Realistic simulation of users for IT systems in cyber ranges
This work addresses the need for credible user simulation in cyber ranges, which is incremental by integrating existing methods for improved adaptability.
The paper tackles the problem of generating realistic user activity for evaluating security tools and enhancing attacker analysis platforms by instrumenting machines with an external agent that combines deterministic and deep learning methods, achieving high performance across diverse environments.
Generating user activity is a key capability for both evaluating security monitoring tools as well as improving the credibility of attacker analysis platforms (e.g., honeynets). In this paper, to generate this activity, we instrument each machine by means of an external agent. This agent combines both deterministic and deep learning based methods to adapt to different environment (e.g., multiple OS, software versions, etc.), while maintaining high performances. We also propose conditional text generation models to facilitate the creation of conversations and documents to accelerate the definition of coherent, system-wide, life scenarios.