Developing Simulated Cyber-Attack Scenarios Against Virtualized Adversary Networks

Cyberspace is recognized as a critical domain in modern warfare. The ability of military forces to maintain and secure their own operational networks, while simultaneously degrading or denying the ability of adversaries to operate their networks, is a critical strategic objective for military planners and leaders. Conducting effective offensive cyber operations (OCO) against sophisticated adversary networks requires the ability to develop, test, and rehearse cyber-attack actions before they are employed operationally. This requirement is well understood and practiced in the physical warfare domains, where ships, aircraft and tanks can exercise their capabilities against physical targets; it is not, however, well refined in the cyber domain. This research introduces a framework to address this need, and demonstrates a prototype for cyber-attack scenario development and rehearsal in a virtual network environment. By extending the earlier work of the Naval Postgraduate School's Malicious Activity Simulation Tool (MAST), a distributed client-server based software tool designed to launch inert malware attacks on live networks, we were able to demonstrate cyber-attack scenarios based on temporal specificity and target discrimination as attack parameters. Our prototype accurately models an adversary network in a virtual environment, providing the ability to develop cyber-attack actions to achieve specific cyber effects against hosts on the intended target network. The architecture allows cyber forces to rehearse specific cyber actions prior to launching a cyber-attack, in order to provide a more accurate assessment of the efficacy of these actions against a realistic model of the target network. This framework allows military forces to better train and prepare for cyber operations to help achieve cyber superiority in modern warfare.