AI-assisted Cyber Security Exercise Content Generation: Modeling a Cyber Conflict

被引:0
作者
Zacharis, Alexandros [1 ]
Gavrila, Razvan [1 ]
Patsakis, Constantinos [2 ]
Ikonomou, Demosthenes [1 ]
机构
[1] European Union Agcy Cyber Secur, Athens, Greece
[2] Univ Piraeus, Dept Informat, Piraeus, Greece
来源
2023 15TH INTERNATIONAL CONFERENCE ON CYBER CONFLICT, CYCON | 2023年
关键词
cyber conflict; cyber awareness; cyber exercises scenario; artificial intelligence; machine learning; named-entity recognition; GAME;
D O I
10.23919/CYCON58705.2023.10181930
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
A cyber conflict can be defined as a cyberattack or a series of attacks that target the critical functions of a country. Such attacks can potentially wreak havoc on government and civilian infrastructure and disrupt critical systems, resulting in damage to the state and even loss of life. National bodies are usually expected to run cyber crisis exercises to prevent such attacks and prepare for their impact. Developing risk scenarios that are both relevant and up to date with the current threat landscape is a critical element in the success of any cyber exercise, especially a cyber conflict scenario. Our work explores the results of applying machine learning to unstructured information sources to generate structured cyber exercise content in preparation for or during a destructive cyber conflict. We collected a dataset of publicly available cyber security articles and used them to assess future threats and as a skeleton for new exercise scenarios. We utilize named-entity recognition to structure the information based on a novel ontology. With the help of graph comparison methodologies, we match the generated scenarios to known threat actors' tactics, techniques, and procedures and enrich the final scenario accordingly, with the help of synthetic text generators following our novel artificial-intelligence-assisted cyber exercise framework (AiCEF). Our framework has been evaluated on its efficiency and speed and can produce structured cyber exercise scenarios in real time, provided with incident descriptions in raw text format or a set of keywords. By deep diving into a pool of pre-tagged incidents, AiCEF can build exercise content from scratch, assisting inexperienced exercise planners in generating a scenario quicker and achieving a level of quality similar to an experienced planner or subject matter expert. We have assessed our methodology for relevance and preparedness by applying it to a real cyber conflict use case to model two categories of crisis management exercise scenarios: pre-conflict and post-conflict initiation. Thus, we assess whether the generated scenarios match the attack trends and the news feeds that were not used in training the AiCEF and prove that we can provide targeted and customized awareness of upcoming incidents.
引用
收藏
页码:217 / 238
页数:22
相关论文
共 48 条
[1]  
Adams W.J., 2009, 2 WORKSHOP CYBER SEC
[2]  
[Anonymous], 2013, ISO223982013
[3]  
[Anonymous], 2007, 2007 40 ANN HAWAII I
[4]  
Augustine T., 2006, P 10 C INFORM SYSTEM
[5]  
Berg H, 2016, INT SPR SEM ELECT TE, P1, DOI 10.1109/ISSE.2016.7562870
[6]  
Chou Yu-kai, 2019, Actionable gamification: Beyond points, badges, and leaderboards.
[7]   A video game for cyber security training and awareness [J].
Cone, Benjamin D. ;
Irvine, Cynthia E. ;
Thompson, Michael F. ;
Nguyen, Thuy D. .
COMPUTERS & SECURITY, 2007, 26 (01) :63-72
[8]  
Conklin A., 2006, P 39 ANN HAWAII INT, p220b
[9]  
Conklin A., 2005, Proceedings of the 2Nd Annual Conference on Information Security Curriculum Development, P16
[10]   Organized cyber defense competitions [J].
Dodge, RC ;
Ragsdale, DJ .
IEEE INTERNATIONAL CONFERENCE ON ADVANCED LEARNING TECHNOLOGIES, PROCEEDINGS, 2004, :768-770