Networks have become a critical background for military operations as adversaries and hackers become increasingly prolific and proficient at cyber warfare. Despite this, cyber training has remained focused on large-scale exercise that can be expensive and time-consuming, and ultimately too infrequent. A key element that drives this decision is the need for human experts to control adversary cyber operations forces (OPFOR). These experts can be difficult to obtain, and, when available, the goal is often to leverage their time to the greatest extent possible, driving these complex events.
This paper describes ongoing work to develop an automated cyber adversary framework that enables the insertion of dynamic adversary behaviors into a live training environment, alongside tools for instructors and red cell operators to understand and customize the training experience provided by the automated adversary. Our solution combines: (1) an adaptive adversary framework that uses reactive behavior modeling to provide realistic, dynamic, and customized adversary behavior for meeting training objectives; (2) a cyber execution engine that integrates adversary agents with tools in the network environment, translating high-level adversary activities into appropriate low-level attack actions; and (3) an instruction support suite that provides tools for configuring, tracking, adjusting, and revising adversary behaviors to provide effective training. To enable rapid application across a wide range of adversaries, we have developed a behavioral template that can be adapted to include different types of attack tools, methods, and tactics. We will describe and demonstrate our application of this template and framework to model several advanced persistent threats identified in MITRE’s ATT&CK framework. Future work is focusing on extending this framework to support a wider range of adversaries and adversary tactics, and integrating this evolving training environments such as the DoD’s persistent cyber training environment (PCTE).
Keywords
AGENT-BASED SIMULATION, BEHAVIOR MODELING, COMPUTER GENERATED FORCES, CYBER, SYNTHETIC
Additional Keywords