CyberEvo: evolutionary search of knowledge-based behaviors in a cyber attack campaign.

The ever-growing complexity of computer networks and advancement of cyber attack tactics have made exhaustively searching for potential attack seqences within most networks infeasible. We present CyberEvo, a cyber-agent framework to describe and simulate attacking and defensive agent behaviors on an abstracted network. In CyberEvo threat actors have an initial starting point in a network, iteratively observe network stimuli, decide upon tactics using rules, and take actions to extend their knowledge of the network and fulfill their goal. CyberEvo employs evolutionary search, in this example, to efficiently obtain optimal attack sequences. Evolutionary adaptation acts upon the parameters of fuzzy logic used in manually written rules, and uses a fitness function that prioritizes undetected and minimal actions. In a scenario with 230 possible fuzzy logic configurations, evolutionary search, with less than 1000 evaluations, found all 26 globally best configurations, equivalent attack sequences for a simple network.