Intrusion modeling

APEX solutions focuses on the overall modeling of intrusions into infrastructures or public spaces with protection and detection systems. The first approaches to intrusion modeling, applied to critical infrastructures, were published in the 1980s, most of them by Sandia National Laboratories in the USA (SAFE/SNAP, EASI, ASD, SAVI, ASSESS methods, etc.).

The main goal of these models is to simulate the actions of two opposing forces: the red force (attackers) seeking to penetrate an area with a specific objective (sabotage, data theft, etc.), and the blue force (defenders) whose goal is to prevent the realization of the opponent’s objectives. These tools can be used to determine critical paths and optimize the defensive system to make it more resistant to attack.

The simplest case is that of critical infrastructures, for which there is an existing protective doctrine designed to delay the penetration of attackers. This doctrine involves protecting the site as an “onion”, with each inner layer being more protected than the previous layer. This generally involves a distinction between the public space outside, a restricted area, a protected zone, one or more controlled buildings and so-called “vital” zones. The doctrine is also broken down into general protection principles known as the “4Ds”, due to the initials of the verbs that characterize them: DETER, DETECT, DELAY and DENY/DEFEAT.

APEX solutions uses a similar principle to define an original approach to attack principles, namely the “4Ps”: PLAN, PENETRATE/PROGRESS, PERPETRATE and eventually PUSH OFF.

The principle of assessing protection capabilities is typically based on two elements: for each issue on the site, possible attack sequences (ASD or Adversary Sequence Diagrams) must be established, defining the progression paths of attackers. For each of these sequences, we then assess the likelihood of interruption, or even neutralization (EASI: Estimate of Adversary Sequence Interruption). This involves determining the probability of detection along the attack path, and then calculating the time it will take for the defenders to intercept the attackers. If this is less than the time needed for the red team to achieve its objective, the attack has failed.

Here are the elements to include in a simulation for the blue force (defenders):

• Site and building description,
• Protection systems (physical or cyber), and their vulnerability to the different equipment used by attackers,
• Point, linear and volume detection systems,
• Fixed or mobile guards (and their behavior),
• Other personnel who may be present on site (employees) or off site (security reinforcements).

For the red force, the following needs to be described:

• On-site and off-site attackers (for example, in charge of a cyber attack or drone reconnaissance), and possibly accomplices inside the site in the event of internal malice,
• Their knowledge of defensive elements (site and buildings, protection, detection, guards and other personnel),
• Their physical and cyber equipment, which will be used to destroy or bypass the protection elements, and possibly the detection systems.

APEX solutions is developing innovative methods to meet the global need for intrusion modeling. Our current research focuses on:

• Site and building representation and direct integration into the simulation tool using standardized BIM (Building Information Modeling) descriptions and especially the IFC format, a standard for data sharing in the construction and facilities management sector.
• Fine modeling of red team and blue team behaviors, with the possibility of attackers splitting up to carry out several remote actions simultaneously for example (a topic that has never been addressed in the open literature to our knowledge).
• Algorithms to model detection systems including probabilistic aspects, such as the probability of a “blue” operator detecting a “red” attacker in the field of one of the cameras on a screen showing images from several cameras, as a function of the attacker’s optical characteristics, brightness, distance, speed, and so on.

More generally, we’re also looking at how to optimize the protection of public spaces, which unlike critical infrastructures are – by definition – not designed to be protected against intrusion.