Accession Number : AD1045796


Title :   Developing Simulated Cyber Attack Scenarios Against Virtualized Adversary Networks


Descriptive Note : Technical Report


Corporate Author : Naval Postgraduate School Monterey United States


Personal Author(s) : Aybar,Luis E


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/1045796.pdf


Report Date : 01 Mar 2017


Pagination or Media Count : 103


Abstract : Cyberspace is now recognized as a critical center of gravity for modern military forces. The ability to maintain operational networks, while degrading the enemys network capability, is a key consideration for military commanders. Conducting effective cyber-attacks against sophisticated adversaries requires the ability to develop, test, and refine cyber-attack scenarios before they are used operationally, a requirement that is not as well defined in the cyber domain as it is in the physical domain. This research introduces several concepts to address this need, and creates a prototype for cyber-attack scenario development and testing in a virtual test environment. Commercial and custom software tools that provide the ability to conduct network vulnerability testing are reviewed for their suitability as candidates for the framework of this project. Leveraging the extensible architecture of the Malicious Activity Simulation Tool (MAST) custom framework allowed for the implementation of new interaction parameters, and provided temporal specificity and target discrimination of cyber-attack scenario tests. The prototype successfully integrated a virtualized test environment used to simulate an adversary network and the enhanced MAST capability to demonstrate the viability of a cyber-attack scenario development platform to address the needs of modern offensive cyber operations. Based on these results, we recommend continued development of MAST with the intent to ultimately deploy to Department of Defense cyber operations teams.


Descriptors :   CYBERSPACE , CYBERATTACKS , SIMULATION , MALWARE


Subject Categories : Computer Systems


Distribution Statement : APPROVED FOR PUBLIC RELEASE