Modeling and Simulating Cyberattacks with Dynamic Graphs

QC 20251219

Abstract

This dissertation presents a formalism for exploring two fundamental, yet underrepresented, cyberattack dynamics. Namely, how adversary actions drive the emergence of cyberattacks and how adversaries manipulate dynamic system structures, such as by creating and destroying objects. The formalism in question is encapsulated in the Dynamic Meta Attack Language (DynaMAL), a meta-level formalism for modeling and simulating cyberattacks with dynamic graphs. DynaMAL has been designed and developed in accordance with the design science research framework across four studies. The first study introduces an attack graph construction language for assessing cloud architectures and identifies the central problem of representing attacks in which adversaries manipulate dynamic system structures. The second study is a systematic literature review of cyberattack simulations that identifies key simulation concepts used in later stages of the design process. Building on the two initial studies, the third study establishes the cyberattack modeling foundations of DynaMAL, comprising a dynamic graph system, a multi-layered graph model, a lazy graph generation strategy, and the DynaMAL grammar. Finally, the fourth study develops the corresponding discrete-event simulation process for DynaMAL. The resulting capabilities are evaluated through a first simulation experiment that uses three cloud penetration testing scenarios that rely on dynamically creating and destroying resources. The scenarios are then solved automatically with near-optimal results by combining two search and optimization algorithms.

urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-374603