pith. sign in

arxiv: 2510.06420 · v2 · pith:DTYZFNNLnew · submitted 2025-10-07 · 💻 cs.CR · cs.PL

Automated Repeatable Adversary Threat Emulation with Effects Language (EL)

Suresh K. Damodaran , Paul D. Rowe This is my paper
classification 💻 cs.CR cs.PL
keywords attackslanguageautomationchallengeseffectsemulationexecutionmulti-step
0
0 comments X
read the original abstract

The emulation of multi-step attacks attributed to advanced persistent threats is valuable for training defenders and evaluating defense tools. In this paper, we discuss the numerous challenges and desired attributes associated with such automation. Additionally, we introduce the use of Effects Language (EL), a visual programming language with graph-based operational semantics, as a solution to address many of these challenges and requirements. We formally define the execution semantics of EL, and prove important execution properties. Furthermore, we showcase the application of EL to codify attacks using an example from one of the publicly available attack scenarios. We also demonstrate how EL can be utilized to provide proof-of-attack of complex multi-step attacks. Our results highlight the improvements in time and resource efficiency achieved through the use of EL for repeatable automation.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. The Procedural Semantics Gap in Structured CTI: A Measurement-Driven STIX Analysis for APT Emulation

    cs.CR 2025-12 conditional novelty 6.0

    Structured CTI standards like ATT&CK describe adversary actions but lack the ordering, preconditions, and environmental details needed for direct multi-stage emulation, and a translation method can bridge this gap whe...