Cyber Assassin (CA)

Cyber Assassin (CA) is an Air Force SBIR Phase I prototype software application developed by Metron.  It is a high fidelity cyber simulation tool which explicitly models populations of cyber users as discrete autonomous agents. It also provides a robust implementation of application vulnerability life-cycle and allows traceability between cyber activities to mission impacts.  CA leverages technologies and techniques from the Cyber Security Simulation and Executable Architecture Management System and provides a framework for conducting holistic analysis of cyber threats and response Courses of Action (COAs) in a discrete-event, Monte Carlo simulation environment.

CA is a mission-oriented Monte Carlo modeling and simulation (M&S) tool for the cyber domain. Metron has used it to support SPAWAR and OPNAV studies evaluating network security. The tool  supports multi-warfare mission area analysis. Complex scenarios can be set up and run in multiple Monte Carlo replications, producing results that can statistically measure desired outcomes along with many of the factors that contribute to those outcomes.  CA examines the dynamic evolution of all forces, locations, states, and vulnerabilities by incorporating different component and system level capabilities to measure their impact on higher level total force effectiveness metrics, which can be used directly in cost-benefit trade analyses.

CA’s event-driven model includes Red and Blue cyber actors’ carrying out sequences of detectable and preventable host and network events which improve the cyber situational awareness (SA) of the actor or result in changes to the host and network state. Discrete components are responsible for causing specific events, actions, and observations on specific network hosts. Sequences are triggered by messages passing between the discrete components.

Metron understands the challenges that are facing program offices, stakeholders and decision makers in the connected enterprise to secure their assets. Metron has experience building models of a variety of operational network architectures including afloat, ashore, and aloft networks with are used to run a range of cyber attacks against the architecture.  

CA uses an enhanced data model and mission modeling capabilities with the high fidelity characterization of network, cyber behavior, users, C2 and threats. In essence, CA Tool Suite will conduct on-demand, war gaming scenarios. System and architecture vulnerabilities would be tested with cyber agents’ behavior in a mission context using Monte Carlo simulation. This would allow the collection of objective Metrics of Performance (MOPs) and Metrics of Effectiveness (MOEs) for use in design and impact analysis