September 23, 2021

Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!

Automatically generating models of IT systems. (arXiv:2107.11102v1 [cs.CR])

Information technology system (ITS), informally, is a set of workstations,
servers, laptops, installed software, databases, LANs, firewalls, etc.
Nowadays, every company has an ITS, but rarely is information about it
available outside the company that owns it. However, there are many situations
where the availability of such data would be beneficial. For example, cyber
ranges emulate IT systems and need their description. Machine learning, and in
particular the use of ML to automate attack and defense, would also benefit
from descriptions of ITSs. In this paper, we describe a system we call the
Generator, that as inputs takes requirements such as the number of employees
and the vertical to which the company belongs, and produces as output a model
of an ITS that satisfies the given requirements. A very important property that
we have put special emphasis on is that the generated ITS looks like a model of
a real system to anyone who analyzes it. To the best of our knowledge, we are
the first to have attempted to build something like this. We validate the
Generator by generating an ITS model for a fictional financial institution, and
analyze its performance with respect to the problem size. The conducted
experiments show that our approach is feasible. In the future, we intend to
extend this prototype to allow probabilistic generation of IT systems when only
a subset of parameters is explicitly defined.