Agent-based modelling and simulation of network cyber-attacks and cooperative defence mechanisms

The important problem in network security which solution is urgently needed is the investigation of counteraction between malefactors and defence systems in computer networks, including the Internet, and the creation of effective cyber-defence systems. It is important to underline that experienced malefactors realize sophisticated strategies of cyber-attacks. These strategies can include:  Information gathering about the computer system under attack, detecting its vulnerabilities and defence mechanisms;  Determining the ways of overcoming defence mechanisms (for example, by simulating these mechanisms);  Suppression, detour or deceit of protection components (for example, by using slow (“stretched” in time) stealthy probes, separate coordinated operations (attacks) from several sources formed complex multiphase attack, etc.);  Getting access to resources, escalating privilege, and implementation of thread intended (violation of confidentiality, integrity, availability, etc.) using the vulnerabilities detected;  Covering tracks of malefactors’ presence and creating back doors. Defence mechanisms should support real-time fulfilment of the following operations:  Implementing the protection mechanisms appropriated to the security policy (including proactive intrusion prevention and attack blocking, misinformation, concealment, camouflage, etc.);  Vulnerability assessment, gathering data and analysis of the current status of the computer system defended;  Intrusion detection and prediction of the malefactors’ intentions and actions;  Direct incident response, including deception of the malefactors, their decoy with the purpose of disclosure and more precise determining the malefactors’ purposes, and reinforcement of critical protection mechanisms;  Elimination of intrusion consequences and detected vulnerabilities, adaptation of the information assurance system to the next intrusions. 1