Simulation-based optimization of information security controls: An adversary-centric approach

Today, information systems are threatened not only by the opportunistic exploitation of particular technical weaknesses, but increasingly by targeted attacks that combine multiple vectors to achieve the attacker´s objectives. Given the complexities involved, identifying the most appropriate measures to counteract the latter threats is highly challenging. In this paper, we introduce a novel simulation-optimization method that tackles this problem. It combines rich conceptual modeling of security knowledge with discrete event simulation and metaheuristic optimization techniques. By simulating attacks, the method infers possible routes of attack and identifies emergent weaknesses while accounting for adversaries´ heterogeneous objectives, capabilities, and available modes of entry. The optimization iteratively adapts the system model by means of a genetic algorithm and optimizes its ability to detect ongoing attacks and prevent their successful execution. We describe a prototypical implementation and illustrate its application by means of scenarios for five types of adversaries.