The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

System Events and Network Traffic Generation for Realistic Cyber Experimentation

Principal Investigator: Berkay Celik

Virtual testbeds are critical to understanding threats to computer systems and evaluating potential defenses. They are used to construct experimentation in a controlled environment that requires recreating attack scenarios to reason about the nature of attacks more precisely. While such scenarios hold significance for the community, lack of semantically rich reconstructions of real-world attack scenarios undermines realism, and could potentially lead to overly optimistic conclusions, and defenses ineffective in practice. In this work, we focus on developing tools to generate application and network layer semantics that provides a basis for prudent modeling of benign and malicious actors. We design and implement attacks on single and multiple hosts that exploit different vulnerabilities through their APT campaigns reports into the SOL4CE platform. Such attacks enable us to emulate realistic attack behaviors present activities in system events and network traffic. The developed tools are used to emulate users that encompass computational models of human behavior during attack execution. Accomplishing this task demonstrates the efficacy and breadth of our methods in identifying the artifacts after blending legitimate traces with attack traces, such as system logs and explicit information flows including network communication. Our proposed project helps improve the ability of the SOL4CE platform in threat modeling. Through this effort, we provide SOL4CE platform users a means of executing attack scenarios feasible for realistic deployments and identifying potential threats with system and network data on the end hosts. Overall, the outcome of this effort fosters attack scenario designs and stymie realistic cyber experimentation.