Session-level Adversary Intent-Driven Cyberattack Simulator

Recognizing the need for proactive analysis of cyber adversary behavior, this paper presents a new event-driven simulation model and implementation to reveal the efforts needed by attackers who have various entry points into a network. Unlike previous models which focus on the impact of attackers' actions on the defender's infrastructure, this work focuses on the attackers' strategies and actions. By operating on a request-response session level, our model provides an abstraction of how the network infrastructure reacts to access credentials the adversary might have obtained through a variety of strategies. We present the current capabilities of the simulator by showing three variants of Bronze Butler APT on a network with different user access levels.

[1]  Moises Sudit,et al.  Cyber attack modeling and simulation for network security analysis , 2007, 2007 Winter Simulation Conference.

[2]  Jun Li,et al.  A network security assessment model based on attack-defense game theory , 2010, 2010 International Conference on Computer Application and System Modeling (ICCASM 2010).

[3]  Chengrong Wu,et al.  Survey of Attack Graph Analysis Methods from the Perspective of Data and Knowledge Processing , 2019, Secur. Commun. Networks.

[4]  J. A. Battaglia,et al.  Finding Cyber Threats with ATT&CK-Based Analytics , 2017 .

[5]  Ann Nowé,et al.  Designing multi-objective multi-armed bandits algorithms: A study , 2013, The 2013 International Joint Conference on Neural Networks (IJCNN).

[6]  Jong Sou Park,et al.  Network Security Modeling and Cyber Attack Simulation Methodology , 2001, ACISP.

[7]  Jugal K. Kalita,et al.  Towards Generating Real-life Datasets for Network Intrusion Detection , 2015, Int. J. Netw. Secur..

[8]  David M. Nicol,et al.  RINSE: the real-time immersive network simulation environment for network security exercises , 2005, Workshop on Principles of Advanced and Distributed Simulation (PADS'05).

[9]  Tansu Alpcan,et al.  Security Games with Incomplete Information , 2009, 2009 IEEE International Conference on Communications.

[10]  Svein J. Knapskog,et al.  Towards a stochastic model for integrated security and dependability evaluation , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[11]  Karel Slavíček,et al.  KYPO4INDUSTRY: A Testbed for Teaching Cybersecurity of Industrial Control Systems , 2020, SIGCSE.

[12]  Marco Lützenberger,et al.  Agent-based network security simulation , 2011, AAMAS.

[13]  Tomás Jirsík,et al.  Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets , 2018, 2018 Network Traffic Measurement and Analysis Conference (TMA).

[14]  Sahin Albayrak,et al.  A Tool Set for the Evaluation of Security and Reliability in Smart Grids , 2012, SmartGridSec.

[15]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[16]  Ting Wang,et al.  Overview on attack graph generation and visualization technology , 2013, 2013 International Conference on Anti-Counterfeiting, Security and Identification (ASID).

[17]  Anoop Singhal,et al.  Quantitative Security Risk Assessment of Enterprise Networks , 2011, Springer Briefs in Computer Science.

[18]  Liang Hong,et al.  Generation of DDoS Attack Dataset for Effective IDS Development and Evaluation , 2018 .

[19]  Krzysztof Rzadca,et al.  Reference Architecture of an Autonomous Agent for Cyber Defense of Complex Military Systems , 2020, Adaptive Autonomous Secure Cyber Systems.

[20]  Mehran S. Fallah A Puzzle-Based Defense Strategy Against Flooding Attacks Using Game Theory , 2010, IEEE Transactions on Dependable and Secure Computing.

[21]  Shanchieh Jay Yang,et al.  Cyberattack Action-Intent-Framework for Mapping Intrusion Observables , 2020, ArXiv.

[22]  Hongsheng Xi,et al.  A Markov Game Theory-Based Risk Assessment Model for Network Information System , 2008, 2008 International Conference on Computer Science and Software Engineering.

[23]  Daniel R. Tauritz,et al.  DCAFE: A Distributed Cyber Security Automation Framework for Experiments , 2014, 2014 IEEE 38th International Computer Software and Applications Conference Workshops.

[24]  Anoop Singhal,et al.  Attack Graph Techniques , 2012 .

[25]  Kerem Kaynar,et al.  A taxonomy for attack graph generation and usage in network security , 2016, J. Inf. Secur. Appl..

[26]  Michael E. Kuhl,et al.  Cyber threat assessment via attack scenario simulation using an integrated adversary and network modeling approach , 2018 .

[27]  Svein J. Knapskog,et al.  A Framework for Predicting Security and Dependability Measures in Real-time , 2007 .

[28]  Scott Musman,et al.  A game theoretic approach to cyber security risk management , 2018 .

[29]  Ying Liang,et al.  Stochastic Game Theoretic Method of Quantification for Network Situational Awareness , 2008, 2008 International Conference on Internet Computing in Science and Engineering.

[30]  Ali A. Ghorbani,et al.  Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization , 2018, ICISSP.

[31]  Michael E. Kuhl,et al.  Context Model Fusion for Multistage Network Attack Simulation , 2014, 2014 IEEE Military Communications Conference.

[32]  Falko Dressler,et al.  How to Test an IDS?: GENESIDS: An Automated System for Generating Attack Traffic , 2018, WTMC@SIGCOMM.

[33]  Carlos Sarraute,et al.  Simulating Cyber-Attacks for Fun and Profit , 2009, SimuTools.

[34]  Ravishankar K. Iyer,et al.  Game Theory with Learning for Cyber Security Monitoring , 2016, 2016 IEEE 17th International Symposium on High Assurance Systems Engineering (HASE).

[35]  Teodor Sommestad,et al.  SVED: Scanning, Vulnerabilities, Exploits and Detection , 2016, MILCOM 2016 - 2016 IEEE Military Communications Conference.

[36]  Yang Xiao,et al.  Game Theory for Network Security , 2013, IEEE Communications Surveys & Tutorials.

[37]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[38]  Sajjan G. Shiva,et al.  Use of Attack Graphs in Security Systems , 2014, J. Comput. Networks Commun..