Toward Effective Evaluation of Cyber Defense: Threat Based Adversary Emulation Approach

被引:2
|
作者
Ajmal, Abdul Basit [1 ]
Khan, Shawal [1 ]
Alam, Masoom [1 ]
Mehbodniya, Abolfazl [2 ]
Webber, Julian [2 ]
Waheed, Abdul [3 ]
机构
[1] COMSATS Univ Islamabad CUI, Dept Comp Sci, Islamabad 45550, Pakistan
[2] Kuwait Coll Sci & Technol KCST, Dept Elect & Commun Engn, Kuwait 35003, Kuwait
[3] Women Univ Swabi, Dept Comp Sci, Swabi 23430, Pakistan
关键词
ATT & CK predictions; endpoint security evaluation; cyber attack simulations; penetration testing; stealthy attacks; defense evaluation; SECURITY;
D O I
10.1109/ACCESS.2023.3272629
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Attackers compromise organizations with increasingly sophisticated ways, such as Advanced Persistent Threat (APT) attackers. Usually, such attacks have the intention to exploit endpoints to gain access to critical data. For security controls and defense evaluation, organizations may employ offensive security activities. The most important one is penetration testing and red teaming, but such operations are usually resource exhaustive and extend over a longer period of time. Furthermore, traditional Venerability Assessment and Penetration Testing (VAPT) works effectively in the mitigation of known attacks but did not prove to be effective against stealthy attacks. VAPT considers the whole offsec as an acting problem but in reality, an attacker has to deal with uncertainty while conducting real-world attacks. In this paper, we are presenting an adversary emulation approach based on MITRE ATT & CK adversary emulation plan with consideration of planning as a major part of each attack phase. The approach utilizes stealthy attack vectors and paths to emulate adversary for defense evaluation. For effective defense evaluation, we picked more than 40 techniques from ATT & CK, deployed their mitigation on target machines, and then launched attacks against all those techniques. We show that attack paths and payloads generated using our approach are strong enough to evade security controls at endpoints. This approach provides a special environment for cyber defenders to think like adversary, and create new attack vectors and paths to evaluate organizational security preparedness. This process constructs a special environment to expand the attack landscape view and defense evaluation with minimal resources for the organization.
引用
收藏
页码:70443 / 70458
页数:16
相关论文
共 50 条
  • [31] An effective integration approach toward assembly sequence planning and evaluation
    Bai, YW
    Chen, ZN
    Bin, HZ
    Hun, J
    INTERNATIONAL JOURNAL OF ADVANCED MANUFACTURING TECHNOLOGY, 2005, 27 (1-2): : 96 - 105
  • [32] An effective integration approach toward assembly sequence planning and evaluation
    Y.W. Bai
    Z.N. Chen
    H.Z. Bin
    J. Hun
    The International Journal of Advanced Manufacturing Technology, 2005, 27 : 96 - 105
  • [33] An Agent-Based Socio-Technical Approach to Impact Assessment for Cyber Defense
    Charitoudi, Konstantinia
    Blyth, Andrew J. C.
    INFORMATION SECURITY JOURNAL, 2014, 23 (4-6): : 125 - 136
  • [34] Online Generative Adversary Network Based Measurement Recovery in False Data Injection Attacks: A Cyber-Physical Approach
    Li, Yuancheng
    Wang, Yuanyuan
    Hu, Shiyan
    IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, 2020, 16 (03) : 2031 - 2043
  • [35] Proposal and Evaluation of Cyber Defense System using Blacklist Refined Based on Authentication Results
    Nakakoji, Hirofumi
    Fujii, Yasuhiro
    Isobe, Yoshiaki
    Shigemoto, Tomohiro
    Kito, Tetsuro
    Hayashi, Naoki
    Kawaguchi, Nobutaka
    Shimotsuma, Naoki
    Kikuchi, Hiroaki
    PROCEEDINGS OF 2016 19TH INTERNATIONAL CONFERENCE ON NETWORK-BASED INFORMATION SYSTEMS (NBIS), 2016, : 135 - 139
  • [36] An Approach of Privacy-Preserved PQC-based Cyber-threat Intelligence System
    Chen, Yu-Jen
    Lin, Tzu-Wei
    Kuo, Chung-Wei
    Tsai, Kuo-Yu
    2024 8TH INTERNATIONAL CONFERENCE ON CRYPTOGRAPHY, SECURITY AND PRIVACY, CSP 2024, 2024, : 1 - 4
  • [37] Threat evaluation method of warships formation air defense based on AR(p)-DITOPSIS
    Sun Haiwen
    Xie Xiaofang
    JOURNAL OF SYSTEMS ENGINEERING AND ELECTRONICS, 2019, 30 (02) : 297 - 307
  • [38] Threat evaluation method of warships formation air defense based on AR(p)-DITOPSIS
    SUN Haiwen
    XIE Xiaofang
    Journal of Systems Engineering and Electronics, 2019, 30 (02) : 297 - 307
  • [39] Evaluation of Cyber Threat Intelligence Maturity Models: A Comparison Based on Maturity Model Design Principles
    Pambudhi, Heru Dias
    Aji, Rizal Fathoni
    2022 2ND INTERNATIONAL CONFERENCE ON INTELLIGENT CYBERNETICS TECHNOLOGY & APPLICATIONS (ICICYTA), 2022, : 105 - 110
  • [40] Design and Analysis of Decentralized Interactive Cyber Defense Approach based on Multi-agent Coordination
    Liu, Ming
    Ma, Lu
    Li, Chao
    Chang, Weiling
    Wang, Yuanjie
    Cui, Jianming
    Ji, Yingying
    2020 16TH INTERNATIONAL CONFERENCE ON MOBILITY, SENSING AND NETWORKING (MSN 2020), 2020, : 659 - 664