D2U: Data Driven User Emulation for the Enhancement of Cyber Testing, Training, and Data Set Generation

Oesch, T; Bridges, Robert; Verma, Miki; Weber, Brian; Diallo, Oumar

doi:10.1145/3474718.3475718

Title: D2U: Data Driven User Emulation for the Enhancement of Cyber Testing, Training, and Data Set Generation

Conference · Sun Aug 01 00:00:00 EDT 2021

DOI:https://doi.org/10.1145/3474718.3475718· OSTI ID:1813180

^[1];

^[1]; Verma, Miki ^[1]; Weber, Brian ^[1]; Diallo, Oumar ^[1]

ORNL

Whether testing intrusion detection systems, conducting training exercises, or creating data sets to be used by the broader cybersecurity community, realistic user behavior is a critical component of a cyber range. Existing methods either rely on network level data or replay recorded user actions to approximate real users in a network. Our work is the first to produce generative models trained on actual user data (sequences of application usage) collected on endpoints. Once trained to the user's behavioral data, these models can generate novel sequences of actions %that appear to come from the same distribution as the training data. These sequences of actions are then fed to our custom software via configuration files, which replicate those behaviors on end devices. Notably, our models are platform agnostic and could generate behavior data for any emulation software package. In this paper we present our model generation process, software architecture, and an initial evaluation of the fidelity of our models. Our software is currently deployed in a cyber range to help evaluate the efficacy of defensive cyber technologies. We suggest additional ways that the cyber community as a whole can benefit from more realistic user behavior emulation. The data used to train our model, as well as sample configuration files produced by the model, are available at [redacted].

View Conference

Cite

Export

Save

Research Organization:: Oak Ridge National Laboratory (ORNL), Oak Ridge, TN (United States)

Sponsoring Organization:: USDOE

DOE Contract Number:: AC05-00OR22725

OSTI ID:: 1813180

Resource Relation:: Conference: 14th Cyber Security Experimentation and Test Workshop - Boston, Massachusetts, United States of America - 8/9/2021 4:00:00 AM-

Country of Publication:: United States

Language:: English

Similar Records

Cyber risk assessment and investment optimization using game theory and ML-based anomaly detection and mitigation for wide-area control in smart grids

Other · Mon Aug 01 00:00:00 EDT 2022 · OSTI ID:1813180

Hyder, Burhan

DSS-SimPy-RL (Open-DSS and SimPy based Cyber-Physical RL environment) [SWR-23-29]

Software · Wed Mar 29 00:00:00 EDT 2023 · OSTI ID:1813180

Sahu, Abhijeet; Venkataramanan, Venkatesh; Macwan, Richard

Cyber security analysis testbed : combining real, emulation, and simulation.

Conference · Thu Jul 01 00:00:00 EDT 2010 · OSTI ID:1813180

Villamarin, Charles H; Eldridge, John M; Van Leeuwen, Brian P; +1 more

Title: D2U: Data Driven User Emulation for the Enhancement of Cyber Testing, Training, and Data Set Generation

Citation Formats

Similar Records

Related Subjects