Analyzing and predicting complex network attack strategies require an efficient way to produce realistic and up-to-date data representing a variety of attack behaviors on diverse network configurations. This work develops a simulation system that fuses four context models: the networks, the system vulnerabilities, the attack behaviors, and the attack scenarios, so as to synthesize multistage attack sequences. The separation of different context models enables flexibility and usability in defining these models, as well as a comprehensive synthesis of attack sequences under different combinations of situations. After describing the design of the context models, an example use of the simulator and sample outputs, including the ground truth actions and sensor observables, will be discussed.
Research works on cyber security have shifted from simply hardening the networked systems to enabling fightthrough technologies where the system is resilient to sophisticated attacks. A much-needed effort in this new premise is a better understanding of how attackers might behave within a well-protected network. Attack behavior analysis can benefit from automated simulations for large-scale enterprise networks. This work reviews existing efforts on attack behavior modeling and simulation, leading to the discussion of CyberSim, a modular system for cyber attack behavior simulation.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.