Probabilistic Attack Sequence Generation and Execution Based on MITRE ATT&CK for ICS Datasets

To practically leverage a dataset, various attack situations should be created according to the user’s objective and how realistic the generated attack sequence is should be expressed. However, there is a limit to manually generating various attack sequences that can be credible by reflecting the characteristics of the intrusion process for known cyber attacks and the field’s constraints. In this paper, we propose an automatic generation method of various attack sequences that satisfy the characteristics of the attack desired by the user based on the tactics and techniques of MITRE ATT&CK, and introduce the application method through a case study. To collect the industrial control system security dataset based on the attack sequence for future work, an attack sequence executor is applied to automatically drive the attack sequence on the HAI testbed.