Realistic simulation of users for IT systems in cyber ranges

CAID 2021 : applications de l'Intelligence Artificielle aux probl{\'e}matiques d{\'e}fense, Nov 2021, Rennes, France Generating user activity is a key capability for both evaluating security monitoring tools as well as improving the credibility of attacker analysis platforms (e.g., honeynets). In this paper, to generate this activity, we instrument each machine by means of an external agent. This agent combines both deterministic and deep learning based methods to adapt to different environment (e.g., multiple OS, software versions, etc.), while maintaining high performances. We also propose conditional text generation models to facilitate the creation of conversations and documents to accelerate the definition of coherent, system-wide, life scenarios.