Abstract
OSIRIS, Organization Simulation In Response to Intrusion Strategies, is an agent-based simulation framework that models virtual organization composed of end user agents with complex and realistic behavior patterns. The purpose of OSIRIS is to predict and analyze the scale of cyberattack damage on the organization once targeted by cybercriminals with a consideration of organization members’ properties, behavior patterns, and social relations. In this paper, we detail how we reflect real world organization environments and cyberattack scenarios to OSIRIS by illustrating our organization and cybercriminal design.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Blythe, J., et al.: Testing cyber security with simulated humans. In: Twenty-Third IAAI Conference (2011)
Carley, K.M.: Organizational adaptation. Annal. Oper. Res. 75, 25–47 (1997)
Carley, K.M., et al.: BioWar: scalable agent-based model of bioattacks. IEEE Trans. Syst. Man Cybern.-Part A: Syst. Hum. 36(2), 252–265 (2006)
Dobson, Geoffrey B.., Carley, Kathleen M..: Cyber-FIT: an agent-based modelling approach to simulating cyber warfare. In: Lee, Dongwon, Lin, Yu.-Ru., Osgood, Nathaniel, Thomson, Robert (eds.) SBP-BRiMS 2017. LNCS, vol. 10354, pp. 139–148. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60240-0_18
Dobson, G.B., Rege, A., Carley, K.M.: Informing active cyber defence with realistic adversarial behaviour. J. Inf. Warfare 17(2), 16–31 (2018)
Dobson, Geoffrey B.., Carley, Kathleen M..: A computational model of cyber situational awareness. In: Thomson, Robert, Dancy, Christopher, Hyder, Ayaz, Bisgin, Halil (eds.) SBP-BRiMS 2018. LNCS, vol. 10899, pp. 395–400. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93372-6_43
Flouton, M.: Threat Spotlight: Post-Delivery Email Threats. Journey Notes, 21 October 2021. https://blog.barracuda.com/2021/06/02/threat-spotlight-post-delivery-email-threats/. threat-spotlight-post-delivery-email-threats
IBM: IBM security services 2014 cyber security intelligence index (2014)
Korea Internet & Security Agency (KISA): TTP #2 Analysis of the Bookcodes RAT C2 framework starting with spear phishing (2020). https://www.boho.or.kr/krcert/publicationList.do
Korea Internet & Security Agency (KISA): TTP #4 Phishing Target Reconnaissance and Attack Resource Analysis (2021). https://www.boho.or.kr/krcert/publicationList.do
Kotenko, I.: Multi-agent modelling and simulation of cyber-attacks and cyberdefense for homeland security. In: 2007 4th IEEE Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications. IEEE (2007)
Krebs, B.: A Closer Look: Email-Based Malware Attacks. Krebs Secur., 21 June 2012. krebsonsecurity.com/2012/06/a-closer-look-recent-email-based-malware-attacks/
Morgan, S.: Cybercrime to Cost the World \$10.5 Trillion Annually by 2025. Cybercrime Mag., 27 April 2021. https://cybersecurityventures.com/cybercrime-damage-costs-10-trillion-by-2025/
Rizzoni, F., Magalini, S., Casaroli, A., Mari, P., Dixon, M., Coventry, L.: Phishing simulation exercise in a large hospital: a case study. Digital Health 8, 20552076221081716 (2022)
Schultz, E.E.: A framework for understanding and predicting insider attacks. Comput. Secur. 21(6), 526–531 (2002)
Strom, B.E., Applebaum, A., Miller, DP., Nickels, K.C., Pennington, A.G., Thomas, C.B.: Mitre att &ck: Design and philosophy. Technical report (2018)
Vernon-Bido, D., Padilla, J.J., Diallo, S.Y., Kavak, H., Gore, R.J.: Towards modeling factors that enable an attacker. In: SummerSim, p. 46 (2016)
Widup, S., Hylender, D., Bassett, G., Langlois, P., Pinto, A.: Verizon data breach investigations report (2020)
Wilensky, U.: NetLogo (1999). http://ccl.northwestern.edu/netlogo/. Center for Connected Learning and Computer-Based Modeling, Northwestern University, Evanston, IL
Acknowledgement
The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This research was supported in part by the Minerva Research Initiative under Grant #N00014-21-1-4012, and by the center for Computational Analysis of Social and Organizational Systems (CASOS) at Carnegie Mellon University. The views and conclusions are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Office of Naval Research or the US Government.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Shin, J., Dobson, G.B., Carley, K.M., Carley, L.R. (2022). OSIRIS: Organization Simulation in Response to Intrusion Strategies. In: Thomson, R., Dancy, C., Pyke, A. (eds) Social, Cultural, and Behavioral Modeling. SBP-BRiMS 2022. Lecture Notes in Computer Science, vol 13558. Springer, Cham. https://doi.org/10.1007/978-3-031-17114-7_13
Download citation
DOI: https://doi.org/10.1007/978-3-031-17114-7_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-17113-0
Online ISBN: 978-3-031-17114-7
eBook Packages: Computer ScienceComputer Science (R0)