Date of Award
Doctor of Philosophy (PhD)
Computer Science : Modeling and Simulation
Mikel D. Petty
John A. Bland
Mary Ellen Weisskopf
Computer security--Mathematical models., Petri nets.
Verification and validation are crucial to establishing the credibility of the results of a modeling and simulation project. Conclusions drawn from an unverified and unvalidated model are at best unconvincing, and at worst have the potential to be dangerous if decisions are made based on outputs from an incorrect model. In general, the most effective methods of verification and validation involve comparisons of simulation results with data from observations of the system or event being simulated. However, such methods cannot be used if system data is not available. This is often true of cyberattacks, because the victims of cyberattacks conceal information related to the attacks, including actors, methods, and impacts. Their reasons for doing so include damage to reputation, risk of revealing vulnerabilities that are difficult to remediate, and regulatory constraints. Consequently, verification and validation of cyberattack models can be a significant challenge. In this research, verification and validation methods that do not depend on sensitive data from actual cyberattacks are developed for models of cyberattacks. The models are based on the publicly available Common Attack Pattern Enumeration and Classification and are expressed using a formalism known as Petri Nets with Players, Strategies, and Costs. The verification methods include direct comparison, semi-formal, and formal methods. The validation methods include face validation, comparison with publicly available data, and experimental validation.
Cantrell, Walter Alan, "Verification and validation methods for extended petri nets modeling cyberattacks" (2021). Dissertations. 221.