Adversary Tactic Driven Scenario and Terrain Generation with Partial Infrastructure Specification
| Authors | |
|---|---|
| Year of publication | 2024 |
| Type | Article in Proceedings |
| Conference | The 19th International Conference on Availability, Reliability and Security (ARES 2024) [to appear] |
| MU Faculty or unit | |
| Citation | |
| Doi | http://dx.doi.org/10.1145/3664476.3664523 |
| Keywords | cybersecurity model, adversary framework, attack scenario generation, cyber terrain generation |
| Attached files | |
| Description | Diverse, accurate, and up-to-date training environments are essential for training cybersecurity experts and autonomous systems. However, preparation of their content is time-consuming and requires experts to provide detailed specifications. In this paper, we explore the challenges of automated generation of the content (composed of scenarios and terrains) for these environments. We propose new models to represent the cybersecurity domain and associated action spaces. These models are used to create sound and complex training content based on partial specifications provided by users. We compare the results with a real-world complex malware campaign to assess the realism of the synthesized content. To further evaluate the correctness and variability of the results, we utilize the kill-chain attack graph generation for the generated training content to asses the internal correspondence of its key components. Our results demonstrate that the proposed approach can create complex training content similar to advanced attack campaigns, which passes evaluation for soundness and practicality. Our proposed approach and its implementation significantly contribute to the state of the art, enabling novel approaches to cybersecurity training and autonomous system development. |
| Related projects: |