Simulation-Based Cyber Data Collection Efficacy
David Thaw, Bret Barkley, Gerry Bella, and Carrie Gardner

TL;DR
This study uses a realistic simulation of a small business network with default security settings to evaluate cyber attack efficacy, finding that such networks may remain secure without additional defenses.
Contribution
It demonstrates the effectiveness of default security configurations in a realistic network simulation, challenging assumptions about inevitable hacking.
Findings
No breaches occurred during the simulation
Default security settings provided sufficient protection
Realistic network modeling informs cybersecurity strategies
Abstract
Building upon previous research in honeynets and simulations, we present efforts from a two-and-a-half-year study using a representative simulation to collect cybersecurity data. Unlike traditional honeypots or honeynets, our experiment utilizes a full-scale operational network to model a small business environment. The simulation uses default security configurations to defend the network, testing the assumption that given standard security baseline, devices networked to the public Internet will necessarily be hacked. Given network activity appropriate for its context, results support the conclusion that no actors where able to break in, despite only default security settings.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Digital and Cyber Forensics · Data Quality and Management
