Pandora: A Cyber Range Environment for the Safe Testing and Deployment of Autonomous Cyber Attack Tools

Cybersecurity tools are increasingly automated with artificial intelligent (AI) capabilities to match the exponential scale of attacks, compensate for the relatively slower rate of training new cybersecurity talents, and improve of the accuracy and performance of both tools and users. However, the safe and appropriate usage of autonomous cyber attack tools - especially at the development stages for these tools - is still largely an unaddressed gap. Our survey of current literature and tools showed that most of the existing cyber range designs are mostly using manual tools and have not considered augmenting automated tools or the potential security issues caused by the tools. In other words, there is still room for a novel cyber range design which allow security researchers to safely deploy autonomous tools and perform automated tool testing if needed. In this paper, we introduce Pandora, a safe testing environment which allows security researchers and cyber range users to perform experiments on automated cyber attack tools that may have strong potential of usage and at the same time, a strong potential for risks. Unlike existing testbeds and cyber ranges which have direct compatibility with enterprise computer systems and the potential for risk propagation across the enterprise network, our test system is intentionally designed to be incompatible with enterprise real-world computing systems to reduce the risk of attack propagation into actual infrastructure. Our design also provides a tool to convert in-development automated cyber attack tools into to executable test binaries for validation and usage realistic enterprise system environments if required. Our experiments tested automated attack tools on our proposed system to validate the usability of our proposed environment. Our experiments also proved the safety of our environment by compatibility testing using simple malicious code.

[1]  David Brumley,et al.  The Cyber Grand Challenge and the Future of Cyber-Autonomy , 2018, login Usenix Mag..

[2]  Siani Pearson,et al.  A toolkit for automating compliance in cloud computing services , 2014, Int. J. Cloud Comput..

[3]  Zhaoquan Gu,et al.  Crowdsourcing Approach for Developing Hands-On Experiments in Cybersecurity Education , 2019, IEEE Access.

[4]  Joseph Yuen Automated Cyber Red Teaming , 2015 .

[5]  Ryan K L Ko Cyber Autonomy: Automating the Hacker- Self-healing, self-adaptive, automatic cyber defense systems and their impact to the industry, society and national security , 2020, ArXiv.

[6]  Lionel C. Briand,et al.  Automated testing for SQL injection vulnerabilities: an input mutation approach , 2014, ISSTA 2014.

[7]  Adam Amos-Binks,et al.  Efficient attack plan recognition using automated planning , 2017, 2017 IEEE Symposium on Computers and Communications (ISCC).

[8]  Ryan K. L. Ko,et al.  Taxonomy of Man-in-the-Middle Attacks on HTTPS , 2016, 2016 IEEE Trustcom/BigDataSE/ISPA.

[9]  Wenliang Du,et al.  SEED: Hands-On Lab Exercises for Computer Security Education , 2011, IEEE Security & Privacy.

[10]  Charalampos Manifavas,et al.  An automated network intrusion process and countermeasures , 2015, Panhellenic Conference on Informatics.

[11]  Yongjie Wang,et al.  Survey on Memory Corruption Mitigation , 2019, 2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC).

[12]  Jingyue Li,et al.  The AI-Based Cyber Threat Landscape , 2020, ACM Comput. Surv..

[13]  Jon Davis,et al.  A Survey of Cyber Ranges and Testbeds , 2013 .

[14]  David Brumley,et al.  Unleashing Mayhem on Binary Code , 2012, 2012 IEEE Symposium on Security and Privacy.

[15]  Timea Pahi,et al.  Design Considerations for Cyber Security Testbeds: A Case Study on a Cyber Security Testbed for Education , 2017, 2017 IEEE 15th Intl Conf on Dependable, Autonomic and Secure Computing, 15th Intl Conf on Pervasive Intelligence and Computing, 3rd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech).

[16]  Ryan K. L. Ko,et al.  A Global, Empirical Analysis of the Shellshock Vulnerability in Web Applications , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[17]  Ryan K. L. Ko,et al.  Understanding cloud failures , 2012 .

[18]  Koen Koning,et al.  Towards Automated Vulnerability Scanning of Network Servers , 2018, EuroSec@EuroSys.

[19]  Jason Wright,et al.  BP: DECREE: A Platform for Repeatable and Reproducible Security Experiments , 2018, 2018 IEEE Cybersecurity Development (SecDev).

[20]  Giovanni Vigna,et al.  Mechanical Phish: Resilient Autonomous Hacking , 2018, IEEE Security & Privacy.

[21]  Terry V. Benzel The science of cyber security experimentation: the DETER project , 2011, ACSAC '11.

[22]  Christopher Krügel,et al.  SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[23]  Tanveer A. Zia,et al.  A Survey of Anomaly and Automation from a Cybersecurity Perspective , 2018, 2018 IEEE Globecom Workshops (GC Wkshps).

[24]  Jinxiong Zhao,et al.  An Automated Composite Scanning Tool with Multiple Vulnerabilities , 2019, 2019 IEEE 3rd Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC).

[25]  Ryan K. L. Ko,et al.  Data Accountability in Cloud Systems , 2014 .

[26]  Graham Smith The intelligent solution: automation, the skills shortage and cyber-security , 2018 .

[27]  Steven Furnell,et al.  The Morris Worm at 30 , 2019, ITNOW.

[28]  Ryan K. L. Ko,et al.  The Cloud Security Ecosystem - Technical, Legal, Business and Management Issues , 2015 .

[29]  Vasileios Gkioulos,et al.  Cyber ranges and security testbeds: Scenarios, functions, tools and architecture , 2020, Comput. Secur..

[30]  Wim Mees,et al.  Building a Cyber Range for training CyberDefense Situation Awareness , 2019, 2019 International Conference on Military Communications and Information Systems (ICMCIS).