Research Article
Simulating cyber-attacks for fun and profit
@INPROCEEDINGS{10.4108/ICST.SIMUTOOLS2009.5773, author={Ariel Futoransky and Fernando Miranda and Jos\^{e} Orlicki and Carlos Sarraute}, title={Simulating cyber-attacks for fun and profit}, proceedings={2nd International ICST Conference on Simulation Tools and Techniques}, publisher={ICST}, proceedings_a={SIMUTOOLS}, year={2010}, month={5}, keywords={network security network simulation penetration test vul- nerability exploit 0-day cyber-attack training}, doi={10.4108/ICST.SIMUTOOLS2009.5773} }- Ariel Futoransky
Fernando Miranda
José Orlicki
Carlos Sarraute
Year: 2010
Simulating cyber-attacks for fun and profit
SIMUTOOLS
ICST
DOI: 10.4108/ICST.SIMUTOOLS2009.5773
Abstract
We introduce a new simulation platform called Insight, created to design and simulate cyber-attacks against large arbitrary target scenarios. Insight has surprisingly low hardware and configuration requirements, while making the simulation a realistic experience from the attacker's standpoint. The scenarios include a crowd of simulated actors: network devices, hardware devices, software applications, protocols, users, etc.
A novel characteristic of this tool is to simulate vulnerabilities (including 0-days) and exploits, allowing an attacker to compromise machines and use them as pivoting stones to continue the attack. A user can test and modify complex scenarios, with several interconnected networks, where the attacker has no initial connectivity with the objective of the attack.
We give a concise description of this new technology, and its possible uses in the security research field, such as pen-testing training, study of the impact of 0-days vulnerabilities, evaluation of security countermeasures, and risk assessment tool.