Advertisement

A Framework to Create a Virtual Cyber Battlefield for Cyber Maneuvers and Impact Assessment

  • Mohammad ShakibazadEmail author
Research Paper
  • 24 Downloads

Abstract

One of the best ways to recognize cyber threats is to perform cyber maneuvers. Performing cyber maneuvers in the operating environment has many challenges. The proposed approach is to perform cyber maneuvers and security analyses on a virtual environment that is quite similar to the physical environment. This challenge has been solved by modeling and simulating cyber battlefield. In this model, by gathering detailed data of cyberspace elements including knowledge repository of vulnerability, tangible and intangible elements of cyberspace and the relationships between them, cyber maneuvers, penetration testing, cyber-attacks injection, attack tracking, visualization, cyber-attacks impact assessment and risk assessment can be provided and executed. This research provides a model and tool for identifying the risks in the network and helping to prioritize actions to eliminate threats. For evaluation, the results were compared with the output of the security tools of the Iran fuel smart card project system and the results were reviewed in the focus group.

Keywords

Computer security Cyber space simulator Cyber maneuver Cyber battlefield 

References

  1. Ashtiani M, Abdollahi Azgomi M (2014) A distributed simulation framework for modelling cyber attacks and the evaluation of security measures. Simulation 90:1071–1102CrossRefGoogle Scholar
  2. Bazargan A (2010) an introduction to the qualitative and mixed methods research approaches used in behavioral science. Didar, TehranGoogle Scholar
  3. Bertoglio DD, Zorzo AF (2017) Overview and open issues on penetration test. Journal of the Brazilian Computer Society 23:2CrossRefGoogle Scholar
  4. Cheikes BA, Waltermire D, Scarfone K (2011) Common platform enumeration (CPE): Naming specification version 2.3 NIST Interagency Report 7695, NIST-IR 7695Google Scholar
  5. Endsley MR (1995) Toward a theory of situation awareness in dynamic systems. Hum Factors 37:32–64CrossRefGoogle Scholar
  6. Kholidy HA, Erradi A (2015) A cost-aware model for risk mitigation in cloud computing systems. In: 2015 IEEE/ACS 12th international conference of computer systems and applications (AICCSA), 17–20 Nov. 2015. IEEE, pp 1–7.  https://doi.org/10.1109/aiccsa.2015.7507111
  7. Kholidy HA, Erradi A, Abdelwahed S, Baiardi F (2016) A risk mitigation approach for autonomous cloud intrusion response system. Computing 98:1111–1135MathSciNetCrossRefGoogle Scholar
  8. Kotenko I, Chechulin A (2013) A cyber attack modelling and impact assessment framework. In: 5th International conference on cyber conflict, Tallinn, Estonia, April 2013. NATO CCD COE, pp 1–24Google Scholar
  9. Kott A, Wang C, Erbacher RF (2015) Cyber defence and situational awareness, vol 62. Springer, New York.  https://doi.org/10.1007/978-3-319-11391-3 Google Scholar
  10. Lippmann RP, Ingols KW (2005) An annotated review of past papers on attack graphs. Massachusetts Inst of Tech Lexington Lincoln Lab, USACrossRefGoogle Scholar
  11. Mavroeidis V, Bromander S (2017) Cyber threat intelligence model: an evaluation of taxonomies, sharing standards, and ontologies within cyber threat intelligence. In: European intelligence and security informatics conference, Karlskrona, Sweden, 11–13 Sept. 2017, pp 91–98.  https://doi.org/10.1109/eisic.2017.20
  12. Meshkini A, Habibi K, Alizadeh H (2013) Using fuzzy logic and GIS tools for seismic vulnerability of old fabric in Iranian cities (Case study: Zanjan city). J Intell Fuzzy Syst 25:965–975Google Scholar
  13. Moskal S, Wheeler B, Kreider D, Kuhl ME, Yang SJ (2014) Context model fusion for multistage network attack simulation. In: Military communications conference, New York, USA. IEEE, pp 158–163.  https://doi.org/10.1109/milcom.2014.32
  14. Nguyen PH, Ali S, Yue T (2017) Model-based security engineering for cyber-physical systems: a systematic mapping study. Inf Softw Technol 83:116–135CrossRefGoogle Scholar
  15. Phillips C, Swiler LP (1998) A graph-based system for network-vulnerability analysis. In: Proceedings of the 1998 workshop on new security paradigms. ACM, pp 71–79Google Scholar
  16. Qamar S, Anwar Z, Rahman MA, Al-Shaer E, Chu B-T (2017) Data-driven analytics for cyber-threat intelligence and information sharing. Comput Secur 67:35–58.  https://doi.org/10.1016/j.cose.2017.02.005 CrossRefGoogle Scholar
  17. Rezvani M, Sekulic V, Ignjatovic A, Bertino E, Jha S (2015) Interdependent security risk analysis of hosts and flows. IEEE Trans Inf Forensics Secur 10:2325–2339.  https://doi.org/10.1109/TIFS.2015.2455414 CrossRefGoogle Scholar
  18. Rodríguez RJ, Garcia-Escartin JC (2017) Security assessment of the Spanish contactless identity card Iet. IET Inf Secur 11:386–393CrossRefGoogle Scholar
  19. Shakibazad M, Rashidi AJ (2017) A framework to achieve dynamic model of cyber battlefield. Bull Soc R Sci Liège 86:474–483Google Scholar
  20. Tounsi W, Rais H (2018) A survey on technical threat intelligence in the age of sophisticated cyber attacks. Comput Secur 72:212–233.  https://doi.org/10.1016/j.cose.2017.09.001 CrossRefGoogle Scholar
  21. Vidalis S, Jones A (2003) Using vulnerability trees for decision making in threat assessment. DL, Wales, UKGoogle Scholar
  22. Visions C (2012) United States air force cyberspace science and technology vision 2012–2025. ST TR 12-01, USAGoogle Scholar
  23. Wheeler BF (2014) A computer network model for the evaluation of moving target network defence mechanisms. Rochester Institute of Technology, RochesterGoogle Scholar
  24. Whitaker A, Newman DP (2005) Penetration testing and network defense. Cisco Press, IndianapolisGoogle Scholar
  25. Yang SJ, Holsopple J, Liu D (2009) Elements of impact assessment: a case study with cyber attacks. In: SPIE defense, security, and sensing international society for optics and photonics, p 73520DGoogle Scholar

Copyright information

© Shiraz University 2019

Authors and Affiliations

  1. 1.Malek-Ashtar University of TechnologyTehranIran
  2. 2.NIOPDCTehranIran

Personalised recommendations