Defining security primitives for eliciting flexible attack scenarios through CAPEC analysis

Abstract

Cyber-security refers to all approaches to protect cyberspace against cyber-attacks. In order to identify vulnerabilities and develop countermeasures against cyber-attacks, we should be able to reenact both cyber-attacks and defenses. Simulations can be useful for the reenactment by overcoming its limitations including high risk and cost. However, it is difficult to model a variety cyber-attacks making use of pre-developed simulation models, because there is a lack of theoretical basis for modeling cyber-security simulations. In addition, because most simulation models are developed according to their own simulation purposes, it is very difficult to use them as primitives for modeling of new behaviors of cyber-attacks. In this paper, we propose a method for defining behavior primitives for developing flexible attack scenarios by combining the primitives considering flows of cyber-attacks and defenses. We also develop the scenario as simulation models and the models can be executed on the discrete event simulation system. To elicit a new scenario all modeler need to do is to choose primitives from pools and combine them considering simulation purposes and security issues. To extract the possible primitive behaviors, we have analyzed and abstracted all attack patterns of CAPEC (Common Attack Pattern Enumeration and Classification) database.