Session-level Adversary Intent-Driven Cyberattack Simulator

Submitted by grigby1 on Thu, 01/28/2021 - 1:10pm

Title	Session-level Adversary Intent-Driven Cyberattack Simulator
Publication Type	Conference Paper
Year of Publication	2020
Authors	Drašar, M., Moskal, S., Yang, S., Zat'ko, P.
Conference Name	2020 IEEE/ACM 24th International Symposium on Distributed Simulation and Real Time Applications (DS-RT)
Date Published	Sept. 2020
Publisher	IEEE
ISBN Number	978-1-7281-7343-6
Keywords	adversary behavior, Adversary Models, Analytical models, APT, attackers, authorisation, Bronze Butler APT, cyber adversary behavior, cyberattack, cybersecurity, Data models, defender, DEVS, Entry points, event-driven simulation model, Human Behavior, Internet, Malware, Metrics, network infrastructure, proactive analysis, pubcrawl, request-response session level, resilience, Resiliency, Scalability, session-level adversary intent-driven cyberattack simulator, Tools, user access levels
Abstract	Recognizing the need for proactive analysis of cyber adversary behavior, this paper presents a new event-driven simulation model and implementation to reveal the efforts needed by attackers who have various entry points into a network. Unlike previous models which focus on the impact of attackers' actions on the defender's infrastructure, this work focuses on the attackers' strategies and actions. By operating on a request-response session level, our model provides an abstraction of how the network infrastructure reacts to access credentials the adversary might have obtained through a variety of strategies. We present the current capabilities of the simulator by showing three variants of Bronze Butler APT on a network with different user access levels.
URL	https://ieeexplore.ieee.org/document/9213690
DOI	10.1109/DS-RT50469.2020.9213690
Citation Key	drasar_session-level_2020

Groups:

Science of Security VO