Laccolith: Hypervisor-Based Adversary Emulation with Anti-Detection

被引:0
|
作者
Orbinato V. [1 ]
Feliciano M.C. [2 ]
Cotroneo D. [1 ]
Natella R. [1 ]
机构
[1] Department of Electrical Engineering and Information Technology (DIETI), Universit`a degli Studi di Napoli Federico II, Naples
[2] Secureware s.r.l., Naples
来源
IEEE Transactions on Dependable and Secure Computing | 2024年 / 21卷 / 06期
关键词
Adversary Emulation; APT; Computer architecture; Cybersecurity; Emulation; Medical services; MITRE ATT&CK; Servers; Training; TTPs; Turning; Virtualization;
D O I
10.1109/TDSC.2024.3376129
中图分类号
学科分类号
摘要
Advanced Persistent Threats (APTs) represent the most threatening form of attack nowadays since they can stay undetected for a long time. Adversary emulation is a proactive approach for preparing against these attacks. However, adversary emulation tools lack the anti-detection abilities of APTs. We introduce Laccolith, a hypervisor-based solution for adversary emulation with anti-detection to fill this gap. We also present an experimental study to compare Laccolith with MITRE CALDERA, a state-of-the-art solution for adversary emulation, against five popular anti-virus products. We found that CALDERA cannot evade detection, limiting the realism of emulated attacks, even when combined with a state-of-the-art anti-detection framework. Our experiments show that Laccolith can hide its activities from all the tested anti-virus products, thus making it suitable for realistic emulations. Authors
引用
收藏
页码:1 / 13
页数:12
相关论文
共 50 条
  • [31] A tiny hypervisor-based trusted geolocation framework with minimized TPM operations
    Park, Sungjin
    Won, Jong-Jin
    Yoon, Jaenam
    Kim, Kyong Hoon
    Han, Taisook
    JOURNAL OF SYSTEMS AND SOFTWARE, 2016, 122 : 202 - 214
  • [32] Lightweight and Efficient Hypervisor-Based Dynamic Binary Instrumentation and Analysis Method
    Pan, Jiaye
    Yi, Zhuang
    Xue-Jian, Zhao
    Sun, Binglin
    IEEE ACCESS, 2020, 8 : 164593 - 164610
  • [33] A Bayesian Game-Theoretic Intrusion Detection System for Hypervisor-Based Software Defined Networks in Smart Grids
    Niazi, Rumaisa Aimen
    Faheem, Yasir
    IEEE ACCESS, 2019, 7 : 88656 - 88672
  • [34] Hypervisor-Based Target Deployment Strategies for Time Predictability in Model-Based Development
    Schade, Florian
    Doerr, Tobias
    Becker, Jurgen
    2022 IEEE 35TH INTERNATIONAL SYSTEM-ON-CHIP CONFERENCE (IEEE SOCC 2022), 2022, : 285 - 286
  • [35] Block-Level Storage Caching for Hypervisor-Based Cloud Nodes
    Tak, Byungchul
    Tang, Chunqiang
    Chang, Rong N.
    Seo, Euiseong
    IEEE ACCESS, 2021, 9 : 88724 - 88736
  • [36] DLP-Visor: A Hypervisor-based Data Leakage Prevention System
    Amit, Guy
    Yeshooroon, Amir
    Kiperberg, Michael
    Zaidenberg, Nezer J.
    ICISSP: PROCEEDINGS OF THE 7TH INTERNATIONAL CONFERENCE ON INFORMATION SYSTEMS SECURITY AND PRIVACY, 2021, : 416 - 423
  • [37] Hypervisor-Based Multicore Feedback Control of Mixed-Criticality Systems
    Crespo, Alfons
    Balbastre, Patricia
    Simo, Jose
    Coronel, Javier
    Gracia Perez, Daniel
    Bonnot, Philippe
    IEEE ACCESS, 2018, 6 : 50627 - 50640
  • [38] Dynamic Malware Analysis Using IntroVirt: a Modified Hypervisor-Based System
    White, Joshua S.
    Pape, Stephen R.
    Meily, Adam T.
    Gloo, Richard M.
    CYBER SENSING 2013, 2013, 8757
  • [39] Commercial hypervisor-based task sandboxing mechanisms are unsecured? But we can fix it!
    Huo, Dongdong
    Cao, Chen
    Liu, Peng
    Wang, Yazhe
    Li, Mingxuan
    Xu, Zhen
    JOURNAL OF SYSTEMS ARCHITECTURE, 2021, 116
  • [40] An Anti-Detection Moving Strategy for Mobile Sink
    Sha, Zhou
    Lu, Jia-Liang
    Li, Xu
    Wu, Min-You
    2010 IEEE GLOBAL TELECOMMUNICATIONS CONFERENCE GLOBECOM 2010, 2010,
12345