Visible to the public Session-level Adversary Intent-Driven Cyberattack Simulator

TitleSession-level Adversary Intent-Driven Cyberattack Simulator
Publication TypeConference Paper
Year of Publication2020
AuthorsDrašar, M., Moskal, S., Yang, S., Zat'ko, P.
Conference Name2020 IEEE/ACM 24th International Symposium on Distributed Simulation and Real Time Applications (DS-RT)
Date PublishedSept. 2020
ISBN Number978-1-7281-7343-6
Keywordsadversary behavior, Adversary Models, Analytical models, APT, attackers, authorisation, Bronze Butler APT, cyber adversary behavior, cyberattack, cybersecurity, Data models, defender, DEVS, Entry points, event-driven simulation model, Human Behavior, Internet, Malware, Metrics, network infrastructure, proactive analysis, pubcrawl, request-response session level, resilience, Resiliency, Scalability, session-level adversary intent-driven cyberattack simulator, Tools, user access levels

Recognizing the need for proactive analysis of cyber adversary behavior, this paper presents a new event-driven simulation model and implementation to reveal the efforts needed by attackers who have various entry points into a network. Unlike previous models which focus on the impact of attackers' actions on the defender's infrastructure, this work focuses on the attackers' strategies and actions. By operating on a request-response session level, our model provides an abstraction of how the network infrastructure reacts to access credentials the adversary might have obtained through a variety of strategies. We present the current capabilities of the simulator by showing three variants of Bronze Butler APT on a network with different user access levels.

Citation Keydrasar_session-level_2020