Laccolith: Hypervisor-Based Adversary Emulation with Anti-Detection

被引:0
|
作者
Orbinato V. [1 ]
Feliciano M.C. [2 ]
Cotroneo D. [1 ]
Natella R. [1 ]
机构
[1] Department of Electrical Engineering and Information Technology (DIETI), Universit`a degli Studi di Napoli Federico II, Naples
[2] Secureware s.r.l., Naples
来源
IEEE Transactions on Dependable and Secure Computing | 2024年 / 21卷 / 06期
关键词
Adversary Emulation; APT; Computer architecture; Cybersecurity; Emulation; Medical services; MITRE ATT&CK; Servers; Training; TTPs; Turning; Virtualization;
D O I
10.1109/TDSC.2024.3376129
中图分类号
学科分类号
摘要
Advanced Persistent Threats (APTs) represent the most threatening form of attack nowadays since they can stay undetected for a long time. Adversary emulation is a proactive approach for preparing against these attacks. However, adversary emulation tools lack the anti-detection abilities of APTs. We introduce Laccolith, a hypervisor-based solution for adversary emulation with anti-detection to fill this gap. We also present an experimental study to compare Laccolith with MITRE CALDERA, a state-of-the-art solution for adversary emulation, against five popular anti-virus products. We found that CALDERA cannot evade detection, limiting the realism of emulated attacks, even when combined with a state-of-the-art anti-detection framework. Our experiments show that Laccolith can hide its activities from all the tested anti-virus products, thus making it suitable for realistic emulations. Authors
引用
收藏
页码:1 / 13
页数:12
相关论文
共 50 条
  • [21] A Survey on Hypervisor-based Virtualization of Embedded Reconfigurable Systems
    Wulf, Cornelia
    Willig, Michael
    Goehringer, Diana
    2021 31ST INTERNATIONAL CONFERENCE ON FIELD-PROGRAMMABLE LOGIC AND APPLICATIONS (FPL 2021), 2021, : 249 - 256
  • [22] HyperCrop: A Hypervisor-Based Countermeasure for Return Oriented Programming
    Jiang, Jun
    Jia, Xiaoqi
    Feng, Dengguo
    Zhang, Shengzhi
    Liu, Peng
    INFORMATION AND COMMUNICATIONS SECURITY, 2011, 7043 : 360 - +
  • [23] A Hypervisor-Based Privacy Agent for Mobile and IoT Systems
    Klingensmith, Neil
    Kim, Younghyun
    Banerjee, Suman
    HOTMOBILE '19 - PROCEEDINGS OF THE 20TH INTERNATIONAL WORKSHOP ON MOBILE COMPUTING SYSTEMS AND APPLICATIONS, 2019, : 21 - 26
  • [24] Preventing hypervisor-based rootkits with trusted execution technology
    Hewlett-Packard Systems Security Lab, Bristol, United Kingdom
    Netw. Secur., 2008, 11 (7-12): : 7 - 12
  • [25] HyperWallet: cryptocurrency wallet as a secure hypervisor-based application
    Zaidenberg, Nezer Jacob
    Kiperberg, Michael
    EURASIP JOURNAL ON INFORMATION SECURITY, 2024, 2024 (01):
  • [26] HyperCrypt: Hypervisor-based Encryption of Kernel and User Space
    Goetzfried, Johannes
    Doerr, Nico
    Palutke, Ralph
    Mueller, Tilo
    PROCEEDINGS OF 2016 11TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY, (ARES 2016), 2016, : 79 - 87
  • [27] Cloud security in the age of adaptive adversaries: A game theoretic approach to hypervisor-based intrusion detection
    Sadia
    Saadat, Ahsan
    Faheem, Yasir
    Abaid, Zainab
    Fraz, Muhammad Moazam
    Journal of Systems Architecture, 2024, 156
  • [28] Efficient DLP-visor: An efficient hypervisor-based DLP
    Kiperberg, Michael
    Amit, Guy
    Yeshooroon, Amir
    Zaidenberg, Nezer J.
    21ST IEEE/ACM INTERNATIONAL SYMPOSIUM ON CLUSTER, CLOUD AND INTERNET COMPUTING (CCGRID 2021), 2021, : 344 - 355
  • [29] RAMinate: Hypervisor-based Virtualization for Hybrid Main Memory Systems
    Hirofuchi, Takahiro
    Takano, Ryousei
    PROCEEDINGS OF THE SEVENTH ACM SYMPOSIUM ON CLOUD COMPUTING (SOCC 2016), 2016, : 112 - 125
  • [30] Towards Hierarchical Scheduling of Dependent Systems with Hypervisor-based Virtualization
    Jatzkowski, Jan
    Kreutz, Marcio
    Rettberg, Achim
    PROCEEDINGS OF THE 2015 ELECTRONIC SYSTEM LEVEL SYNTHESIS CONFERENCE (ESLSYN), 2015, : 28 - 33
12345