Modeling and Simulation of Cyber Battlefield

Document Type: Research Paper

Authors

1 Associate Professor of electrical engineering, Malek-Ashtar University of Technology, Tehran, Iran.

2 Ph.D. Candidate of Information Technology Management, Malek Ashtar University of Technology, Tehran, Iran

Abstract

In order to protect cyberspace against cyber-attacks we need cyber situation awareness framework for the implementation of our cyber maneuvers. This article allows execution cyber maneuvers with dynamic cyber battlefield simulator. Cyber battlefield contains essential information for the detection of cyber events, therefore, it can be considered most important and complicated factor in the high-level fusion. Cyber battlefield by gather detail data of cyberspace elements, including knowledge repository of vulnerability, tangible and intangible elements of cyberspace and the relationships between them, can provide and execute cyber maneuvers, penetration testing, cyber-attacks injection, attack tracking, visualization, cyber-attacks impact assessment and risk assessment. The dynamic maker Engine in simulator is designed to update the knowledge base of vulnerabilities, change the topology elements, and change the access list, services, hosts and users. Evaluation of simulator do with qualitative method of research and with create a focus group.

Keywords

Main Subjects


حاج ملک، م.، توکلی، ا. (1395). ارزیابی سطح امنیت در تجارت الکترونیک با استفاده از آنتروپی شانون و تئوری دمپسترشافر. مدیریت فناوری اطلاعات، 7(1)، 100-77.
ونکی، م.، تقوا، م.، تقوی فرد، س.، فیضی، ک. (1396). مدل پیاده‎سازی مدیریت امنیت فناوری اطلاعات در صنعت بانکداری ایران. مدیریت فناوری اطلاعات، 9(2)، 404- 379.
عرب‎سرخی میشابی، ا.، موسی خانی، م. و مانیان، ا. (1395). ارائۀ مدلی مرجع برای تبیین الزامات امنیتی در حوزۀ یادگیری الکترونیکی از نگاه ذی­نفعان مختلف. مدیریت فناوری اطلاعات، 8(1)، 154- 141.
موسوی، پ.، یوسفی زنوز، ی. و حسن‎پور، ا. (1394). شناسایی ریسک­های امنیت اطلاعات سازمانی با استفاده از روش دلفی فازی در صنعت بانکداری. مدیریت فناوری اطلاعات، 7(1)، 184-163.
اسفندیارپور، ر. و اکبری، م. (1395). شناسایی الگوهای ذهنی کارمندان در خصوص سیاست­های امنیت اطلاعات. مدیریت فناوری اطلاعات، 8(2)، 230- 215.
بازرگان، ع. (۱۳۹۵). مقدمهای بر روشهای تحقیق کیفی و آمیخته: رویکردهای متداول در علوم رفتاری (چاپ سوم). تهران، نشر دیدار.
لطفیان، س. (1376)، استراتژی و روشهای برنامهریزی استراتژیک، تهران، وزارت امور خارجه ـ علوم سیاسی.
Ashtiani, M. & Abdollahi Azgomi M. (2014). A Distributed Simulation Framework for Modeling Cyber Attacks and the Evaluation of Security Measures. Simulation: Transactions of the Society for Modeling and Simulation International, 90(9), 1071-1102.
Bazargan, A. (2010). An introduction to the qualitative and mixed methods research approaches used in behavioral science. Didar publication, Tehran.
(in Persian)
Endsley, Mica R. (1995). Toward a theory of situation awareness in dynamic systems. Human Factors Journal, 37(1), 32–64.
Esfandiarpour, R. & Akbari, M. (2016). Identify employee mindset patterns about information security policies. Journal of Information Technology Management, 8(2), 215-230. (in Persian)
Habibi, A., Alizadeh, K. & Meshkini, H. (2013). Using fuzzy logic and GIS tools for seismic vulnerability of old fabric in Iranian cities (Case study: Zanjan city), Journal of Intelligent & Fuzzy Systems, 25(4), 965-975.
Holsopple, J., Sudit, M. & Yang, S. (2015). Cyber Defense and Situational Awareness. in Springer, USA.
Haj Malek, M. & Tavakoli, A. (2016). Evaluating the level of security in e-commerce using Shannon entropy and Shafer's Dempester theory. Journal of Information Technology Management, 8(1), 77-100. (in Persian)
Kotenko, I. & Chechulin, A. (2013, June). A cyber attack modeling and impact assessment framework. In Cyber Conflict (CyCon), 2013 5th International Conference on (pp. 1-24). IEEE.
Lippmann, R. P. & Ingols, K. W. (2005). An annotated review of past papers on attack graphs (No. PR-IA-1). Massachusetts inst of tech lexington lincoln lab.
Lotfian, S. (1997). Strategy & Strategic Planning. Ministry of Foreign Affairs, political science.  (in Persian)
Moskal, S., Wheeler, B., Kreider, D., Kuhl, M. E. & Yang, S. J. (2014, October). Context model fusion for multistage network attack simulation. InMilitary Communications Conference (MILCOM), 2014 IEEE (pp. 158-163). IEEE.
Mousavi, P., Yousefi Zenuz, R. & Hasanpour, A. (2015). Identifying Information Security Risks Using the Fuzzy Delphi Method in the Banking Industry. Journal of Information Technology Management, 7(1), 163-184. (in Persian)
Nguyen, P. H., Ali, S. & Yue, T. (2016). Model-based security engineering for cyber-physical systems: A systematic mapping study. Information and Software Technology, 83, 116-135.
Phillips, C. & Swiler, L. P. A. (1998). graph-based system for network vulnerability analysis system. in In Proceedings of the 1998 workshop for new security paradigms, New York.
Arab Sorkhi Mishabi, A., Mousa Khani, M. & Manian, A. (2016). Provides a reference model for security requirements in the field of e-learning from the perspective of different stakeholders. Journal of Information Technology Management, 8(1), 141-154. (in Persian)
Schneier, B. (1999). Attack trees. Dr. Dobb’s journal, 24(12), 21-29.
Shakibazad, M. & Rashidi, A. (2017). A framework to achieve dynamic model of cyber battlefield. in Bulletin de la Société Royale des Sciences de Liège, 86,  474 – 483.
T. N. S. Inc. (2017). The Nessus Vulnerability Network Scanner. Available in: http://www.tenable.com/products/nessus-vulnerability-scanner. [Online]
United States Air Force. (2012). United States Air Force Cyber Vision 2025. United States Air Force, Washington.
Vanaki, M., Taghva, M., Taghavi Fard, S. & Feizi, K. (2017). IT Security Management Implementation Model in Iranian Bank Industry. Journal of Information Technology Management, 9(2), 379-404. (in Persian)
Vidalis, S. & Jones, A. (2003). Using vulnerability trees for decision making in threat assessment. in ECIW Proceedings of the 2nd European Conference on Information Warfare and Security, UK, p. 329.
Wheeler, B. F. (2014). A Computer Network Model for the Evaluation of Moving Target Network Defense Mechanisms. Thesis, Rochester Institute of Technology.
Yang, S. J., Holsopple, J. & Liu, D. (2009, May). Elements of impact assessment: a case study with cyber attacks. In SPIE Defense, Security, and Sensing (pp. 73520D-73520D). International Society for Optics and Photonics.