HARMer: Cyber-Attacks Automation and Evaluation

With the increasing growth of cyber-attack incidences, it is important to develop innovative and effective techniques to assess and defend networked systems against cyber attacks. One of the well-known techniques for this is performing penetration testing which is carried by a group of security professionals (i.e, red team). Penetration testing is also known to be effective to find existing and new vulnerabilities, however, the quality of security assessment can be depending on the quality of the red team members and their time and devotion to the penetration testing. In this paper, we propose a novel automation framework for cyber-attacks generation named ‘HARMer’ to address the challenges with respect to manual attack execution by the red team. Our novel proposed framework, design, and implementation is based on a scalable graphical security model called Hierarchical Attack Representation Model (HARM). (1) We propose the requirements and the key phases for the automation framework. (2) We propose security metrics-based attack planning strategies along with their algorithms. (3) We conduct experiments in a real enterprise network and Amazon Web Services. The results show how the different phases of the framework interact to model the attackers’ operations. This framework will allow security administrators to automatically assess the impact of various threats and attacks in an automated manner.

[1]  Michael E. Kuhl,et al.  Cyber threat assessment via attack scenario simulation using an integrated adversary and network modeling approach , 2018 .

[2]  Olivier Buffet,et al.  Penetration Testing == POMDP Solving? , 2013, AISec 2013.

[3]  Doug Miller,et al.  Intelligent, automated red team emulation , 2016, ACSAC.

[4]  W. Marsden I and J , 2012 .

[5]  Frank K. Gürkaynak,et al.  Red team vs. blue team hardware trojan analysis: detection of a hardware trojan on an actual ASIC , 2013, HASP '13.

[6]  Chwee Seng Choo,et al.  Automated red teaming: a proposed framework for military application , 2007, GECCO '07.

[7]  Richard Lippmann,et al.  Practical Attack Graph Generation for Network Defense , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[8]  Robert J. Ellison,et al.  Attack Trees , 2009, Encyclopedia of Biometrics.

[9]  Benjamin Turnbull,et al.  Visual analytics for cyber red teaming , 2015, 2015 IEEE Symposium on Visualization for Cyber Security (VizSec).

[10]  Jin B. Hong,et al.  Multi-Objective Security Hardening Optimisation for Dynamic Networks , 2019, ICC 2019 - 2019 IEEE International Conference on Communications (ICC).

[11]  Jin B. Hong,et al.  Composite Metrics for Network Security Analysis , 2020, ArXiv.

[12]  Jin B. Hong,et al.  Towards scalable security analysis using multi-layered security models , 2016, J. Netw. Comput. Appl..

[13]  Eric Michael Hutchins,et al.  Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains , 2010 .

[14]  Jin B. Hong,et al.  Automated security investment analysis of dynamic networks , 2018, ACSW.

[15]  Nirnay Ghosh,et al.  An Intelligent Technique for Generating Minimal Attack Graph , .

[16]  Scott A. DeLoach,et al.  Metrics of Security , 2014, Cyber Defense and Situational Awareness.

[17]  K. Jayanthi,et al.  Techniques for automated network map generation using SNMP , 1996, Proceedings of IEEE INFOCOM '96. Conference on Computer Communications.

[18]  Cynthia A. Phillips,et al.  Computer-attack graph generation tool , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[19]  Indrajit Ray,et al.  Dynamic Security Risk Management Using Bayesian Attack Graphs , 2012, IEEE Transactions on Dependable and Secure Computing.

[20]  Asad Waqar Malik,et al.  A machine learning framework for investigating data breaches based on semantic analysis of adversary's attack patterns in threat intelligence repositories , 2019, Future Gener. Comput. Syst..

[21]  Igor V. Kotenko,et al.  Attack Graph Based Evaluation of Network Security , 2006, Communications and Multimedia Security.

[22]  Thomas M. Chen,et al.  Reinforcement Learning for Efficient Network Penetration Testing , 2019, Inf..

[23]  Jin B. Hong,et al.  A systematic evaluation of cybersecurity metrics for dynamic networks , 2018, Comput. Networks.

[24]  Benjamin Turnbull,et al.  Mission-Centric Automated Cyber Red Teaming , 2018, ARES.

[25]  Robert G. Abbott,et al.  Simulation of Workflow and Threat Characteristics for Cyber Security Incident Response Teams , 2014 .

[26]  Marco Cremonini,et al.  Evaluating Information Security Investments from Attackers Perspective: the Return-On-Attack (ROA) , 2005, WEIS.

[27]  Mark S. Boddy,et al.  Course of Action Generation for Cyber Security Using Classical Planning , 2005, ICAPS.

[28]  Dennis Lee Bergin Cyber-attack and defense simulation framework , 2015 .

[29]  Prateek Mittal,et al.  Mirage: Towards Deployable DDoS Defense for Web Applications , 2011 .

[30]  Viliam Lisý,et al.  Hardening networks against strategic attackers using attack graph games , 2019, Comput. Secur..

[31]  Jin B. Hong,et al.  HARMs: Hierarchical Attack Representation Models for Network Security Analysis , 2012, AISM 2012.

[32]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[33]  Carlos Sarraute,et al.  An algorithm to find optimal attack paths in nondeterministic scenarios , 2011, AISec '11.

[34]  Shouhuai Xu Collaborative Attack vs. Collaborative Defense , 2008, CollaborateCom.

[35]  Florian Kammüller,et al.  Externalizing Behaviour for Analysing System Models , 2013, J. Internet Serv. Inf. Secur..

[36]  Zahid Anwar,et al.  SCERM - A novel framework for automated management of cyber threat response activities , 2020, Future Gener. Comput. Syst..

[37]  Carlos Sarraute,et al.  Attack Planning in the Real World , 2013, ArXiv.

[38]  Zahid Anwar,et al.  A Supervised Machine Learning Based Approach for Automatically Extracting High-Level Threat Intelligence from Unstructured Sources , 2018, 2018 International Conference on Frontiers of Information Technology (FIT).

[39]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[40]  Ron Alford,et al.  Automated Adversary Emulation : A Case for Planning and Acting with Unknowns , 2018 .

[41]  Babu M. Mehtre,et al.  Vulnerability Assessment & Penetration Testing as a Cyber Defence Technology , 2015 .

[42]  Bill Chu,et al.  Learning APT chains from cyber threat intelligence , 2019, HotSoS.

[43]  Carter Matherly,et al.  The Red Teaming Essential , 2013 .

[44]  Sushil Jajodia,et al.  An Attack Graph-Based Probabilistic Security Metric , 2008, DBSec.

[45]  Victor Tay,et al.  Automated Red Teaming: An objective-based Data Farming approach for Red Teaming , 2008, 2008 Winter Simulation Conference.

[46]  Stephen Moskal Knowledge-based Decision Making for Simulating Cyber Attack Behaviors , 2016 .

[47]  Fabio Massimo Zennaro,et al.  Modeling Penetration Testing with Reinforcement Learning Using Capture-the-Flag Challenges and Tabular Q-Learning , 2020, ArXiv.

[48]  Sushil Jajodia,et al.  Network Attack Surface: Lifting the Concept of Attack Surface to the Network Level for Evaluating Networks’ Resilience Against Zero-Day Attacks , 2021, IEEE Transactions on Dependable and Secure Computing.

[49]  Christian W. Probst,et al.  An extensible analysable system model , 2008, Inf. Secur. Tech. Rep..