IEEE Access (Jan 2024)

Design and Evaluation of Advanced Persistent Threat Scenarios for Cyber Ranges

  • Tore Bierwirth,
  • Stefan Pfutzner,
  • Matthias Schopp,
  • Christoph Steininger

DOI
https://doi.org/10.1109/ACCESS.2024.3402744
Journal volume & issue
Vol. 12
pp. 72458 – 72472

Abstract

Read online

Both criminals and state actors are using the cyberspace to pursue their interests, including obtaining information, sabotaging networks, and disseminating disinformation. Advanced Persistent Threats (APTs) are state and non-state threat actors with high levels of expertise, target knowledge, and available financial and material resources. To effectively counter APT campaigns, it is necessary to have a deep understanding of the methods used by threat actors. Cyber Ranges provide a realistic training environment to develop and train the skills needed to respond to future attacks. However, this requires the ability to simulate APT attacks in a Cyber Range in an automated manner. This article presents an approach to implementing APT scenarios in fully virtualized Cyber Ranges. To achieve this, we extended a theoretical model to enable the formalized representation of APT attacks. Based on this model, we developed a concept for the technical implementation resulting in a framework for an automated simulation of APT attacks in Cyber Ranges. We evaluated both by formalizing two different real-world APT scenarios and implementing an abstract one.

Keywords