Can Network Security be Fun? An agent-based Simulation Model and

Game Proposal

"A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila“

-Mitch Ratcliffe

Frode Gilberg

Problem

Too often, security topics are learned through experience (learning by burning)

Large scale attacks are often initiated by computers in private- and home- networks

Improved awareness is needed We need a training tool that could motivate people to

learn more about network security People typically don’t look for litterature to improve

their knowledge Educational tools are often hard to find

Research Questions

We want to investigate how a game on network security should look like, and;

how this game can be built using a model (design) for agent-based simulation, with agents as network nodes and virtual users, and;

finally, the performance of such a model (scalability – the number of agents that can be simulated), alternatively collect feedback to measure the validity and enjoyment of the game (tool).

What makes things fun to play?

T.W.Malone’s paper from 1980– Challenge (goal, uncertain outcome, self-esteem)– Fantasy (intrinsic and extrinsic fantasies,

emotional aspects of fantasies)– Curiosity (sensory curiosity, cognitive curiosity)

Flow and GameFlow– Mihaly Csikszentmihalyi (Flow:1990)– P. Sweetser/P. Wyeth (GameFlow:2005)

Flow and GameFlow

“Flow is an experience so gratifying that people are willing to do it for its own sake, with little concern for what they will get out of it, even if it is difficult or dangerous”

GameFlow review criterias to measure flow-ability in games;

– Concentration (one should be able to concentrate on a task)– Challenge (levels should match skills)– Player Skills (skill development and mastery)– Control (a sense of control over actions)– Clear Goals (clear and presented)– Feedback (appropriate feedback toward the goal)– Immersion (deep and effort less involvemnt, sense of time)– Social Interaction (competition and cooperation)

Simulation Games

The Sim City series– Play the Mayor and urban-planner of a city

The Rollercoaster Tycoon series– Play the Theme park manager

CyberCIEGE– Play the IT manager of an IT-dependent company with

focus on graphics, security policies and instructions. Our Game

– Like CyberCIEGE, but with focus on agent-based network simulation. ”Construction” ideas from Sim City and RollerCoaster Tycoon.

Sim City Demo

RollerCoaster Tycoon

Agent-based simulation model

Simulating network componets (like rides/buildings)– Model content (agents): Switches, Routers, Clients,

Servers, Firewalls, Processes/Threads, Sockets, TCP states, Routing, Address resolution

– More details => Complex state => More real-life events– Disadvantage: Performance. Scalability is important(!)

Simulating Users– Different characteristics and preferences– Different awarness, work- and equipment- efficiency

characteristics

We need

Physical communication end-points (hosts) Logical communication end-points (sockets/processes) Application protocol logic A volatile state mechanism (memory) A non-volatile state mechanism (file system) Users that create tasks using preferences =>

instantiation of processes => running software defined logic in threads => directing sockets to communicate

Queues and packets

Using IP/ARP to address hosts on the same packets, and IP/Forwarding for cross-net communication

Hosts, Routers and Firewalls (agents)

Internet and Sites

Player objective is to build and configure networks with appropriate equipment, applications and service configurations (public and/or intranet services). The player controls the local site

Remote users and public services are located at remote sites (not controlled by player). Remote sites are simulated in the same way as the local site (realism)

An Internet-agens is used to transfer packets between sites. Within sites, IP routing is used

Attacks

Script-kiddie tools targeting public and private services

Malware and viruses. Built as procedures and executed as threads in its own process (malware) or an infected process (virus). Can change any host-state parameter (both volatile and non-volatile).

Vulnerabilities and Exploits Spam

Countermeasures

Design principles including host-hardening (first line of defence)

Anti-virus software Backup-tools Patching Spam-filters Routing and Firewall configuration

Features

Modeled using OOAD (object oriented analysis and design) and pattern techniques

Implemented from scratch using C# and the Microsoft .NET 2.0 framework

Simulation kernel running multiple threads Currently running 600+ hosts and routers

with no problem

Contribution

Gaming tool to teach network security topics Software kernel for application that need to

run network and attack simulations Can be used to protocol testing Can be used to create new ideas on easy

user-interface design which could reduce complexity and improve security

Etc...

Simposter

DEMO