Automatic Attack Script Generation: a MDA Approach

TL;DR

This paper presents an approach that automatically generates cybersecurity attack scripts and contexts from informal descriptions, using MDA principles and standard modeling languages to improve training efficiency and platform reuse.

Contribution

It introduces a formal language and MDA-based method for automatic attack script generation, enhancing cybersecurity training and cross-platform applicability.

Findings

Automates attack script creation from informal scenarios.

Uses MDA and standard models for platform-independent design.

Enables reuse of attack scripts across different platforms.

Abstract

It is widely recognized that practical exercises are crucial for teaching cybersecurity in higher education. However, their setup is not only expensive, time-consuming, and prone to numerous errors, but also requires technical and programming skills to create attack contexts and scripts. To mitigate these drawbacks, this research work proposes an approach that automatically generates scripts and attack contexts based on informal attack scenario descriptions. To isolate business concerns from technological issues, our approach is aligned with the MDA development method. A formal language is proposed to express our Computation Independent model. We rely on the TOSCA standard to describe our Platform Independent Model. We also allow through our approach the generation of several Platform Specific Models. Hence, this research work contributes not only to the overall improvement of attack implementations for cybersecurity training but also to their reuse on various platforms.