Cybersecurity Software Tool Evaluation Using a 'Perfect' Network Model
Abstract
Cybersecurity software tool evaluation is difficult due to the inherently adversarial nature of the field. A penetration testing (or offensive) tool must be tested against a viable defensive adversary and a defensive tool must, similarly, be tested against a viable offensive adversary. Characterizing the tool's performance inherently depends on the quality of the adversary, which can vary from test to test. This paper proposes the use of a 'perfect' network, representing computing systems, a network and the attack pathways through it as a methodology to use for testing cybersecurity decision-making tools. This facilitates testing by providing a known and consistent standard for comparison. It also allows testing to include researcher-selected levels of error, noise and uncertainty to evaluate cybersecurity tools under these experimental conditions.
Cite
@article{arxiv.2409.09175,
title = {Cybersecurity Software Tool Evaluation Using a 'Perfect' Network Model},
author = {Jeremy Straub},
journal= {arXiv preprint arXiv:2409.09175},
year = {2024}
}
Comments
The U.S. federal sponsor has requested that we not include funding acknowledgement for this publication