![[2508.03882] Simulating Cyberattacks through a Breach Attack Simulation (BAS) Platform empowered by Security Chaos Engineering (SCE)](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2508.03882] Simulating Cyberattacks through a Breach Attack Simulation (BAS) Platform empowered by Security Chaos Engineering (SCE)
Summary
This article presents a novel approach to simulating cyberattacks by integrating Security Chaos Engineering (SCE) into Breach Attack Simulation (BAS) platforms, enhancing the ability to identify vulnerabilities and improve cyber defense strategies.
Why It Matters
As cyber threats evolve, organizations must adopt innovative techniques to test their defenses. This integration of SCE with BAS provides a structured method to simulate attacks, allowing for better preparation against real-world threats. It highlights the importance of proactive security measures in an increasingly digital landscape.
Key Takeaways
- Integration of SCE into BAS platforms enhances attack simulation.
- Utilizes adversary profiles from threat intelligence databases.
- Structured architecture improves identification of vulnerabilities.
- Automated attack sequences create inferred attack trees.
- Proactive testing can significantly bolster cyber defense strategies.
Computer Science > Cryptography and Security arXiv:2508.03882 (cs) [Submitted on 5 Aug 2025 (v1), last revised 15 Feb 2026 (this version, v2)] Title:Simulating Cyberattacks through a Breach Attack Simulation (BAS) Platform empowered by Security Chaos Engineering (SCE) Authors:Arturo Sánchez-Matas, Pablo Escribano Ruiz, Daniel Díaz-López, Angel Luis Perales Gómez, Pantaleone Nespoli, Gregorio Martínez Pérez View a PDF of the paper titled Simulating Cyberattacks through a Breach Attack Simulation (BAS) Platform empowered by Security Chaos Engineering (SCE), by Arturo S\'anchez-Matas and 5 other authors View PDF HTML (experimental) Abstract:In today digital landscape, organizations face constantly evolving cyber threats, making it essential to discover slippery attack vectors through novel techniques like Security Chaos Engineering (SCE), which allows teams to test defenses and identify vulnerabilities effectively. This paper proposes to integrate SCE into Breach Attack Simulation (BAS) platforms, leveraging adversary profiles and abilities from existing threat intelligence databases. This innovative proposal for cyberattack simulation employs a structured architecture composed of three layers: SCE Orchestrator, Connector, and BAS layers. Utilizing MITRE Caldera in the BAS layer, our proposal executes automated attack sequences, creating inferred attack trees from adversary profiles. Our proposal evaluation illustrates how integrating SCE with BAS can enhance the effectivenes...