skip to main content
10.1145/3299815.3314435acmconferencesArticle/Chapter ViewAbstractPublication Pagesacm-seConference Proceedingsconference-collections
research-article

Component-based Implementation of Cyberattack Simulation Models

Published: 18 April 2019 Publication History

Abstract

One of the fundamental concepts of software engineering today is reusability. The capability to reuse selected components and assemble them in such way to satisfy specific user requirements is a challenge that is also faced by the simulation and modeling community. Although the primary interest is in the ability to combine and recombine components, there is also a problem on locating and selecting the components that will best fit the requirements. The component selection process has been proven to be NP-complete. This research focuses on the identification of components specific to Petri Nets with Players, Strategies, and Cost (PNPSC) which are used to model cyberattack patterns. PNPSC models are briefly described and a process of determining their basic components is presented. Such initial decomposition requires the previous knowledge of the intended granularity, level of functionality of the component. This study proposes the granularity at two levels: fine-grain, when a component is defined by a section of an existing PNPSC pattern or coarse-grain, when the component is an existent full PNPSC pattern. Formal specification of the definition of the components, selection and the process of combining them in a new model are defined and a set of examples demonstrates its applicability to cyberattack simulation models.

References

[1]
S. Barnum and A. Sethi, "Attack Patterns as a Knowledge Resource for Building Secure Software," in OMG Software Assurance Workshop: Cigital 2007.
[2]
S. Clarke, "Extending Standard UML with Model Composition Semantics," in Science of Computer Programming, vol. 44, no.1, pp. 71--100.
[3]
M. P. Fanti, M. Nolich, S. Simic, and W. Ukovich, "Modeling Cyber Attacks by Stochastic Games and Timed Petri Nets," in IEEE International Conference on Systems, Man, and Cybernetics. Budapest, Hungary, 2016.
[4]
Y. Z. He and M. Zhu, "A Complete and Efficient Strategy Based on Petri Net in Automated Trust Negotiation," in 2nd International ICST Conference on Scalable Information Systems. Suzhou, China, 2007.
[5]
B. Jasiul, M. Szpyrka, and J. Sliwa, "Detection and Modeling of Cyber Attacks with Petri Nets," in Entropy, vol. 16, pp. 6602--6623, 2014.
[6]
Y. I. Khan, E. Al-Shaer, and R. Usman, "Cyber Resilience-by-Construction: Modeling, Measuring & Verifying," in Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense. Denver, Colorado. October 2015.
[7]
I. Kotenko and E. Doynikova, "The CAPEC Based Generator of Attack Scenarios for Network Security Evaluation," in the 8th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications. Warsaw, Poland, pp. 436--441. September 2015.
[8]
K. P. Mayfield, M. D. Petty, T. S. Whitaker, J. A. Bland, and W. A. Cantrell, "An Extended Petri Net Formalism for Modeling Cyberattacks," in Proceedings of the 2018 AlaSim International Conference and Exposition. Huntsville, AL. May 2018.
[9]
K. P. Mayfield, M. D. Petty, T. S. Whitaker, and J. A. Bland, "Composition of Cyberattack Models", in Proceedings of the 31st International Conference on Computer Applications in Industry and Engineering, New Orleans, LA, pp. 3--8, October 2018.
[10]
MITRE. (n.d.). CAPEC - Common Attack Pattern Enumeration and Classification (CAPEC). https://capec.mitre.org.
[11]
D. L. Parnas, "On the Criteria to be Used in Decomposing Systems into Modules," in Communications of the ACM, vol. 15, no. 12, pp. 1053--1058. December 1972.
[12]
M. D. Petty, T. S. Whitaker, J. A. Bland, W. A. Cantrell, and K. P. Mayfield, "Modeling Cyberattacks with Petri Nets: Research Program Overview and Status Report", in Proceedings of the 2017 AlaSim International Conference and Exposition, Huntsville, AL. October 2017.
[13]
A. N. Zakrzewska and E. M. Ferragut, "Modeling Cyber Conflicts Using an Extended Petri Net Formalism," IEEE Symposium on Computational Intelligence in Cyber Security, pp. 60--67. Paris, France, 2011.
[14]
D. A. Zaitsev, "Decomposition of Petri Nets," Cybernetics and Systems Analysis, vol. 40, no. 5, pp. 739--746. 2004.

Cited By

View all
  • (2023)Impact of computer users on cyber defense strategiesSystems Engineering10.1002/sys.2173727:3(532-555)Online publication date: 28-Nov-2023
  • (2022)Modeling cyberattacks with extended Petri netsProceedings of the 2022 ACM Southeast Conference10.1145/3476883.3520209(67-73)Online publication date: 18-Apr-2022
  • (2022)Impact of the computer system user when creating cyber defense strategiesProceedings of the 2022 ACM Southeast Conference10.1145/3476883.3520208(74-81)Online publication date: 18-Apr-2022
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ACMSE '19: Proceedings of the 2019 ACM Southeast Conference
April 2019
295 pages
ISBN:9781450362511
DOI:10.1145/3299815
  • Conference Chair:
  • Dan Lo,
  • Program Chair:
  • Donghyun Kim,
  • Publications Chair:
  • Eric Gamess
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 April 2019

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Components
  2. Cyberattacks
  3. Modeling
  4. Petri Nets

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

ACM SE '19
Sponsor:
ACM SE '19: 2019 ACM Southeast Conference
April 18 - 20, 2019
GA, Kennesaw, USA

Acceptance Rates

Overall Acceptance Rate 402 of 779 submissions, 52%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)10
  • Downloads (Last 6 weeks)4
Reflects downloads up to 15 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2023)Impact of computer users on cyber defense strategiesSystems Engineering10.1002/sys.2173727:3(532-555)Online publication date: 28-Nov-2023
  • (2022)Modeling cyberattacks with extended Petri netsProceedings of the 2022 ACM Southeast Conference10.1145/3476883.3520209(67-73)Online publication date: 18-Apr-2022
  • (2022)Impact of the computer system user when creating cyber defense strategiesProceedings of the 2022 ACM Southeast Conference10.1145/3476883.3520208(74-81)Online publication date: 18-Apr-2022
  • (2019)Machine Learning Cyberattack Strategies with Petri Nets with Players, Strategies, and CostsNational Cyber Summit (NCS) Research Track10.1007/978-3-030-31239-8_18(232-247)Online publication date: 25-Sep-2019

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media