通过模拟攻击链来评估和管理风险

2016 24th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP) Pub Date : 2016-04-04 DOI:10.1109/PDP.2016.50

F. Baiardi, F. Tonelli, A. D. R. D. Biase

{"title":"通过模拟攻击链来评估和管理风险","authors":"F. Baiardi, F. Tonelli, A. D. R. D. Biase","doi":"10.1109/PDP.2016.50","DOIUrl":null,"url":null,"abstract":"Haruspex is a suite of tools to assess and manage the risk posed by an information and communication technology system. The suite is built around the application of a Monte Carlo method to a scenario where intelligent agents implement chains of attacks to reach their goals. Some tools build a description of the agents, the target system, its vulnerabilities and the resulting attacks. Another tool applies a Monte Carlo method to this description, simulates the building of attack chains by the agents and it returns a database with samples it collects in the simulations. Further tools analyze this database to select countermeasures. To validate the suite and verify it truthfully models attackers, it has been adopted in Locked Shield 2014, a network defense exercise with participants from 17 nations. The results of this exercise validate the designs of the tools.","PeriodicalId":192273,"journal":{"name":"2016 24th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP)","volume":"77 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-04-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Assessing and Managing Risk by Simulating Attack Chains\",\"authors\":\"F. Baiardi, F. Tonelli, A. D. R. D. Biase\",\"doi\":\"10.1109/PDP.2016.50\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Haruspex is a suite of tools to assess and manage the risk posed by an information and communication technology system. The suite is built around the application of a Monte Carlo method to a scenario where intelligent agents implement chains of attacks to reach their goals. Some tools build a description of the agents, the target system, its vulnerabilities and the resulting attacks. Another tool applies a Monte Carlo method to this description, simulates the building of attack chains by the agents and it returns a database with samples it collects in the simulations. Further tools analyze this database to select countermeasures. To validate the suite and verify it truthfully models attackers, it has been adopted in Locked Shield 2014, a network defense exercise with participants from 17 nations. The results of this exercise validate the designs of the tools.\",\"PeriodicalId\":192273,\"journal\":{\"name\":\"2016 24th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP)\",\"volume\":\"77 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-04-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 24th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PDP.2016.50\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 24th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PDP.2016.50","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

Haruspex是一套工具，用于评估和管理信息和通信技术系统带来的风险。该套件是围绕蒙特卡罗方法在智能代理实现攻击链以达到其目标的场景中的应用程序构建的。一些工具构建代理、目标系统、其漏洞和由此产生的攻击的描述。另一个工具将蒙特卡罗方法应用于此描述，模拟代理构建攻击链，并返回一个包含模拟中收集的样本的数据库。进一步的工具分析该数据库以选择对策。为了验证该套件并验证它真实地模拟攻击者，它已在“锁定盾牌2014”中被采用，这是一项来自17个国家的网络防御演习。该练习的结果验证了工具的设计。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Assessing and Managing Risk by Simulating Attack Chains

Haruspex is a suite of tools to assess and manage the risk posed by an information and communication technology system. The suite is built around the application of a Monte Carlo method to a scenario where intelligent agents implement chains of attacks to reach their goals. Some tools build a description of the agents, the target system, its vulnerabilities and the resulting attacks. Another tool applies a Monte Carlo method to this description, simulates the building of attack chains by the agents and it returns a database with samples it collects in the simulations. Further tools analyze this database to select countermeasures. To validate the suite and verify it truthfully models attackers, it has been adopted in Locked Shield 2014, a network defense exercise with participants from 17 nations. The results of this exercise validate the designs of the tools.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 24th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP)

自引率

0.00%

发文量