Automatically generating models of IT systems

Information technology system (ITS), informally, is a set of workstations, servers, laptops, installed software, databases, LANs, firewalls, etc. Nowadays, every company has an ITS, but rarely is information about it available outside the company that owns it. However, there are many situations where the availability of such data would be beneficial. For example, cyber ranges emulate IT systems and need their description. Machine learning, and in particular the use of ML to automate attack and defense, would also benefit from descriptions of ITSs. In this paper, we describe a system we call the Generator, that as inputs takes requirements such as the number of employees and the vertical to which the company belongs, and produces as output a model of an ITS that satisfies the given requirements. A very important property that we have put special emphasis on is that the generated ITS looks like a model of a real system to anyone who analyzes it. To the best of our knowledge, we are the first to have attempted to build something like this. We validate the Generator by generating an ITS model for a fictional financial institution, and analyze its performance with respect to the problem size. The conducted experiments show that our approach is feasible. In the future, we intend to extend this prototype to allow probabilistic generation of IT systems when only a subset of parameters is explicitly defined.