Mikel D Petty, John A Bland, Tymaine S Whitaker, Walter Alan Cantrell, Katia P Maxwell, C Daniel Colvett, E Michael Bearss
{"title":"用扩展 Petri 网模拟网络攻击","authors":"Mikel D Petty, John A Bland, Tymaine S Whitaker, Walter Alan Cantrell, Katia P Maxwell, C Daniel Colvett, E Michael Bearss","doi":"10.1177/00375497241268752","DOIUrl":null,"url":null,"abstract":"Cybersecurity is an urgent concern. Cybersecurity simulation is an important part of the response to it. This article describes a research program consisting of several interconnected cybersecurity simulation research projects. Cyberattacks are modeled using Petri nets extended with features designed for modeling cyberattacks, including representations of the attacker’s and defender’s strategies, their actions, and their actions’ cost. A database of known attack patterns is automatically processed to generate cyberattack component models, one for each attack pattern. The models are verified and validated using multiple application-relevant methods that consider both Petri nets’ theoretical properties and cyberattacks’ practical characteristics. Because the source attack pattern database is attacker-centric, the cyberattack component models are enhanced to include defender actions and responses, as well as representations of normal user activities on the computer system being attacked. Cyberattack component models stored in a repository are selected and composed into complete models of target computer systems. Metadata associated with each model guides the selection and composition. The cyberattack models are executed to simulate cyberattacks. Multiple simulation iterations are used to train reinforcement learning algorithms that automatically learn improved attacker or defender strategies.","PeriodicalId":501452,"journal":{"name":"SIMULATION","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-09-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Simulating cyberattacks with extended Petri nets\",\"authors\":\"Mikel D Petty, John A Bland, Tymaine S Whitaker, Walter Alan Cantrell, Katia P Maxwell, C Daniel Colvett, E Michael Bearss\",\"doi\":\"10.1177/00375497241268752\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cybersecurity is an urgent concern. Cybersecurity simulation is an important part of the response to it. This article describes a research program consisting of several interconnected cybersecurity simulation research projects. Cyberattacks are modeled using Petri nets extended with features designed for modeling cyberattacks, including representations of the attacker’s and defender’s strategies, their actions, and their actions’ cost. A database of known attack patterns is automatically processed to generate cyberattack component models, one for each attack pattern. The models are verified and validated using multiple application-relevant methods that consider both Petri nets’ theoretical properties and cyberattacks’ practical characteristics. Because the source attack pattern database is attacker-centric, the cyberattack component models are enhanced to include defender actions and responses, as well as representations of normal user activities on the computer system being attacked. Cyberattack component models stored in a repository are selected and composed into complete models of target computer systems. Metadata associated with each model guides the selection and composition. The cyberattack models are executed to simulate cyberattacks. Multiple simulation iterations are used to train reinforcement learning algorithms that automatically learn improved attacker or defender strategies.\",\"PeriodicalId\":501452,\"journal\":{\"name\":\"SIMULATION\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-09-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"SIMULATION\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1177/00375497241268752\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"SIMULATION","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1177/00375497241268752","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
网络安全是一个亟待解决的问题。网络安全模拟是应对这一问题的重要组成部分。本文介绍了一个由多个相互关联的网络安全模拟研究项目组成的研究计划。网络攻击是利用 Petri 网建模的,Petri 网具有为网络攻击建模而设计的扩展功能,包括攻击者和防御者的策略、行动及其行动成本的表示。已知攻击模式数据库经自动处理后生成网络攻击组件模型,每个攻击模式一个。这些模型采用多种与应用相关的方法进行验证和确认,这些方法既考虑了 Petri 网的理论特性,也考虑了网络攻击的实际特点。由于源攻击模式数据库是以攻击者为中心的,因此网络攻击组件模型得到了增强,以包括防御者的行动和响应,以及被攻击计算机系统上正常用户活动的表示。存储在资源库中的网络攻击组件模型会被挑选出来,并组成目标计算机系统的完整模型。与每个模型相关的元数据为选择和组合提供指导。执行网络攻击模型来模拟网络攻击。多次模拟迭代用于训练强化学习算法,该算法可自动学习改进的攻击者或防御者策略。
Cybersecurity is an urgent concern. Cybersecurity simulation is an important part of the response to it. This article describes a research program consisting of several interconnected cybersecurity simulation research projects. Cyberattacks are modeled using Petri nets extended with features designed for modeling cyberattacks, including representations of the attacker’s and defender’s strategies, their actions, and their actions’ cost. A database of known attack patterns is automatically processed to generate cyberattack component models, one for each attack pattern. The models are verified and validated using multiple application-relevant methods that consider both Petri nets’ theoretical properties and cyberattacks’ practical characteristics. Because the source attack pattern database is attacker-centric, the cyberattack component models are enhanced to include defender actions and responses, as well as representations of normal user activities on the computer system being attacked. Cyberattack component models stored in a repository are selected and composed into complete models of target computer systems. Metadata associated with each model guides the selection and composition. The cyberattack models are executed to simulate cyberattacks. Multiple simulation iterations are used to train reinforcement learning algorithms that automatically learn improved attacker or defender strategies.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
