An automated cybertraining tool that customizes
adversary behavior to meet training objectives

An automated cybertraining tool that customizes adversary behavior to meet training objectives

Cyber Reactive Adversary Framework for Training (CRAFT)

Given the growing threat of cyber warfare, training exercises in cybersecurity are becoming increasingly imperative. Unfortunately, large-scale exercises require too much time, money, and expertise to execute. As a result, training slips down in priority. An automated, adaptive, and dynamic training tool that can successfully mimic an adversary would reduce the cost of exercises and potentially increase their frequency.  

Two soldiers at a laptop discussing cyber shield exercise
Army Sgt. 1st Class Michael Deblock, Vermont Army National Guard Computer Network Defense Team, left, discusses new ways to make the exercise more challenging for cyber defenders. U.S. Army photo by Staff Sgt. Kelvin Green.

Realistic, dynamic, and customized

An efficient, automated cyber-training tool must meet the following requirements:

  • Deliver realistic adversary behaviors based on real-life exercises, not just simulations
  • Easily integrate with existing training networks
  • Enable instructors to assess and adjust agent behavior to meet shifting training objectives
The Cyber Reactive Adversary Framework for Training (CRAFT) from Charles River Analytics fits the bill. It provides realistic, dynamic, and customized adversary behavior to meet training objectives.

 Alternative approaches can craft an automated cyber-training tool, but they come with their own challenges. Baseline “smart scripting,” for example, is simple to use but is often too elementary in its approach. As a result, adversaries can easily figure out their behaviors and circumvent them.

“Intelligent scripting is too simplistic and not very dynamic,” says Sean Guarino, Principal Scientist at Charles River Analytics. “They don’t react very well to the things the defender might do, so they’re easily detected.” On the other end of the spectrum, cognitive architectures can also deliver, but they are too complex and esoteric, leaving the crafting of a tool to only a few skilled professionals.

CRAFT treads the middle “Goldilocks” ground effectively by leaning on its in-house reactive behavior-modeling architecture, Hap. Hap agents proactively and dynamically collect information on behavior.

“CRAFT’s modeling architecture, Hap, uses active planning so, unlike static behavior-tree approaches, Hap dynamically reconfigures the behaviors it pursues based on what the defenders are doing. Being able to detect, react, and adapt in real time presents a more complex adversary.

Sean Guarino Headshot
Sean Guarino
Principal Scientist and Principal Investigator on the CRAFT effort

The team is working on making CRAFT’s interface more accessible so it can be “easily adopted by those who need to work with it,” Guarino adds.

CRAFT’s big achievement during Phase I was the development of an agent that can execute a live attack exercise, instead of simulations, and dynamically change behaviors. Phase II is addressing a wide range of adversary behaviors and attacks, including those outlined in MITRE’s ATT&CK framework.

While CRAFT started out as a tool for the armed forces, it can find commercial applications in corporate and university training programs. “There are a lot of gaps in training in the commercial sector as well. Having a tool such as CRAFT delivers more frequent and effective training,” Guarino says. “It means our cyber defenders will be better prepared to detect and respond to attacks more quickly and to conduct better cyber forensics to understand what happened during an attack that already occurred.”

Man watching soldier speaking on laptop. Other soldiers in background on laptops.

Cyber Shield 22 Main Planning Conference at Professional Education Center involves more than 500 National Guard Soldiers and Airmen throughout the nation along with interagency partners. (U.S. Army National Guard photo by Staff Sgt. Jeffrey D. Reno)

Contact us to learn more about CRAFT and our capabilities in cybersecurity.

This material is based upon work supported by the Small Business Innovation Research (SBIR) Program through the U.S. Army Contracting Command (ACC) – Orlando under Contract No. W900KK-21-C-0010. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Small Business Innovation Research (SBIR) Program through the U.S. Army Contracting Command (ACC) – Orlando.

Our passion for science and engineering drives us to find impactful, actionable solutions.