In the era of digital world, cyber security is a vital part of any computer system. Attack and defensive strategy have always remained struggling against each other. Regular efforts are required to assess security of already deployed system. The present techniques of penetration testing likes black-box, white-box, and grey-box vulnerability assessments are too time taking, resource consuming, costly and risky as we cannot fully trust on the intentions of these security testers. Such attempts may disrupt the running system or in rare cases the system may crash. They are limited as extensive testing cannot be done due to the presence of the critical data on the systems. In order to avoid potential damage to functional system as a result of running self-initiated attacks, we have proposed a solution using agent based modeling and simulation. The proposed solution requires replica of existing system in the virtualization of PCs and emulation of networking devices. On top of this virtual replica, agent based model is built and the model is simulated in a risk-free and controlled environment. The simulation may take decisions to automate existing practices of humancomputer based penetration testing. Here we have presented an open-ended framework and a sample setup to verify the effectiveness of the proposed solution. It allows system modelers to create a virtual replica of an IT infrastructure under investigation; model and perform different type of cyber-attacks to analyze its security resilience. It is comprised of three layers including virtual machines layer, network layer and agent based modeling layer. In order to demonstrate the functionality of our proposed framework we present a case study of NUST campus as a proof of concept. Our solution is modular in nature and can accommodate all types of systems with the availability of the emulator. The simulation presents the degree of vulnerability of the functional computer system without damaging the actual system in place, as a result, this open-ended framework may further be enhanced by adding modules as proposed in this research.

#Cyberattacks #Virtualization #Networking #Agentbasedmodeling #DenialofServiceattack