Analytical attack graph abstraction for resource-efficiencies

What is claimed is: 1 . A computer-implemented method for mitigating cyber security risk of an enterprise network, the computer-implemented method comprising: receiving an initial analytic attack graph (AAG) that is representative of paths within the enterprise network with respect to at least one target asset, the initial AAG comprising nodes and edges between the nodes; identifying, from the nodes of the initial AAG, a plurality of node groups, each node group including two or more nodes having at least one common attribute; generating an abstract AAG from the initial AAG, the abstract AAG including at least one abstract node, wherein each node group of the initial AAG is represented by a respective abstract node of the abstract AAG; storing, in a database, mapping data between an abstract node of the abstract AAG and the nodes of the respective node group of the initial AAG represented by the abstract node; determining a set of remedial actions at least partially based on the abstract AAG, wherein determining the set of remedial actions at least partially based on the abstract AAG comprises processing the abstract AAG with a cyber defense algorithm to identify a set of rule nodes to be removed from the initial AAG; and executing one or more remedial actions in the set of remedial actions to reduce a cyber security risk to the enterprise network. 2 . The method of claim 1 , wherein each node comprises one of a rule node, a fact node, or a derived fact node. 3 . The method of claim 1 , wherein attributes of nodes comprise labels, arguments, and types. 4 . The method of claim 3 , wherein the node groups of the initial AAG each include two or more nodes having a common label and type. 5 . The method of claim 4 , wherein each abstract node in the abstract AAG is associated with the common label and type of the respective node group of the initial AAG. 6 . The method of claim 1 , wherein processing the abstract AAG with the cyber defense algorithm to identify a set of rule nodes to be removed from the initial AAG comprises: determining, using the cyber defense algorithm, at least one abstract rule node to be removed from the abstract AAG; and identifying the set of rule nodes to be removed from the initial AAG by mapping the at least one abstract rule node of the abstract AAG to rule nodes of the initial AAG using stored the mapping data. 7 . The method of claim 1 , wherein the set of rule nodes comprises a locally minimal set of rules of which removal prevents all attacks to the at least one target asset. 8 . The method of claim 1 , wherein executing the one or more remedial actions in the set of remedial actions to reduce the cyber security risk to the enterprise network comprises removing rule nodes of the identified set of rule nodes from the initial AAG. 9 . The method of claim 1 , wherein the abstract AAG includes at least one abstract edge between two abstract nodes. 10 . The method of claim 9 , comprising storing, in a database, mapping data between an abstract edge of the abstract AAG and respective nodes of the initial AAG represented by the abstract nodes connected by the abstract edge. 11 . The method of claim 1 , wherein identifying the plurality of node groups in the initial AAG, each node group including two or more nodes having a common attribute comprises: searching the initial AAG for bisimular nodes, wherein each node group comprises two or more bisimular nodes. 12 . The method of claim 11 , wherein bisimular nodes have a common label and type. 13 . A non-transitory computer-readable storage medium coupled to one or more processors and having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations for mitigating cyber security risk of an enterprise network, the operations comprising: receiving an initial analytic attack graph (AAG) that is representative of paths within the enterprise network with respect to at least one target asset, the initial AAG comprising nodes and edges between the nodes; identifying, from the nodes of the initial AAG, a plurality of node groups, each node group including two or more nodes having at least one common attribute; generating an abstract AAG from the initial AAG, the abstract AAG including at least one abstract node, wherein each node group of the initial AAG is represented by a respective abstract node of the abstract AAG; storing, in a database, mapping data between an abstract node of the abstract AAG and the nodes of the respective node group of the initial AAG represented by the abstract node; determining a set of remedial actions at least partially based on the abstract AAG, wherein determining the set of remedial actions at least partially based on the abstract AAG comprises processing the abstract AAG with a cyber defense algorithm to identify a set of rule nodes to be removed from the initial AAG; and executing one or more remedial actions in the set of remedial actions to reduce a cyber security risk to the enterprise network. 14 . The non-transitory computer-readable storage medium of claim 13 , wherein each node comprises one of a rule node, a fact node, or a derived fact node. 15 . The non-transitory computer-readable storage medium of claim 13 , wherein attributes of nodes comprise labels, arguments, and types. 16 . The non-transitory computer-readable storage medium of claim 15 , wherein the node groups of the initial AAG each include two or more nodes having a common label and type. 17 . The non-transitory computer-readable storage medium of claim 16 , wherein each abstract node in the abstract AAG is associated with the common label and type of the respective node group of the initial AAG. 18 . A system, comprising: a computing device; and a computer-readable storage device coupled to the computing device and having instructions stored thereon which, when executed by the computing device, cause the computing device to perform operations for mitigating cyber security risk of an enterprise network, the operations comprising: receiving an initial analytic attack graph (AAG) that is representative of paths within the enterprise network with respect to at least one target asset, the initial AAG comprising nodes and edges between the nodes; identifying, from the nodes of the initial AAG, a plurality of node groups, each node group including two or more nodes having at least one common attribute; generating an abstract AAG from the initial AAG, the abstract AAG including at least one abstract node, wherein each node group of the initial AAG is represented by a respective abstract node of the abstract AAG; storing, in a database, mapping data between an abstract node of the abstract AAG and the nodes of the respective node group of the initial AAG represented by the abstract node; determining a set of remedial actions at least partially based on the abstract AAG, wherein determining the set of remedial actions at least partially based on the abstract AAG comprises processing the abstract AAG with a cyber defense algorithm to identify a set of rule nodes to be removed from the initial AAG; and executing one or more remedial actions in the set of remedial actions to reduce a cyber security risk to the enterprise network.