SVED: Scanning, Vulnerabilities, Exploits and Detection

This paper presents the Scanning, Vulnerabilities, Exploits and Detection tool (SVED). SVED facilitates reliable and repeatable cyber security experiments by providing a means to design, execute and log malicious actions, such as software exploits, as well the alerts provided by intrusion detection systems. Due to its distributed architecture, it is able to support large experiments with thousands of attackers, sensors and targets. SVED is automatically updated with threat intelligence information from various services.

[1]  Anas Abou El Kalam,et al.  A model-driven approach for experimental evaluation of intrusion detection systems , 2014, Secur. Commun. Networks.

[2]  Carlos Sarraute,et al.  Simulating cyber-attacks for fun and profit , 2009, SIMUTools 2009.

[3]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[4]  Mathias Ekstedt,et al.  The Cyber Security Modeling Language: A Tool for Assessing the Vulnerability of Enterprise System Architectures , 2013, IEEE Systems Journal.

[5]  Joseph Yuen,et al.  Automated Cyber Red Teaming , 2015 .

[6]  Wenke Lee,et al.  Attack plan recognition and prediction using causal networks , 2004, 20th Annual Computer Security Applications Conference.

[7]  Fabio Massacci,et al.  Quantitative Assessment of Risk Reduction with Cybercrime Black Market Monitoring , 2013, 2013 IEEE Security and Privacy Workshops.

[8]  Andrew W. Appel,et al.  MulVAL: A Logic-based Network Security Analyzer , 2005, USENIX Security Symposium.

[9]  Vilhelm Verendel,et al.  Quantified security is a weak hypothesis: a critical survey of results and assumptions , 2009, NSPW '09.

[10]  David M. Nicol,et al.  RINSE: The Real-Time Immersive Network Simulation Environment for Network Security Exercises (Extended Version) , 2006, Simul..

[11]  Khurram Shahzad,et al.  P2CySeMoL: Predictive, Probabilistic Cyber Security Modeling Language , 2015, IEEE Trans. Dependable Secur. Comput..

[12]  Moises Sudit,et al.  Cyber attack modeling and simulation for network security analysis , 2007, 2007 Winter Simulation Conference.

[13]  Daniel R. Tauritz,et al.  DCAFE: A Distributed Cyber Security Automation Framework for Experiments , 2014, 2014 IEEE 38th International Computer Software and Applications Conference Workshops.

[14]  Kevin Costantini Development of a cyber attack simulator for network modeling and cyber security analysis , 2007 .

[15]  Mathias Ekstedt,et al.  Empirical Analysis of System-Level Vulnerability Metrics through Actual Attacks , 2012, IEEE Transactions on Dependable and Secure Computing.

[16]  Teodor Sommestad,et al.  An empirical test of the accuracy of an attack graph analysis tool , 2015, Inf. Comput. Secur..

[17]  David Levin Lessons learned in using live red teams in IA experiments , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[18]  Teodor Sommestad,et al.  Experimentation on operational cyber security in CRATE Teodor Sommestad , 2017 .

[19]  Jelena Mirkovic,et al.  Testing a Collaborative DDoS Defense In a Red Team/Blue Team Exercise , 2008, IEEE Transactions on Computers.

[20]  Jörg Hoffmann,et al.  Simulated Penetration Testing: From "Dijkstra" to "Turing Test++" , 2015, ICAPS.

[21]  Xinming Ou,et al.  Practical IDS alert correlation in the face of dynamic threats , 2011 .