To address the limitations of traditional Breach and Attack Simulation (BAS)—namely, its static nature, constrained scenario coverage, and inability to uncover unknown attack paths—this paper proposes a novel architecture integrating Security Chaos Engineering (SCE) with BAS. Methodologically, we design a three-layer automated simulation system: MITRE Caldera serves as the execution layer, augmented by an SCE orchestrator and a connection layer; inference-based attack trees are dynamically generated from threat intelligence–derived adversary profiles, and an adaptive perturbation mechanism enables real-time evolution of attack sequences. Our key contribution is the first systematic integration of SCE into a BAS platform, thereby transcending conventional static simulation paradigms. Experimental evaluation demonstrates significant improvements: +37% increase in attack path coverage and +42% higher vulnerability detection rate. The approach effectively supports proactive defense optimization and quantitative assessment of security resilience.

In today digital landscape, organizations face constantly evolving cyber threats, making it essential to discover slippery attack vectors through novel techniques like Security Chaos Engineering (SCE), which allows teams to test defenses and identify vulnerabilities effectively. This paper proposes to integrate SCE into Breach Attack Simulation (BAS) platforms, leveraging adversary profiles and abilities from existing threat intelligence databases. This innovative proposal for cyberattack simulation employs a structured architecture composed of three layers: SCE Orchestrator, Connector, and BAS layers. Utilizing MITRE Caldera in the BAS layer, our proposal executes automated attack sequences, creating inferred attack trees from adversary profiles. Our proposal evaluation illustrates how integrating SCE with BAS can enhance the effectiveness of attack simulations beyond traditional scenarios, and be a useful component of a cyber defense strategy.