A Guidance Template for Attack Sequence Specification in Cyber Attack Simulation

Over the past decade the cost and frequency of cybercrime has skyrocketed and is still increasing year over year. Major targets of cyber attacks are financial organizations, energy and utility companies, governmental agencies, and technology companies. However, almost all businesses are at risk. The increasing threat and cost of cyber crime is caused by many factors, including: the increasing reliance on cyber networks, constantly evolving exploitation and cyber attack methods, and insufficient development of defensive mechanisms to predict and prevent cyber attackers. Promising research in the proactive defense against cyber attacks exists in the field of cyber situational awareness (Cyber SA), but is limited partially due to the limited availability of cyber attack data from desirable attack scenarios. This work improves upon previous development of a cyber attack simulator capable of modeling complex cyber attacks consisting of computer networks, their defenses, and cyber attacker behavior. The main contribution of this work is the introduction of a new model called the Attack Guidance Template (AGT), responsible for the definition of simulated cyber attack sequences and for guiding the attacker to the goal of the attack sequence. The AGT allows the user to define desired cyber attack sequences with flexibility and ranging levels of specificity. This work also introduces an attack sequence analyzer to aid the user in understanding the likelihood of the model attack sequences being accomplished successfully with different attackers across various networks. To ensure the validity of these developments, both the analyzer and the AGT are verified and compared to the previous cyber attack guidance template