Automated Adversary Emulation: A Case for Planning and Acting with Unknowns

Abstract

Adversary emulation assessments offer defenders the ability to view their networks from the point of view of an adversary. Because these assessments are time consuming, there has been recent interest in the automated planning community on using planning to create solutions for an automated adversary to follow. We deviate from existing research, and instead argue that automated adversary emulation as well as automated penetration testing should be treated as both a planning and an acting problem. Our argument hinges on the fact that adversaries typically have to manage unbounded uncertainty during assessments, which many of the prior techniques do not consider. To illustrate this, we provide examples and a formalism of the problem, and discuss shortcomings in existing planning modeling languages when representing this domain. Additionally, we describe our experiences developing solutions to this problem, including our own custom representation and algorithms. Our work helps characterize the nature of problems in this space, and lays important groundwork for future research.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2018
Accession Number
AD1108001

Entities

People

  • Andy Applebaum
  • Blake Strom
  • Caleb Little
  • Doug Miller
  • Henry Foster
  • Ron Alford

Organizations

  • MITRE Corporation

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Advanced Persistent Threat
  • Algorithms
  • Artificial Intelligence
  • Code Injection
  • Communities
  • Computer Simulations
  • Contrast
  • Cyberattacks
  • Cybersecurity
  • Environment
  • Language
  • Operating Systems
  • Security
  • Sequences
  • Simulations
  • Targets
  • Uncertainty

Fields of Study

  • Computer science

Readers

  • Computer Vision.
  • Irregular Warfare and Special Operations Cyberspace Operations against Adversarial Threats.
  • Systems Analysis and Design

Technology Areas

  • Space