There is a growing need for cybersecurity professionals with practical knowledge and experience to meet societal needs and comply with new standards and regulations. At the same time, the advances in software technology and artificial intelligence point towards a future where software agents will play an important role in protecting the computer systems that are critical for society to function. The training and development of both humans and software agents requires the design and execution of cybersecurity exercises that differ in properties such as size, scope, objectives, difficultly, etc. Cybersecurity scenarios are critical for the operation of cybersecurity exercises as they describe the scope, context, operational environment and storyline of each exercise. In this work, we present an approach to automatically generate cybersecurity scenarios that model enterprise IT systems. Our approach is able to generate a large number of scenarios that differ in multiple criteria including size, scope, difficulty, complexity and diversity. We further release as open source: a simulation and a virtualization environment that can run cybersecurity exercises based on the generated scenarios and a dataset containing 100000 sample scenarios.

翻译：随着社会需求与新兴标准法规的推进，对具备实践知识与经验的网络安全专业人才的需求日益增长。与此同时，软件技术与人工智能的进步预示着软件代理将在保护社会关键计算机系统中发挥重要作用。无论是人类专家还是软件代理的训练与发展，都需要设计与执行在规模、范围、目标、难度等属性上有所差异的网络安全演练。网络安全场景作为演练的核心要素，描述了每项演练的范围、背景、操作环境与故事线。本研究提出一种能够自动建模企业IT系统的网络安全场景生成方法。该方法可生成大量在规模、范围、难度、复杂度与多样性等多个维度存在差异的场景。我们进一步以开源形式发布：基于生成场景运行网络安全演练的仿真与虚拟化环境，以及包含10万个样本场景的数据集。