Context Model Fusion for Multistage Network Attack Simulation

Abstract: Analyzing and predicting complex network attack strategies require an efficient way to produce realistic and up-to-date data representing a variety of attack behaviors on diverse network configurations. This work develops a simulation system that fuses four context models: the networks, the system vulnerabilities, the attack behaviors, and the attack scenarios, so as to synthesize multistage attack sequences. The separation of different context models enables flexibility and usability in defining these models,… Show more

“…None of these methods simulate an attacker based on the information that an attacker receives during an attack, although it plays an important role in making decisions about the attack. This concept is well implemented in agent modeling methods in the NeSSi2 (NeSSi -Network Security Simulator) [9] and in the attacker's behavior model in multistage attack scenario simulation (MASSmultistage attack scenario simulation) [10]. However, agent modeling techniques do not provide a structure in which an attacker obtains specific details about targets and can dynamically change targets and strategies during an attack.…”

“…In [10,11], simulations were performed to analyze possible cyber attacks that may occur in the network. The paper focuses on modeling the behavior of a cyber attacker so that it is possible to flexibly describe many different types of attackers, while maintaining reasonable realism in the types of attacks that can be performed.…”

Development of the space-time structure of the methodology for modeling the behavior of antagonistic agents of the security system

“…None of these methods simulate an attacker based on the information that an attacker receives during an attack, although it plays an important role in making decisions about the attack. This concept is well implemented in agent modeling methods in the NeSSi2 (NeSSi -Network Security Simulator) [9] and in the attacker's behavior model in multistage attack scenario simulation (MASSmultistage attack scenario simulation) [10]. However, agent modeling techniques do not provide a structure in which an attacker obtains specific details about targets and can dynamically change targets and strategies during an attack.…”

“…In [10,11], simulations were performed to analyze possible cyber attacks that may occur in the network. The paper focuses on modeling the behavior of a cyber attacker so that it is possible to flexibly describe many different types of attackers, while maintaining reasonable realism in the types of attacks that can be performed.…”

Development of the space-time structure of the methodology for modeling the behavior of antagonistic agents of the security system

“…This technique proves to be useful in other contexts, such as smart grid networks. 22 The predecessor to this work by Moskal et al 23 introduced a cyber-context model-driven simulator called the Multistage Attack Scenario Simulator (MASS). The MASS develops a Virtual Terrain (VT) and an ABM to simulate the interactions between the network and attackers.…”

“…19 Networks can also be modeled in various levels of detail: from complex packet-level descriptions 21 to less detailed network terrain descriptions. 23 To simplify these abstract models of humans and networks, an ensemble of cyber-based context models are used to narrow down the potential search space to cyber-specific details. This work uses the concept of previous research.…”

“…This work uses the concept of previous research. 23,26,27 to describe base context models that encompass the requirements of cyber attacks in general where each context model contains specific components to capture detailed functionality.…”

Cyber threat assessment via attack scenario simulation using an integrated adversary and network modeling approach

Cyberattacker Profiles, Cyberattack Models and Scenarios, and Cybersecurity Ontology