{"title":"漏洞检测系统测试方法","authors":"Z. Balázs, Sveta Miladinov, Chris Pickard","doi":"10.1109/WATER.2014.7015756","DOIUrl":null,"url":null,"abstract":"Traditional antivirus systems, firewalls, intrusion detection or prevention systems, mail and web proxies have been bypassed by determined attackers for a long time. In order to fight these new threats, vendors started to develop new systems, called breach detection systems. Because the end-goal of these systems is detection, those can be considered as next generation intrusion detection systems. In order to measure the effectiveness of these breach detection systems, we propose a new type of test methodology. Our approach is based on that advanced attackers who can bypass the existing layers of security have the time, skill and resources to create unknown malware, with advanced bypass capabilities. We will evaluate a hybrid approach, where the IP / domain of the attacker C&C server is simulated in one case, and real in another case. Our approach uses only RAT (Remote Admin Tools / Remote Access Trojans) functionality, using both in-the-wild and custom developed RAT.","PeriodicalId":430865,"journal":{"name":"2014 Second Workshop on Anti-malware Testing Research (WATeR)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Breach detection system testing methodology\",\"authors\":\"Z. Balázs, Sveta Miladinov, Chris Pickard\",\"doi\":\"10.1109/WATER.2014.7015756\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Traditional antivirus systems, firewalls, intrusion detection or prevention systems, mail and web proxies have been bypassed by determined attackers for a long time. In order to fight these new threats, vendors started to develop new systems, called breach detection systems. Because the end-goal of these systems is detection, those can be considered as next generation intrusion detection systems. In order to measure the effectiveness of these breach detection systems, we propose a new type of test methodology. Our approach is based on that advanced attackers who can bypass the existing layers of security have the time, skill and resources to create unknown malware, with advanced bypass capabilities. We will evaluate a hybrid approach, where the IP / domain of the attacker C&C server is simulated in one case, and real in another case. Our approach uses only RAT (Remote Admin Tools / Remote Access Trojans) functionality, using both in-the-wild and custom developed RAT.\",\"PeriodicalId\":430865,\"journal\":{\"name\":\"2014 Second Workshop on Anti-malware Testing Research (WATeR)\",\"volume\":\"36 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 Second Workshop on Anti-malware Testing Research (WATeR)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WATER.2014.7015756\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 Second Workshop on Anti-malware Testing Research (WATeR)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WATER.2014.7015756","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Traditional antivirus systems, firewalls, intrusion detection or prevention systems, mail and web proxies have been bypassed by determined attackers for a long time. In order to fight these new threats, vendors started to develop new systems, called breach detection systems. Because the end-goal of these systems is detection, those can be considered as next generation intrusion detection systems. In order to measure the effectiveness of these breach detection systems, we propose a new type of test methodology. Our approach is based on that advanced attackers who can bypass the existing layers of security have the time, skill and resources to create unknown malware, with advanced bypass capabilities. We will evaluate a hybrid approach, where the IP / domain of the attacker C&C server is simulated in one case, and real in another case. Our approach uses only RAT (Remote Admin Tools / Remote Access Trojans) functionality, using both in-the-wild and custom developed RAT.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
