Information Technology Reference
In-Depth Information
Experiments with Simulation of Attacks
against Computer Networks
I. Kotenko and E. Man'kov
St.-Petersburg Institute for Informatics and Automation, Russia
{ivkote,eman}@mail.iias.spb.su
Abstract.
The paper describes implementation issues of and experiments with
the software tool “Attack Simulator” intended for active assessment of com-
puter networks vulnerability at the stages of design and deployment. The sug-
gested approach is based on malefactor's intention modeling, ontology-based at-
tack structuring and state machines specification of attack scenarios. The paper
characterizes a generalized agent-based architecture of Attack Simulator. The
generation of attacks against computer network model and real computer net-
work is analyzed. The experiments demonstrating efficiency of Attack Simula-
tor in generating various attacks scenarios against computer networks with dif-
ferent configurations and security policies are considered.
1
Introduction
Increasing of Internet scale and intensive emerging of new computer and network
technologies enhance the number of computer network vulnerabilities and possible
targets for malefactors' attacks against computer networks. Now we are witnesses of
developing cyber war, where malefactors use more and more advanced tools of attack
realization based on automated, speedy, sophisticated techniques, which are more
difficult to detect and eliminate [9].
However, modern computer network security systems use mostly “ad hoc” built
security policies aimed at defense against known types of attacks and other threats. It
is undoubtedly that remarkable increase of security systems efficiency could be
achieved in case of using knowledge resulting from generalization and formalization
of the accumulated experience regarding computer system vulnerabilities and attack
cases. To best develop the methods of cyber defense, we must be able to test secu-
rity components by simulating attacks against computer networks, just the way the
military must be able to simulate conflicts in the real world [5].
The goal of research described in the paper consists in development of a general
approach, mathematical models and a computer network attack simulation software
tool intended for active analysis of computer network vulnerabilities [7].
As one can see from our review of relevant works (Table 1), describing only ex-
amples of works directly connected with attack modeling and simulation, the field of
attack modeling and simulation has been delivering significant research results to
date, nevertheless the publications reflect a beginning phase of research. Perhaps this
is due to the extreme complexity of the network attack and computer networks.
