cyber_attack¶
Navigation: Cyber Overview
- cyber_attack <type> <base_type> … end_cyber_attack¶
cyber_attack <type> <base_type> # Define the effect(s) of the attack on the victim effect ... duration ... scan_delay_time ... delivery_delay_time ... # Define default probability thresholds. probability_of_scan_detection ... probability_of_scan_attribution ... probability_of_attack_success ... probability_of_status_report ... probability_of_attack_detection ... probability_of_attack_attribution ... probability_of_future_immunity ... # Random draw frequencies. scan_detection_draw_frequency ... scan_attribution_draw_frequency ... attack_success_draw_frequency ... status_report_draw_frequency ... attack_detection_draw_frequency ... attack_attribution_draw_frequency ... future_immunity_draw_frequency ... end_cyber_attack
- <type>
The name of the cyber_attack type being defined.
- <base_type>
The name of an existing cyber_attack type or WSF_CYBER_EFFECT, whose definition will be used as the initial definition of the new type.
Overview¶
A cyber_attack object defines the types of effects that affect the victim of the attack and defines default responses on the victim should they not have a defined response in their cyber_protect object.
Commands¶
- effect <effect_type>¶
A cyber_effect type that models the effect of the attack on the victim. This command may be repeated to specify multiple effects. If multiple effects are associated with this attack, the effects will resolve in the order in which they are listed.
Default None. At least one effect must be provided.
Warning
Specific effect types may require user input at the time an attack is initiated, via the CyberAttack method call, as noted in each of effects documentation available here. The user is restricted to a single variable input via these calls. Multiple effects with this requirement will share the same variable. Multiple effects with different variable types on a single attack are currently not supported at this time, and can be placed on a separate attack type definition as a current workaround.
- duration <time-value>¶
A duration will specify how long the effect lasts. When duration is not set but there exists a cyber_protect block associated with the cyber_attack effect then duration will be the summation of the attack_detection_delay_time and attack_recovery_delay_time.
Default 0 seconds
Note
If duration < attack_detection_delay_time then the victim will not be able to draw for cyber immunity to the attack.
- scan_delay_time <random-time-value>¶
This specifies the amount of time it takes to perform a scan. This is the amount of time between the call to WsfPlatform.CyberScan and when WsfPlatform.CyberScanStatus returns a non-negative value. Any call to WsfPlatform.CyberScanStatus that occurs before this time elapses will return a negative value, indicating the scan is in progress.
Default 0 secs
- delivery_delay_time <random-time-value>¶
This specifies the amount of time it would take to deliver an exploit. This is the amount of time between the call to WsfPlatform.CyberAttack and when WsfPlatform.CyberAttackStatus returns a non-negative value. Any call to WsfPlatform.CyberAttackStatus that occurs before this time elapses will return a negative value, indicating the delivery is in progress.
Default 0 secs
Probability Threshold Commands¶
These commands specify the default probability threshold to be used if the corresponding value is not provided in the attack_response in cyber_protect.
- probability_of_scan_detection [ 0 .. 1 ]¶
This specifies the default value for probability_of_scan_detection of a corresponding attack_response in cyber_protect.
Default 0
- probability_of_scan_attribution [ 0 .. 1 ]¶
This specifies the default value for probability_of_scan_attribution of a corresponding attack_response in cyber_protect.
Default 0
- probability_of_attack_success [ 0 .. 1 ]¶
This specifies the default value for probability_of_attack_success of a corresponding attack_response in cyber_protect.
Default 1
- probability_of_status_report [ 0 .. 1 ]¶
This specifies the default value for probability_of_status_report of a corresponding attack_response in cyber_protect.
Default 1
- probability_of_attack_detection [ 0 .. 1 ]¶
This specifies the default value for probability_of_attack_detection of a corresponding attack_response in cyber_protect.
Default 0
- probability_of_attack_attribution [ 0 .. 1 ]¶
This specifies the default value for probability_of_attack_attribution of a corresponding attack_response in cyber_protect.
Default 0
- probability_of_future_immunity [ 0 .. 1 ]¶
This specifies the default value for probability_of_future_immunity of a corresponding attack_response in cyber_protect.
Default 0
Random Draw Frequency Commands¶
The following commands define how often uniform random draws are performed. Each categorical use of random numbers within an attack type is controlled by a separate command.
In each of the following commands <draw_frequency> can have the following values:
always - A new random value is drawn for each evaluation.
once_per_simulation - A random value is drawn for the first evaluation in the simulation and used for all subsequent evaluations.
once_per_target - A random value is drawn for the first evaluation involving a specific target and is used for all subsequent evaluations involving the same target.
interval_per_simulation <random-time-value> - A random value is drawn if the simulation time since the last draw exceeds the threshold.
interval_per_target <random-time-value> A random value is draw if the simulation time since the last draw INVOLVING THE SAME TARGET exceeds the threshold.
- scan_detection_draw_frequency <draw_frequency_>¶
The frequency of random draws for determining if a scan is detected.
Default always
- scan_attribution_draw_frequency <draw_frequency_>¶
The frequency of random draws for determining if a scan is attributed.
Default always
- attack_success_draw_frequency <draw_frequency_>¶
The frequency of random draws for determining if an attack is successful.
Default always
- status_report_draw_frequency <draw_frequency_>¶
The frequency of random draws for determining if a status report is to be made.
Default always
- attack_detection_draw_frequency <draw_frequency_>¶
The frequency of random draws for determining if an attack is detectable by the victim.
Default always
- attack_attribution_draw_frequency <draw_frequency_>¶
The frequency of random draws for determining if an attack is attributed by the victim.
Default always
- future_immunity_draw_frequency <draw_frequency_>¶
The frequency of random draws for determining if the victim will be immune to future attacks of the same type.
Default always