph-modeler","",{"@graph":35,"@context":75},[36,52,66],{"@type":37,"itemListElement":38},"BreadcrumbList",[39,43,47,49],{"item":40,"name":41,"@type":42,"position":20},"https://docshare.wps.com","Home","ListItem",{"item":44,"name":45,"@type":42,"position":46},"https://docshare.wps.com/document/","Document",2,{"item":48,"name":12,"@type":42,"position":21},"https://docshare.wps.com/document/technology/",{"item":50,"name":13,"@type":42,"position":51},"https://docshare.wps.com/document/i-exam-instructable-and-explainable-attack-connectivity-graph-modeler/84861/",4,{"url":50,"name":13,"@type":53,"author":54,"headline":13,"publisher":56,"fileFormat":59,"inLanguage":23,"description":14,"dateModified":60,"datePublished":60,"encodingFormat":59,"isAccessibleForFree":61,"interactionStatistic":62},"DigitalDocument",{"name":9,"@type":55},"Person",{"url":40,"name":57,"@type":58},"DocShare","Organization","application/pdf","2026-07-16",true,{"@type":63,"interactionType":64,"userInteractionCount":4},"InteractionCounter",{"@type":65},"ViewAction",{"@type":67,"mainEntity":68},"FAQPage",[69],{"name":70,"@type":71,"acceptedAnswer":72},"How does i-EXAM provide explanations for recommended hardening strategies?","Question",{"text":73,"@type":74},"i-EXAM uses Large Language Models that interact with the planner to generate natural-language explanations for the sysadmin. These explanations describe how proposed changes achieve the specified security and functionality goals.","Answer","https://schema.org",{"og:url":50,"og:type":77,"og:title":13,"og:site_name":57,"og:description":14},"article",{"robots":79,"canonical":50},"index,follow",{"doc_id":7,"site_id":24},{"code":4,"msg":5,"data":82},[83,87,91,95,100,103,108,112,117,120,124],{"id":20,"doc_module":4,"doc_module_name":45,"category_name":84,"show_sort_weight":85,"slug":86},"Story & Novel",90,"story-novel",{"id":46,"doc_module":4,"doc_module_name":45,"category_name":88,"show_sort_weight":89,"slug":90},"Literature",80,"literature",{"id":51,"doc_module":4,"doc_module_name":45,"category_name":92,"show_sort_weight":93,"slug":94},"Exam",70,"exam",{"id":96,"doc_module":4,"doc_module_name":45,"category_name":97,"show_sort_weight":98,"slug":99},5,"Comic",60,"comic",{"id":11,"doc_module":4,"doc_module_name":45,"category_name":12,"show_sort_weight":101,"slug":102},50,"technology",{"id":104,"doc_module":4,"doc_module_name":45,"category_name":105,"show_sort_weight":106,"slug":107},7,"Healthcare",40,"healthcare",{"id":28,"doc_module":4,"doc_module_name":45,"category_name":109,"show_sort_weight":110,"slug":111},"Research & Report",30,"research-report",{"id":113,"doc_module":4,"doc_module_name":45,"category_name":114,"show_sort_weight":115,"slug":116},9,"Religion & Spirituality",20,"religion-spirituality",{"id":115,"doc_module":4,"doc_module_name":45,"category_name":118,"show_sort_weight":115,"slug":119},"World Cup","world-cup",{"id":121,"doc_module":4,"doc_module_name":45,"category_name":122,"show_sort_weight":121,"slug":123},10,"Lifestyle","lifestyle",{"id":125,"doc_module":4,"doc_module_name":45,"category_name":126,"show_sort_weight":96,"slug":127},19,"General","general"]