Agent-Based Modelling of Offensive Actors in Cyberspace

With the rise of the Information Age, there has also been a growing rate of attacks targeting information. In order to better defend against these attacks being able to understand attackers and simulate their behaviour is of utmost importance. A recent approach of using serious games provides an avenue to explore offensive cyber attacks in a safe and fun environment. There exists a wide range of cyber attackers, with varying levels of expertise whose motivations are different. This project provides a novel contribution in using games to allow people to role play as malicious attackers and then using these games as inputs into the simulation.

A board game has been designed that emulates a cyber environment, where players represent offensive actors, with seven roles - Cyber Mercenary (low and high capability), State-backed (low and high capability), Script Kiddy, Hacktivist and Counter-culture (not motivated by finances or ideology). The facilitator or the Games Master (GM) represents the organisation under attack, and players use the Technique cards to perform attacks on the organisation, all cards are sourced from existing Tools, Techniques and Procedures (TTPs). Along with the game, players also provided responses to a questionnaire that encapsulated three individual differences: Sneider's self-report, DOSPERT and Barratt's Impulsiveness scale. There were a total of 15 players participating in 13 games, and three key groups of individual differences players. No correlation was identifed with the individual Technique card pick rate and role. However, the complexity of the attack patterns (Technique card chains) was modulated by roles, and the players' individual differences.

A proof-of-concept simulation has been made using an Agent-Based Modelling framework that re-plays the actions of a player. One of the aspects of future work is the exploitation of the game data to be used as a learning model to create intelligent standalone agents.