Toward Effective Evaluation of Cyber Defense: Threat Based Adversary Emulation Approach

被引:2
|
作者
Ajmal, Abdul Basit [1 ]
Khan, Shawal [1 ]
Alam, Masoom [1 ]
Mehbodniya, Abolfazl [2 ]
Webber, Julian [2 ]
Waheed, Abdul [3 ]
机构
[1] COMSATS Univ Islamabad CUI, Dept Comp Sci, Islamabad 45550, Pakistan
[2] Kuwait Coll Sci & Technol KCST, Dept Elect & Commun Engn, Kuwait 35003, Kuwait
[3] Women Univ Swabi, Dept Comp Sci, Swabi 23430, Pakistan
关键词
ATT & CK predictions; endpoint security evaluation; cyber attack simulations; penetration testing; stealthy attacks; defense evaluation; SECURITY;
D O I
10.1109/ACCESS.2023.3272629
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Attackers compromise organizations with increasingly sophisticated ways, such as Advanced Persistent Threat (APT) attackers. Usually, such attacks have the intention to exploit endpoints to gain access to critical data. For security controls and defense evaluation, organizations may employ offensive security activities. The most important one is penetration testing and red teaming, but such operations are usually resource exhaustive and extend over a longer period of time. Furthermore, traditional Venerability Assessment and Penetration Testing (VAPT) works effectively in the mitigation of known attacks but did not prove to be effective against stealthy attacks. VAPT considers the whole offsec as an acting problem but in reality, an attacker has to deal with uncertainty while conducting real-world attacks. In this paper, we are presenting an adversary emulation approach based on MITRE ATT & CK adversary emulation plan with consideration of planning as a major part of each attack phase. The approach utilizes stealthy attack vectors and paths to emulate adversary for defense evaluation. For effective defense evaluation, we picked more than 40 techniques from ATT & CK, deployed their mitigation on target machines, and then launched attacks against all those techniques. We show that attack paths and payloads generated using our approach are strong enough to evade security controls at endpoints. This approach provides a special environment for cyber defenders to think like adversary, and create new attack vectors and paths to evaluate organizational security preparedness. This process constructs a special environment to expand the attack landscape view and defense evaluation with minimal resources for the organization.
引用
收藏
页码:70443 / 70458
页数:16
相关论文
共 50 条
  • [21] Evaluation of LLM-based chatbots for OSINT-based Cyber Threat Awareness
    Shafee, Samaneh
    Bessani, Alysson
    Ferreira, Pedro M.
    EXPERT SYSTEMS WITH APPLICATIONS, 2025, 261
  • [22] Threat Evaluation in Air Defense Based on Improved KPCA-TOPSIS
    Liu, Xiaoma
    Han, Yang
    Qiu, Hongze
    Zheng, Zhiqiang
    2018 IEEE CSAA GUIDANCE, NAVIGATION AND CONTROL CONFERENCE (CGNCC), 2018,
  • [23] A Quantum LSTM-based approach to cyber threat detection in virtual environment
    Tripathi, Sarvapriya
    Upadhyay, Himanshu
    Soni, Jayesh
    JOURNAL OF SUPERCOMPUTING, 2025, 81 (01):
  • [24] An XAI-based adversarial training approach for cyber-threat detection
    Al-Essa, Malik
    Andresini, Giuseppina
    Appice, Annalisa
    Malerba, Donato
    2022 IEEE INTL CONF ON DEPENDABLE, AUTONOMIC AND SECURE COMPUTING, INTL CONF ON PERVASIVE INTELLIGENCE AND COMPUTING, INTL CONF ON CLOUD AND BIG DATA COMPUTING, INTL CONF ON CYBER SCIENCE AND TECHNOLOGY CONGRESS (DASC/PICOM/CBDCOM/CYBERSCITECH), 2022, : 806 - 813
  • [25] DeepHunter: A Graph Neural Network Based Approach for Robust Cyber Threat Hunting
    Wei, Renzheng
    Cai, Lijun
    Zhao, Lixin
    Yu, Aimin
    Meng, Dan
    SECURITY AND PRIVACY IN COMMUNICATION NETWORKS, SECURECOMM 2021, PT I, 2021, 398 : 3 - 24
  • [26] A Novel Approach for Cyber Threat Detection Based on Angle-Based Subspace Anomaly Detection
    Soumya, T. R.
    Revathy, S.
    CYBERNETICS AND SYSTEMS, 2022,
  • [27] A Novel Approach for Cyber Threat Detection Based on Angle-Based Subspace Anomaly Detection
    Soumya, T.R.
    Revathy, S.
    Cybernetics and Systems, 2022,
  • [28] Performance-Based Cyber Resilience Metrics: An Applied Demonstration Toward Moving Target Defense
    Hossain-Mckenzie, S.
    Lai, C.
    Chavez, A.
    Vugrin, E.
    IECON 2018 - 44TH ANNUAL CONFERENCE OF THE IEEE INDUSTRIAL ELECTRONICS SOCIETY, 2018, : 766 - 773
  • [29] A Reputation-Based Approach Using Consortium Blockchain for Cyber Threat Intelligence Sharing
    Zhang, Xiaohui
    Miao, Xianghua
    Xue, Mingying
    SECURITY AND COMMUNICATION NETWORKS, 2022, 2022
  • [30] Adaptive fuzzy based threat evaluation method for air and missile defense systems
    Tuncer, Ozgur
    Cirpan, Hakan Ali
    INFORMATION SCIENCES, 2023, 643