Session-level Adversary Intent-Driven Cyberattack Simulator

Investor logo

Warning

This publication doesn't include Faculty of Economics and Administration. It includes Institute of Computer Science. Official publication website can be found on muni.cz.
Authors

DRAŠAR Martin MOSKAL Stephen YANG Shanchieh Jay ZAŤKO Pavol

Year of publication 2020
Type Article in Proceedings
Conference DS-RT '20: Proceedings of the IEEE/ACM 24th International Symposium on Distributed Simulation and Real Time Applications
MU Faculty or unit

Institute of Computer Science

Citation
Web https://dl.acm.org/doi/abs/10.5555/3451906.3451908
Keywords discrete event simulation;adversarial behavior;cyberattack
Description Recognizing the need for proactive analysis of cyber adversary behavior, this paper presents a new event-driven simulation model and implementation to reveal the efforts needed by attackers who have various entry points into a network. Unlike previous models which focus on the impact of attackers' actions on the defender's infrastructure, this work focuses on the attackers' strategies and actions. By operating on a request-response session level, our model provides an abstraction of how the network infrastructure reacts to access credentials the adversary might have obtained through a variety of strategies. We present the current capabilities of the simulator by showing three variants of Bronze Butler APT on a network with different user access levels.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.