Automated Adversary Emulation: A Case for Planning and Acting with Unknowns

June 2018
Topics: Cybersecurity, Network Security, Information Security, Software Engineering, Systems Engineering
Doug Miller, The MITRE Corporation
Ron Alford, The MITRE Corporation
Andy Applebaum, The MITRE Corporation
Henry Foster, The MITRE Corporation
Caleb Little, The MITRE Corporation
Blake E. Strom, The MITRE Corporation
Download PDF (305 KB)

Adversary emulation assessments offer defenders the ability to view their networks from the point of view of an adversary. Because these assessments are time consuming, there has been recent interest in the automated planning community on using planning to create solutions for an automated adversary to follow. We deviate from existing research within the work under the CALDERA project, and instead argue that automated adversary emulationas well as automated penetration testingshould be treated as both a planning and an acting problem. Our argument hinges on the fact that adversaries typically have to manage unbounded uncertainty during assessments, which many of the prior techniques do not consider. To illustrate this, we provide examples and a formalism of the problem, and discuss shortcomings in existing planning modeling languages when representing this domain. Additionally, we describe our experiences developing solutions to this problem, including our own custom representation and algorithms. Our work helps  characterize the nature of problems in this space, and lays important groundwork for future research.​

Publications

Interested in MITRE's Work?

MITRE provides affordable, effective solutions that help the government meet its most complex challenges.
Explore Job Openings

Publication Search