SpecRep: Adversary Emulation Based on Attack Objective Specification in Heterogeneous Infrastructures-Reference-Cited by-同舟云学术

SpecRep: Adversary Emulation Based on Attack Objective Specification in Heterogeneous Infrastructures

Published:2024-08-29 Issue:17 Volume:24 Page:5601
ISSN:1424-8220
Container-title:Sensors
language:en
Short-container-title:Sensors

Author:

Portase Radu Marian¹²^ORCID,Colesa Adrian¹²,Sebestyen Gheorghe¹^ORCID

Affiliation:

1. Computer Science Department, Technical University of Cluj Napoca, 400114 Cluj Napoca, Romania

2. Bitdefender, 060071 Bucharest, Romania

Abstract

Cybercriminals have become an imperative threat because they target the most valuable resource on earth, data. Organizations prepare against cyber attacks by creating Cyber Security Incident Response Teams (CSIRTs) that use various technologies to monitor and detect threats and to help perform forensics on machines and networks. Testing the limits of defense technologies and the skill of a CSIRT can be performed through adversary emulation performed by so-called “red teams”. The red team’s work is primarily manual and requires high skill. We propose SpecRep, a system to ease the testing of the detection capabilities of defenses in complex, heterogeneous infrastructures. SpecRep uses previously known attack specifications to construct attack scenarios based on attacker objectives instead of the traditional attack graphs or a list of actions. We create a metalanguage to describe objectives to be achieved in an attack together with a compiler that can build multiple attack scenarios that achieve the objectives. We use text processing tools aided by large language models to extract information from freely available white papers and convert them to plausible attack specifications that can then be emulated by SpecRep. We show how our system can emulate attacks against a smart home, a large enterprise, and an industrial control system.

Publisher

MDPI AG

Link

https://www.mdpi.com/1424-8220/24/17/5601/pdf

Reference53 articles.

1. Sadhu, P.K., Yanambaka, V.P., and Abdelgawad, A. (2022). Internet of Things: Security and Solutions Survey. Sensors, 22.

2. Chakraborty, C., Lin, J.C.W., and Alazab, M. (2021). Cybercrime Issues in Smart Cities Networks and Prevention Using Ethical Hacking. Data-Driven Mining, Learning and Analytics for Secured Smart Cities: Trends and Advances, Springer International Publishing.

3. Applebaum, A., Miller, D., Strom, B., Foster, H., and Thomas, C. (2017, January 16–19). Analysis of Automated Adversary Emulation Techniques. Proceedings of the Summer Simulation Multi-Conference, San Diego, CA, USA. SummerSim ’17.

4. Miller, D., Alford, R., Applebaum, A., Foster, H., Little, C., and Strom, B.E. (2018). Automated Adversary Emulation: A Case for Planning and Acting with Unknowns, The MITRE Corporation.

5. Ammann, P., Wijesekera, D., and Kaushik, S. (2002, January 18–22). Scalable, graph-based network vulnerability analysis. Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS ’02), Washington, DC, USA.