Formalizing Attack Scenario Description: A Proposed Model

TL;DR

This paper introduces a formal UML-based model for describing attack scenarios to enhance cybersecurity automation, including attack analysis and script generation for training.

Contribution

A novel formal model for attack scenario description using UML, enabling automated attack analysis and script generation for cybersecurity training.

Findings

Model effectively describes attack context and scenarios

Facilitates automatic attack script generation

Supports attack analysis processes

Abstract

Organizations face an ever-changing threat landscape. They must continuously dedicate significant efforts to protect their assets, making their adoption of increased cybersecurity automation inevitable. However, process automation requires formalization of input data. Through this paper, we address this need for processes that use attack scenarios as input. Among these processes, one can mention both the generation of scripts for attack simulation and training purposes, as well as the analysis of attacks. Therefore, the paper's main research contribution is a novel formal model that encompasses the attack's context description and its scenario. It is abstracted using UML class model. Once the description of our model done, we will show how it could serve an upstream attack analysis process. We will show also its use for an automatic generation of attack scripts in the context of cybersecurity training. These two uses cases constitute the second contribution of this present research work.