Adversary Tactic Driven Scenario and Terrain Generation with Partial Infrastructure Specification

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F24%3A00136100" target="_blank" >RIV/00216224:14330/24:00136100 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.1145/3664476.3664523" target="_blank" >http://dx.doi.org/10.1145/3664476.3664523</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1145/3664476.3664523" target="_blank" >10.1145/3664476.3664523</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Adversary Tactic Driven Scenario and Terrain Generation with Partial Infrastructure Specification

Popis výsledku v původním jazyce

Diverse, accurate, and up-to-date training environments are essential for training cybersecurity experts and autonomous systems. However, preparation of their content is time-consuming and requires experts to provide detailed specifications. In this paper, we explore the challenges of automated generation of the content (composed of scenarios and terrains) for these environments. We propose new models to represent the cybersecurity domain and associated action spaces. These models are used to create sound and complex training content based on partial specifications provided by users. We compare the results with a real-world complex malware campaign to assess the realism of the synthesized content. To further evaluate the correctness and variability of the results, we utilize the kill-chain attack graph generation for the generated training content to asses the internal correspondence of its key components. Our results demonstrate that the proposed approach can create complex training content similar to advanced attack campaigns, which passes evaluation for soundness and practicality. Our proposed approach and its implementation significantly contribute to the state of the art, enabling novel approaches to cybersecurity training and autonomous system development.

Název v anglickém jazyce

Adversary Tactic Driven Scenario and Terrain Generation with Partial Infrastructure Specification

Popis výsledku anglicky

Diverse, accurate, and up-to-date training environments are essential for training cybersecurity experts and autonomous systems. However, preparation of their content is time-consuming and requires experts to provide detailed specifications. In this paper, we explore the challenges of automated generation of the content (composed of scenarios and terrains) for these environments. We propose new models to represent the cybersecurity domain and associated action spaces. These models are used to create sound and complex training content based on partial specifications provided by users. We compare the results with a real-world complex malware campaign to assess the realism of the synthesized content. To further evaluate the correctness and variability of the results, we utilize the kill-chain attack graph generation for the generated training content to asses the internal correspondence of its key components. Our results demonstrate that the proposed approach can create complex training content similar to advanced attack campaigns, which passes evaluation for soundness and practicality. Our proposed approach and its implementation significantly contribute to the state of the art, enabling novel approaches to cybersecurity training and autonomous system development.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10200 - Computer and information sciences

Projekt

<a href="/cs/project/VJ02010020" target="_blank" >VJ02010020: AI-Dojo: Multiagentní testbed pro výzkum a testování umělé inteligence v kyberbezpečnosti</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2024

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security

ISBN

9798400717185

ISSN

—

e-ISSN

—

Počet stran výsledku

11

Strana od-do

1-11

Název nakladatele

Association for Computing Machinery

Místo vydání

New York, United States

Místo konání akce

Vienna

Datum konání akce

30. 7. 2024

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

001283894700045