Integrating Security Behavior into Attack Simulations

The increase of cyber-attacks raised security concerns for critical assets worldwide in the last decade. Leading to more efforts spent towards increasing the cyber security among companies and countries. For the sake of enhancing cyber security, representation and testing of attacks have prime importance in understanding system vulnerabilities. One of the available tools for simulating attacks on systems is the Meta Attack Language (MAL), which allows representing the effects of certain cyber-attacks. However, only understanding the component vulnerabilities is not enough in securing enterprise systems. Another important factor is the 'human', which constitutes the biggest 'insider threat'. For this, Security Behavior Analysis (SBA) helps understanding which system components that might be directly affected by the 'human'. As such, in this work, the authors present an approach for integrating user actions, so called "security behavior", by mapping SBA to a MAL-based language through MITRE ATT&CK techniques.