Redirigiendo al acceso original de articulo en 20 segundos...
Inicio  /  Applied Sciences  /  Vol: 10 Par: 6 (2020)  /  Artículo
ARTÍCULO
TITULO

Cyber Attack and Defense Emulation Agents

Jeong Do Yoo    
Eunji Park    
Gyungmin Lee    
Myung Kil Ahn    
Donghwa Kim    
Seongyun Seo and Huy Kang Kim    

Resumen

As the scale of the system and network grows, IT infrastructure becomes more complex and hard to be managed. Many organizations have a serious problem to manage their system and network security. In addition, vulnerabilities of hardware and software are increasing in number rapidly. In such a complex IT environment, security administrators need more practical and automated threat assessment methods to reduce their manual tasks. Adversary emulation based automated assessment is one of the solutions to solve the aforementioned problems because it helps to discover the attack paths and vulnerabilities to be exploited. However, it is still inefficient to perform the adversary emulation because adversary emulation requires well-designed attack scenarios created by security experts. Besides, a manual-based penetration test cannot be frequently performed. To overcome this limitation, we propose an adversary emulation framework composed of the red team and blue team agent. The red team agent carries out automated attacks based on the automatically generated scenarios by the proposed framework. The blue team agent deploys defense measures to react to the red team agent?s attack patterns. To test our framework, we test multiple attack scenarios on remote servers that have various vulnerable software. In the experiment, we show the red team agent can gain an administrator?s privilege from the remote side when the blue team agent?s intervention is not enabled. The blue team agent can successfully block the red team?s incoming attack when enabled. As a result, we show our proposed framework is beneficial to support routine threat assessment from the adversary?s perspective. It will be useful for security administrators to make security defense strategy based on the test results.

 Artículos similares

       
 
Sharoug Alzaidy and Hamad Binsalleeh    
In the field of behavioral detection, deep learning has been extensively utilized. For example, deep learning models have been utilized to detect and classify malware. Deep learning, however, has vulnerabilities that can be exploited with crafted inputs,... ver más
Revista: Applied Sciences

 
Adam James Fenton    
This paper examines hybrid threats to maritime transportation systems and their governance responses; focusing on the congested Straits of Malacca and Singapore (SOMS) as an illustrative case study. The methodology combines secondary sources with primary... ver más

 
Yuhang Zhang and Ming Ni    
With the increasing deployment of advanced sensing and measurement devices, the modern distribution system is evolved into a cyber-physical power distribution system (CPPDS). Due to the extensive application of information and communication technology, C... ver más
Revista: Applied Sciences

 
Olga Tushkanova, Diana Levshun, Alexander Branitskiy, Elena Fedorchenko, Evgenia Novikova and Igor Kotenko    
Cyberattacks on cyber-physical systems (CPS) can lead to severe consequences, and therefore it is extremely important to detect them at early stages. However, there are several challenges to be solved in this area; they include an ability of the security... ver más
Revista: Algorithms

 
Jeremy Bryans, Lin Shen Liew, Hoang Nga Nguyen, Giedre Sabaliauskaite and Siraj Ahmed Shaikh    
Systems that integrate cyber and physical aspects to create cyber-physical systems (CPS) are becoming increasingly complex, but demonstrating the security of CPS is hard and security is frequently compromised. These compromises can lead to safety failure... ver más
Revista: Information