Information Technology Reference
In-Depth Information
oriented
attack modeling and simulation, (2) multi-level attack specification, (3) on-
tology-based attack model structuring, (4) attributed stochastic context-free grammar
for formal specification of attacks, (5) state machine-based formal grammar frame-
work implementation; (6) on-line generation of the malefactor's activity resulting
from the reaction of the attacked network security system.
The Attack Simulator is built as a
multi-agent system
consisting of two classes of
agents (Hacker Agent and Network Agent), which activity is based on the “Attacks
against computer network” application ontology and a communication component.
The developed and implemented simulator comprises the multitude of reusable com-
ponents generated by use of the by
Multi-Agent System Development Kit
(MASDK)
standard functionalities [6] and application-oriented software components developed
manually in terms of MS Visual C++. The developed technology makes it possible to
simulate
adversary interactions
between teams of hackers and network defense agents
[11].
Two
types of experiments
have been fulfilled with Attack Simulator: (1) macro-
level simulation where generation and investigation of malicious actions against com-
puter network model have been carried out; (2) micro-level simulation when mali-
cious network has been traffic generated against a real computer network. The
simula-
tion-based exploration of the developed Attack Simulator
has demonstrated its
efficacy for accomplishing various attack scenarios against networks with different
structures and security policies implemented.
Acknowledgment
This research was conducted in Intelligent Systems Laboratory of St. Petersburg Insti-
tute for Informatics and Automation. It is being supported by grants 01-01-108 of
Russian Foundation of Basic Research and European Office of Aerospace R&D (Pro-
jects #1994 P).
References
1. Chi, S.-D., Park, J. S., Jung K.-C., Lee J.-S.: Network Security Modeling and Cyber Attack
Simulation Methodology. In:
Lecture Notes in Computer Science
, Vol. 2119 (2001)
2. Cohen, F.: Simulating Cyber Attacks, Defenses, and Consequences. In:
IEEE Symposium
on Security and Privacy
, Berkeley, CA (1999)
3. Dawkins, J., Campbell, C., Hale J.: Modeling network attacks: Extending the attack tree
paradigm. In:
Workshop on Statistical and Machine Learning Techniques in Computer
Intrusion Detection
, Johns Hopkins University (2002)
4. Durst, R., Champion, T., Witten, B., Miller, E., Spanguolo, L.: Testing and evaluating
computer intrusion detection systems. In:
Communications of ACM
, 42(7) (1999)
5. Goldman, R. P.:
A Stochastic Model for Intrusions. In: Lecture Notes in Computer Science,
V.2516.
Recent Advances in Intrusion Detection. Fifth International Symposium. RAID
2002.
Zurich, Switzerland. Springer Verlag (2002)
6. Gorodetski, V., Karsayev, O., Kotenko, I., Khabalov, A.: Software Development Kit for
Multi-agent Systems Design and Implementation. In:
Lecture Notes in Artificial Intelli-
gence 2296
, Springer Verlag (2002)
