Automatic Attack Script Generation: a MDA Approach
This addresses the need for efficient and accessible cybersecurity training in higher education, though it is incremental as it builds on existing MDA methods.
The paper tackles the problem of creating cybersecurity training exercises by proposing an approach that automatically generates attack scripts and contexts from informal descriptions, reducing setup costs and errors. It uses the MDA development method with formal languages and TOSCA standards to enable reuse across platforms.
It is widely recognized that practical exercises are crucial for teaching cybersecurity in higher education. However, their setup is not only expensive, time-consuming, and prone to numerous errors, but also requires technical and programming skills to create attack contexts and scripts. To mitigate these drawbacks, this research work proposes an approach that automatically generates scripts and attack contexts based on informal attack scenario descriptions. To isolate business concerns from technological issues, our approach is aligned with the MDA development method. A formal language is proposed to express our Computation Independent model. We rely on the TOSCA standard to describe our Platform Independent Model. We also allow through our approach the generation of several Platform Specific Models. Hence, this research work contributes not only to the overall improvement of attack implementations for cybersecurity training but also to their reuse on various platforms.