Attack Specification Language: Domain Specific Language for Dynamic Training in Cyber Range

Abstract

Cyber education development is a crucial issue considering the human resource and skill shortage in the current cybersecurity arena. A cyber range is a tried and tested hands-on training in cybersecurity education, providing threat simulation of various scenarios. However, the threat scenario development poses crucial challenges that hurt the learning process and trainee’s engagement in training. Firstly, the threat scenarios are static and have limited applicability. Secondly, due to the lack of proper representation of procedures and training scenarios used in attacks, it is hard to recognize redundant procedures. We propose an Attack Specific Language (ASL) based on the Mitre ATT&CK framework. It provides one representation for all threat scenarios. This language will give information about attack techniques in compact ways, which will streamline and automate the cyber range functions of threat and challenge execution. It will help identify and reduce redundancy. ASL will also provide training customization through dynamic threat execution, which will be trainee-aware and will consider the trainee’s performance while executing scenarios. It will provide trainees, better engagement, and training experience.