Developing simulated cyber attack scenarios against virtualized adversary networks

Abstract

Cyberspace is now recognized as a critical center of gravity for modern military forces. The ability to maintain operational networks, while degrading the enemy's network capability, is a key consideration for military commanders. Conducting effective cyber-attacks against sophisticated adversaries requires the ability to develop, test, and refine cyber-attack scenarios before they are used operationally, a requirement that is not as well defined in the cyber domain as it is in the physical domain. This research introduces several concepts to address this need, and creates a prototype for cyber-attack scenario development and testing in a virtual test environment. Commercial and custom software tools that provide the ability to conduct network vulnerability testing are reviewed for their suitability as candidates for the framework of this project. Leveraging the extensible architecture of the Malicious Activity Simulation Tool (MAST) custom framework allowed for the implementation of new interaction parameters, and provided temporal specificity and target discrimination of cyber-attack scenario tests. The prototype successfully integrated a virtualized test environment used to simulate an adversary network and the enhanced MAST capability to demonstrate the viability of a cyber-attack scenario development platform to address the needs of modern offensive cyber operations. Based on these results, we recommend continued development of MAST with the intent to ultimately deploy to Department of Defense cyber operations teams.