Laccolith: Hypervisor-Based Adversary Emulation with Anti-Detection

被引：0

作者：

Orbinato V. ^{[1
]}

Feliciano M.C. ^{[2
]}

Cotroneo D. ^{[1
]}

Natella R. ^{[1
]}

机构：

[1] Department of Electrical Engineering and Information Technology (DIETI), Universit`a degli Studi di Napoli Federico II, Naples

[2] Secureware s.r.l., Naples

来源：

IEEE Transactions on Dependable and Secure Computing | 2024年 / 21卷 / 06期

关键词：

Adversary Emulation; APT; Computer architecture; Cybersecurity; Emulation; Medical services; MITRE ATT&CK; Servers; Training; TTPs; Turning; Virtualization;

D O I：

10.1109/TDSC.2024.3376129

中图分类号：

学科分类号：

摘要：

Advanced Persistent Threats (APTs) represent the most threatening form of attack nowadays since they can stay undetected for a long time. Adversary emulation is a proactive approach for preparing against these attacks. However, adversary emulation tools lack the anti-detection abilities of APTs. We introduce Laccolith, a hypervisor-based solution for adversary emulation with anti-detection to fill this gap. We also present an experimental study to compare Laccolith with MITRE CALDERA, a state-of-the-art solution for adversary emulation, against five popular anti-virus products. We found that CALDERA cannot evade detection, limiting the realism of emulated attacks, even when combined with a state-of-the-art anti-detection framework. Our experiments show that Laccolith can hide its activities from all the tested anti-virus products, thus making it suitable for realistic emulations. Authors

引用

页码：1 / 13

页数：12

共 50 条

[41] High-performance vNIC framework for hypervisor-based NFV with userspace vSwitch
Nakajima, Yoshihiro
Masutani, Hitoshi
Takahashi, Hirokazu
2015 FOURTH EUROPEAN WORKSHOP ON SOFTWARE DEFINED NETWORKS - EWSDN 2015, 2015, : 43 - 48
[42] Reinforcement Learning Driven Self-Adaptation in Hypervisor-Based Cloud Intrusion Detection Systems (RLDAC-IDS)
Qaffas, Alaa A.
INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 2024, 15 (07) : 448 - 460
[43] U-HIPE: hypervisor-based protection of user-mode processes in Windows
Lutas, Andrei
Colesa, Adrian
Lukacs, Sandor
Lutas, Dan
JOURNAL OF COMPUTER VIROLOGY AND HACKING TECHNIQUES, 2016, 12 (01): : 23 - 36
[44] Anti-detection technology of cat eye target based on decentered field lens
宋大林
常军
赵一菲
张泽霞
Chinese Physics B, 2018, 27 (09) : 337 - 341
[45] HyGenICC: Hypervisor-based Generic IP Congestion Control for Virtualized Data Centers
Abdelmoniem, Ahmed M.
Bensaou, Brahim
Abu, Amuda James
2016 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS (ICC), 2016,
[46] TGVisor: A Tiny Hypervisor-Based Trusted Geolocation Framework for Mobile Cloud Clients
Park, Sungjin
Yoon, Jae Nam
Kang, Cheoloh
Kim, Kyong Hoon
Han, Taisook
2015 3RD IEEE INTERNATIONAL CONFERENCE ON MOBILE CLOUD COMPUTING, SERVICES, AND ENGINEERING (MOBILECLOUD 2015), 2015, : 99 - 108
[47] ReplaceDGA: BiLSTM-Based Adversarial DGA With High Anti-Detection Ability
Hu, Xiaoyan
Chen, Hao
Li, Miao
Cheng, Guang
Li, Ruidong
Wu, Hua
Yuan, Yali
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2023, 18 : 4406 - 4421
[48] Anti-detection technology of cat eye target based on decentered field lens
Song, Da-Lin
Chang, Jun
Zhao, Yi-Fei
Zhang, Ze-Xia
CHINESE PHYSICS B, 2018, 27 (09)
[49] Analysis of anti-detection effectiveness of stealth sea mine based on rand model
Xu, Jie
Zhang, Peng
Dong, Li
Binggong Xuebao/Acta Armamentarii, 2015, 36 : 20 - 24
[50] Hypervisor-Based Virtual Hardware for Fault Tolerance in COTS processors Targeting Space Applications
Campagna, Salvatore
Hussain, Moazzam
Violante, Massimo
2010 IEEE 25TH INTERNATIONAL SYMPOSIUM ON DEFECT AND FAULT TOLERANCE IN VLSI SYSTEMS (DFT 2010), 2010, : 44 - 51

← 1 2 3 4 5 →