An intelligent recommendation algorithm for red team strategy in edge computing powered massive Cyber Defense Exercise

The recent surge in the frequency and seriousness of cyber attacks is alarming and poses a critical threat against the stability of our society. Previously, most effort to mitigate cyber attacks has focused on the technical countermeasures. However, a number of recent cyber attacks showed the necessity of constantly offering proper massive Cyber Defense eXercise (CDX) to the workforce in a timely manner. In order to meet the ever growing demand, the most recent massive CDX platform utilizes various edge computing concepts to locally manage the overhead related to the trainees (blue team members) in real time unlike the traditional centralized CDX platform. So far, such massive CDX platform cannot be fully operational without sufficient number of qualified trainers (red team members) who have strong expertise in cyber offense and are willing to participate the CDX. Unfortunately, securing enough number of such red team members is greatly challenging in practice. To address this issue, this paper introduces an intelligent recommendation algorithm for the red team in a massive CDX so that such massive CDX can be organized without enough number of red team members with a strong expertise in cyber offense. Given a known attack graph for each cyber defense training module, we formally define the problem of identifying a subgraph including a victorious strategy for the red team as the victory subgraph computation problem. Then, we introduce a new algorithm to solve this problem as well as a new strategy to obtain a winning strategy for the offense team to assist such red team members. Besides, we also discuss about various approach to utilize our result to organize massive CDXs in an efficient manner.

Automated summary

The recent surge in cyber attacks has led to the necessity of regular massive Cyber Defense eXercises for employees. The newest CDX platform utilizes edge computing to manage costs for blue team members in real time. However, the challenge lies in the shortage of red team members with expertise in cyber offense.