Modeling & Simulation of Cyber Attacks using Agent-Based Approach

Abstract

In today’s digital world, cyber security plays a vital part in every organization having IT infrastructure. Offensive and defensive strategy have always struggling against each other. Regular efforts are required to improve security of already deployed system. The present techniques of vulnerability assessment and penetration testing are time taking, costly and risky as there exist trust issues because we cannot fully trust on the intensions of security testers. Exploitation attempts while VAPT process may disrupt the running system or in rare cases the system may crash or a security tester can inject the malware in critical systems of the organization. Most of the organization cannot move towards the exploitation phase due to the presence of the critical data on the systems. In order to avoid potential damage to functional system as a result of running self-initiated attacks, we have proposed a solution using agent based modeling and simulation to perform security testing of IT Infrastructure. The proposed solution requires exact replica of existing network & systems in the virtualization of PCs and emulation of networking devices. On top of the virtual layer, agent based model is built and the model is simulated in a risk-free and controlled environment. The simulation of agent can take decisions to automate existing practices of human based vulnerability assessment & penetration testing. Here we have presented an open-ended framework and a sample setup to verify the effectiveness of the proposed solution. It allows system engineers to create a virtual replica of an IT infrastructure and perform cyber-attacks against detected vulnerabilities to analyze its security resilience. It is comprised of three layers including virtualization layer, network layer and agent based modeling layer. In order to demonstrate the functionality of our proposed framework we present a case study of a small organization. Our solution is modular in nature and can accommodate all types of emulated network devices. The simulation presents the degree of Exploitation on functional computer system without damaging the actual system in place, as a result, this open-ended framework may further be enhanced by integrating with vulnerability assessment tools as proposed in this research