Using Camouflaged Cyber Simulations as a Model to Ensure Validity in Cybersecurity Experimentation
This addresses the problem of unreliable cybersecurity research for practitioners and researchers, but it is incremental as it adapts existing simulation concepts to a new domain.
The paper tackles the lack of empirical research standards in cybersecurity by proposing camouflaged cyber simulations as a method to ensure validity in experimentation, aiming to improve metrics, soundness, and generalizability of results.
Experimental research methods describe standards to safeguard scientific integrity and reputability. These methods have been extensively integrated into traditional scientific disciplines and studied in the philosophy of science. The field of cybersecurity is just beginning to develop preliminary research standards and modeling practices. As such, the science of cybersecurity routinely fails to meet empirical research criteria, such as internal validity, external validity, and construct validity. These standards of experimentation enable the development of metrics, create assurance of experimental soundness, and aid in the generalizability of results. To facilitate such empirical experimentation in cybersecurity, we propose the adaptation of camouflaged cyber simulations as an approach for cybersecurity research. This research tool supports this mechanistic method of experimentation and aids in the construction of general cybersecurity research best practices.