Simulating cyber-attacks for fun and profit

We introduce a new simulation platform called Insight, created to design and simulate cyber-attacks against large arbitrary target scenarios. Insight has surprisingly low hardware and configuration requirements, while making the simulation a realistic experience from the attacker's standpoint. The scenarios include a crowd of simulated actors: network devices, hardware devices, software applications, protocols, users, etc. A novel characteristic of this tool is to simulate vulnerabilities (including 0-days) and exploits, allowing an attacker to compromise machines and use them as pivoting stones to continue the attack. A user can test and modify complex scenarios, with several interconnected networks, where the attacker has no initial connectivity with the objective of the attack. We give a concise description of this new technology, and its possible uses in the security research field, such as pen-testing training, study of the impact of 0-days vulnerabilities, evaluation of security countermeasures, and risk assessment tool.

[1]  Sahin Albayrak,et al.  Application-level simulation for network security , 2008, Simutools 2008.

[2]  Farnam Jahanian,et al.  The Internet Motion Sensor - A Distributed Blackhole Monitoring System , 2005, NDSS.

[3]  L. Spitzner,et al.  Honeypots: Tracking Hackers , 2002 .

[4]  A. One,et al.  Smashing The Stack For Fun And Profit , 1996 .

[5]  Kevin A. Kwiat,et al.  Modeling the spread of active worms , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[6]  Jeff Dike,et al.  User-mode Linux , 2006, Annual Linux Showcase & Conference.

[7]  Michael Vrable,et al.  Scalability, fidelity, and containment in the potemkin virtual honeyfarm , 2005, SOSP '05.

[8]  Renzo Davoli VDE: virtual distributed Ethernet , 2005, First International Conference on Testbeds and Research Infrastructures for the DEvelopment of NeTworks and COMmunities.

[9]  Jelena Mirkovic,et al.  Distributed worm simulation with a realistic Internet model , 2005, Workshop on Principles of Advanced and Distributed Simulation (PADS'05).

[10]  S. M. Bellovin,et al.  Security problems in the TCP/IP protocol suite , 1989, CCRV.

[11]  Stefan Savage,et al.  Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[12]  Carlos Sarraute,et al.  Building Computer Network Attacks , 2010, ArXiv.

[13]  Vinod Yegneswaran,et al.  On the Design and Use of Internet Sinks for Network Abuse Monitoring , 2004, RAID.

[14]  David M. Nicol,et al.  RINSE: the real-time immersive network simulation environment for network security exercises , 2005, Workshop on Principles of Advanced and Distributed Simulation (PADS'05).

[15]  Niels Provos,et al.  A Virtual Honeypot Framework , 2004, USENIX Security Symposium.

[16]  Jean-Vincent Loddo Lipn,et al.  Marionnet: a virtual network laboratory and simulation , 2008, Simutools 2008.

[17]  Robert Stone,et al.  A Snapshot of Global Internet Worm Activity , 2001 .

[18]  Bernhard Plattner,et al.  Large-scale vulnerability analysis , 2006, LSAD '06.