{"title":"在真实网络中应用高级持续威胁攻击跟踪器","authors":"Yuya Tajima, Hiroshi Koide","doi":"10.1109/CANDARW53999.2021.00072","DOIUrl":null,"url":null,"abstract":"In this paper, we improve and expand the attacks tracer to receive information from real networks and to simulate advanced persistent threats in the networks based on it. Our improvement of the proposed system helps administrators to correctly recognize the status of the system and to expect near future events. Advanced persistent threats are cyber attacks that mainly target the information systems of organizations such as governments, research institutes, and enterprises. The attacks are characterized by long-lasting and continuous attacks that eventually result in the seizure of confidential information. In the past, system administrators and/or designers conducted digital forensic analysis. However the analysis is difficult because the number of communication traffic and connected devices are increasing now. The attacks tracer is a software that uses the actor model to simulate the behavior of an information system by modeling networked devices such as routers and servers abstractly. The abstract model and the actor model give the attacks tracer a scalable concurrency. Therefore the attacks tracer simulates a lot of attack scenarios of advanced persistent threats. However the attacks tracer before improvement we have implemented can only simulate specific scenarios in virtual spaces, and cannot analyze actual attacks. Therefore, in this proposal, we implemented the interface of gRPC, which is a high performance remote procedure call framework, in the attacks tracer. This allows attacks tracer to receive and analyze events that occur on the network immediately, thus the attacks tracer can simulate actual attacks. For example, if a system such as a firewall detects that an attack has occurred from a PC in the network, the attacks tracer can use that information to determine that the PC has been infected with malware and then indicate what kind of attack will occur. As a result of applying the attacks tracer to a real network, we found that the attacks tracer can get feedback from a real system and simulate advanced persistent threats based on it. The overview of the attacks tracer before improvement, the implementation method for applying to real environments and the case study are presented in this paper.","PeriodicalId":325028,"journal":{"name":"2021 Ninth International Symposium on Computing and Networking Workshops (CANDARW)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Applying The Attacks Tracer on Advanced Persistent Threats to Real Networks\",\"authors\":\"Yuya Tajima, Hiroshi Koide\",\"doi\":\"10.1109/CANDARW53999.2021.00072\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, we improve and expand the attacks tracer to receive information from real networks and to simulate advanced persistent threats in the networks based on it. Our improvement of the proposed system helps administrators to correctly recognize the status of the system and to expect near future events. Advanced persistent threats are cyber attacks that mainly target the information systems of organizations such as governments, research institutes, and enterprises. The attacks are characterized by long-lasting and continuous attacks that eventually result in the seizure of confidential information. In the past, system administrators and/or designers conducted digital forensic analysis. However the analysis is difficult because the number of communication traffic and connected devices are increasing now. The attacks tracer is a software that uses the actor model to simulate the behavior of an information system by modeling networked devices such as routers and servers abstractly. The abstract model and the actor model give the attacks tracer a scalable concurrency. Therefore the attacks tracer simulates a lot of attack scenarios of advanced persistent threats. However the attacks tracer before improvement we have implemented can only simulate specific scenarios in virtual spaces, and cannot analyze actual attacks. Therefore, in this proposal, we implemented the interface of gRPC, which is a high performance remote procedure call framework, in the attacks tracer. This allows attacks tracer to receive and analyze events that occur on the network immediately, thus the attacks tracer can simulate actual attacks. For example, if a system such as a firewall detects that an attack has occurred from a PC in the network, the attacks tracer can use that information to determine that the PC has been infected with malware and then indicate what kind of attack will occur. As a result of applying the attacks tracer to a real network, we found that the attacks tracer can get feedback from a real system and simulate advanced persistent threats based on it. The overview of the attacks tracer before improvement, the implementation method for applying to real environments and the case study are presented in this paper.\",\"PeriodicalId\":325028,\"journal\":{\"name\":\"2021 Ninth International Symposium on Computing and Networking Workshops (CANDARW)\",\"volume\":\"12 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 Ninth International Symposium on Computing and Networking Workshops (CANDARW)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CANDARW53999.2021.00072\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 Ninth International Symposium on Computing and Networking Workshops (CANDARW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CANDARW53999.2021.00072","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Applying The Attacks Tracer on Advanced Persistent Threats to Real Networks
In this paper, we improve and expand the attacks tracer to receive information from real networks and to simulate advanced persistent threats in the networks based on it. Our improvement of the proposed system helps administrators to correctly recognize the status of the system and to expect near future events. Advanced persistent threats are cyber attacks that mainly target the information systems of organizations such as governments, research institutes, and enterprises. The attacks are characterized by long-lasting and continuous attacks that eventually result in the seizure of confidential information. In the past, system administrators and/or designers conducted digital forensic analysis. However the analysis is difficult because the number of communication traffic and connected devices are increasing now. The attacks tracer is a software that uses the actor model to simulate the behavior of an information system by modeling networked devices such as routers and servers abstractly. The abstract model and the actor model give the attacks tracer a scalable concurrency. Therefore the attacks tracer simulates a lot of attack scenarios of advanced persistent threats. However the attacks tracer before improvement we have implemented can only simulate specific scenarios in virtual spaces, and cannot analyze actual attacks. Therefore, in this proposal, we implemented the interface of gRPC, which is a high performance remote procedure call framework, in the attacks tracer. This allows attacks tracer to receive and analyze events that occur on the network immediately, thus the attacks tracer can simulate actual attacks. For example, if a system such as a firewall detects that an attack has occurred from a PC in the network, the attacks tracer can use that information to determine that the PC has been infected with malware and then indicate what kind of attack will occur. As a result of applying the attacks tracer to a real network, we found that the attacks tracer can get feedback from a real system and simulate advanced persistent threats based on it. The overview of the attacks tracer before improvement, the implementation method for applying to real environments and the case study are presented in this paper.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
