会话级对手意图驱动的网络攻击模拟器

2020 IEEE/ACM 24th International Symposium on Distributed Simulation and Real Time Applications (DS-RT) Pub Date : 2020-09-01 DOI:10.1109/DS-RT50469.2020.9213690

Martin Drasar, Stephen Moskal, S. Yang, Pavol Zat'ko

{"title":"会话级对手意图驱动的网络攻击模拟器","authors":"Martin Drasar, Stephen Moskal, S. Yang, Pavol Zat'ko","doi":"10.1109/DS-RT50469.2020.9213690","DOIUrl":null,"url":null,"abstract":"Recognizing the need for proactive analysis of cyber adversary behavior, this paper presents a new event-driven simulation model and implementation to reveal the efforts needed by attackers who have various entry points into a network. Unlike previous models which focus on the impact of attackers' actions on the defender's infrastructure, this work focuses on the attackers' strategies and actions. By operating on a request-response session level, our model provides an abstraction of how the network infrastructure reacts to access credentials the adversary might have obtained through a variety of strategies. We present the current capabilities of the simulator by showing three variants of Bronze Butler APT on a network with different user access levels.","PeriodicalId":149260,"journal":{"name":"2020 IEEE/ACM 24th International Symposium on Distributed Simulation and Real Time Applications (DS-RT)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Session-level Adversary Intent-Driven Cyberattack Simulator\",\"authors\":\"Martin Drasar, Stephen Moskal, S. Yang, Pavol Zat'ko\",\"doi\":\"10.1109/DS-RT50469.2020.9213690\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Recognizing the need for proactive analysis of cyber adversary behavior, this paper presents a new event-driven simulation model and implementation to reveal the efforts needed by attackers who have various entry points into a network. Unlike previous models which focus on the impact of attackers' actions on the defender's infrastructure, this work focuses on the attackers' strategies and actions. By operating on a request-response session level, our model provides an abstraction of how the network infrastructure reacts to access credentials the adversary might have obtained through a variety of strategies. We present the current capabilities of the simulator by showing three variants of Bronze Butler APT on a network with different user access levels.\",\"PeriodicalId\":149260,\"journal\":{\"name\":\"2020 IEEE/ACM 24th International Symposium on Distributed Simulation and Real Time Applications (DS-RT)\",\"volume\":\"41 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE/ACM 24th International Symposium on Distributed Simulation and Real Time Applications (DS-RT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/DS-RT50469.2020.9213690\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE/ACM 24th International Symposium on Distributed Simulation and Real Time Applications (DS-RT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DS-RT50469.2020.9213690","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

摘要

认识到需要对网络对手的行为进行主动分析，本文提出了一种新的事件驱动的仿真模型和实现，以揭示具有各种网络入口点的攻击者所需的努力。与以前的模型关注攻击者的行动对防御者基础设施的影响不同，这项工作关注的是攻击者的策略和行动。通过在请求-响应会话级别上操作，我们的模型提供了网络基础设施如何对攻击者可能通过各种策略获得的访问凭据作出反应的抽象。我们通过在具有不同用户访问级别的网络上展示Bronze Butler APT的三个变体来展示模拟器的当前功能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Session-level Adversary Intent-Driven Cyberattack Simulator

Recognizing the need for proactive analysis of cyber adversary behavior, this paper presents a new event-driven simulation model and implementation to reveal the efforts needed by attackers who have various entry points into a network. Unlike previous models which focus on the impact of attackers' actions on the defender's infrastructure, this work focuses on the attackers' strategies and actions. By operating on a request-response session level, our model provides an abstraction of how the network infrastructure reacts to access credentials the adversary might have obtained through a variety of strategies. We present the current capabilities of the simulator by showing three variants of Bronze Butler APT on a network with different user access levels.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2020 IEEE/ACM 24th International Symposium on Distributed Simulation and Real Time Applications (DS-RT)

自引率

0.00%

发文量