Simulating attack behaviors in enterprise networks

Abstract: Research works on cyber security have shifted from simply hardening the networked systems to enabling fightthrough technologies where the system is resilient to sophisticated attacks. A much-needed effort in this new premise is a better understanding of how attackers might behave within a well-protected network. Attack behavior analysis can benefit from automated simulations for large-scale enterprise networks. This work reviews existing efforts on attack behavior modeling and simulation, leading to the discus… Show more

“…One attack action can be associated with zero, one, or multiple observed events, depending on the sensor placement and capabilities, as well as whether the action reflects zero-day attacks. Figure 8 shows the architectural view of the simulator developed by Moskal et al (2013Moskal et al ( , 2014.…”

“…It was, however, not until 2007 when Kuhl et al (2007) proposed a simulation framework for the purpose of generating data for Cyber SA systems. Extending from Kuhl et al (2007), Moskal et al (2013Moskal et al ( , 2014 developed a more completed simulator that consists of an algorithmic core and four context models: Virtual Terrain version 2 (VT.2), Vulnerability Hierarchy (VH), Scenario Guiding Template (SGT), and Attack Behavior Model (ABM). This simulator simultaneously generates multiple attack sequences with user specified network configurations, attack scenarios, and parameterized hacking behaviors.…”

Attack Projection

“…One attack action can be associated with zero, one, or multiple observed events, depending on the sensor placement and capabilities, as well as whether the action reflects zero-day attacks. Figure 8 shows the architectural view of the simulator developed by Moskal et al (2013Moskal et al ( , 2014.…”

“…It was, however, not until 2007 when Kuhl et al (2007) proposed a simulation framework for the purpose of generating data for Cyber SA systems. Extending from Kuhl et al (2007), Moskal et al (2013Moskal et al ( , 2014 developed a more completed simulator that consists of an algorithmic core and four context models: Virtual Terrain version 2 (VT.2), Vulnerability Hierarchy (VH), Scenario Guiding Template (SGT), and Attack Behavior Model (ABM). This simulator simultaneously generates multiple attack sequences with user specified network configurations, attack scenarios, and parameterized hacking behaviors.…”

Attack Projection

“…In [10,11], simulations were performed to analyze possible cyber attacks that may occur in the network. The paper focuses on modeling the behavior of a cyber attacker so that it is possible to flexibly describe many different types of attackers, while maintaining reasonable realism in the types of attacks that can be performed.…”

Development of the space-time structure of the methodology for modeling the behavior of antagonistic agents of the security system

“…In a way, MASS builds on the strengths of the aforementioned simulators, and expands the concept of two context models, Virtual Terrain [12] and Guidance Template [1] used in the simulator developed by Kuhl et al [13]. A high-level preliminary introduction of this work was presented in a poster-paper [14]. The following sections discuss the details of MASS and demonstrate its capabilities through attack scenario examples.…”

Context Model Fusion for Multistage Network Attack Simulation