Cyber threat assessment via attack scenario simulation using an integrated adversary and network modeling approach

Moskal, Stephen; Yang, Shanchieh Jay; Kühl, Michael

doi:10.1177/1548512917725408

Cited by 25 publications

(9 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This framework utilizes Cyber Kill Chain behavior to model an attacker's decisions while taking into account what the attacker knows, how the attacker learns about the network, the vulnerabilities, and targets. Similar to our work is the extension provided by Moskal et al [39], which proposed the red and blue team's simulation framework to show the interplay between an attacker and defender. The framework was defined based on the network, the attackers, and the intentions, the dependencies between the attacker and the network including capabilities and pref-erences.…”

Section: A Security Model Automation For Red Team and Blue Teammentioning

confidence: 71%

HARMer: Cyber-Attacks Automation and Evaluation

et al. 2020

View full text Add to dashboard Cite

With the increasing growth of cyber-attack incidences, it is important to develop innovative and effective techniques to assess and defend networked systems against cyber attacks. One of the well-known techniques for this is performing penetration testing which is carried by a group of security professionals (i.e, red team). Penetration testing is also known to be effective to find existing and new vulnerabilities, however, the quality of security assessment can be depending on the quality of the red team members and their time and devotion to the penetration testing. In this paper, we propose a novel automation framework for cyber-attacks generation named 'HARMer' to address the challenges with respect to manual attack execution by the red team. Our novel proposed framework, design, and implementation is based on a scalable graphical security model called Hierarchical Attack Representation Model (HARM). (1) We propose the requirements and the key phases for the automation framework. (2) We propose security metrics-based attack planning strategies along with their algorithms. (3) We conduct experiments in a real enterprise network and Amazon Web Services. The results show how the different phases of the framework interact to model the attackers' operations. This framework will allow security administrators to automatically assess the impact of various threats and attacks in an automated manner.

show abstract

Section: A Security Model Automation For Red Team and Blue Teammentioning

confidence: 71%

HARMer: Cyber-Attacks Automation and Evaluation

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Since cyberspace is subjected to severe attacks with drastic consequences at a very high speed and complete anonymity [62], modeling threats and vulnerabilities using a probabilistic approach in risk assessment might deliver a better prospect for the entire security system. PRA also includes analysis of adversaries that can be performed based on their capability, opportunity, and intent to build behavioral characteristics [18].…”

Section: H Discussionmentioning

confidence: 99%

“…The capability of the adversaries determines the severity level of the impact after attacks. The adversaries can consist of terrorists, criminals, extremists or demonstrators, outsider agents, and insider agents [18], [64], [44], [65], [66], with their respective capacity and capability based on their financial and technical assets. The better the capacity of the adversaries to execute the attack, the more significant is the probability of the attack succeeding.…”

Section: H Discussionmentioning

confidence: 99%

“…Table I provides summarized descriptions of the five aspects of cybersecurity management. Data encryption serves to enhance cybersecurity by eliminating the possibility of eavesdropping, data falsification, and data tempering [16], [17], [18]. Software and hardware must follow a strict quality assurance, for example, to avoid getting infected by viruses or worms from wider networks [2], [19].…”

Section: A Cybersecurity and Cyberattacksmentioning

confidence: 99%

See 1 more Smart Citation

Risk Assessment Methods for Cybersecurity in Nuclear Facilities: Compliance to Regulatory Requirements

Setianingsih¹,

Pulungan²,

Putra³

et al. 2021

IJACSA

View full text Add to dashboard Cite

As strategic infrastructures, nuclear facilities are considered attractive targets for attackers to commit their malicious intention. At the same time, for efficiency, those infrastructures are increasingly implemented, equipped with, and managed by digitally computerized systems. Attackers, therefore, try to realign their attack scenarios through such cyber systems. It is crucial to understand various existing risk assessment methods for cybersecurity in nuclear facilities to prevent such attacks. Risk assessment is designed to study the nature of the originated attack threats and the consequences implied. This paper studies a series of risk assessment methods implemented for security related to cybersecurity of strategic infrastructures, including nuclear facilities. Extended from cybersecurity, the required concepts in nuclear security cover defense-in-depth, synergy of safety and security, and probabilistic safety/risk assessment. Selecting cybersecurity risk assessment methods should integrate these three essential concepts in their evaluation. This paper highlights the suitable and appropriate risk assessment methods that meet security requirements in the nuclear industry as specified in the national and international regulations.

show abstract

“…The risk depends upon the paths where a vulnerability appears, and the policy computes the smallest set of patches to stop all the paths. We discover paths through twinbased adversary emulation (Applebaum et al 2016(Applebaum et al , 2017Eckhart and Ekelhart 2019;Moskal et al 2018;Strom et al 2018) and automate it through the Haruspex platform (Baiardi and Sgandurra 2013;. The platform uses the twins to run multiple independent adversary emulations to cover stochastic factors such as the success or the failure of an attack.…”

Section: Introductionmentioning

confidence: 99%

Twin Based Continuous Patching To Minimize Cyber Risk

Baiardi

Tonelli²

2021

Eur J Secur Res

View full text Add to dashboard Cite

Digital twins are virtual replicas to simulate the behavior of physical devices before they are built and to support their maintenance. We extend this technology to cybersecurity and integrate it with adversary emulation to define a remediation policy that selects and schedules patches for the vulnerabilities of an information and communication infrastructure before threat actors can exploit them. Distinct twins model, respectively, the infrastructure and threat actors. The former twin describes the infrastructure modules, their vulnerabilities, and the elementary attacks actors can implement. The attributes of the twin of a threat actor describe its attack surface, its goals, how it selects attacks, and it handles attack failures. The Haruspex software platform builds the twins of the infrastructure and those of the threat actors, and it automates the emulation of an actor. In this way, it can discover the attack paths the actor implements without disturbing the infrastructure. In each path, the actor composes elementary attacks to reach its goal. Multiple emulations can discover all the paths of an actor by covering stochastic factors such as attack success or failure. The knowledge of these paths enables the remediation policy to minimize the patches to deploy. Since new vulnerabilities continuously become public, new countermeasures are needed. A twin-based approach supports a continuous remediation process to handle changes in the infrastructure, new vulnerabilities, and new threat actors because the platform can update the twins and run adversary emulations. If new attack paths exist, the platform applies the remediation policy. Experimental data confirm the effectiveness of this approach.

show abstract

Cyber threat assessment via attack scenario simulation using an integrated adversary and network modeling approach

Cited by 25 publications

References 13 publications

HARMer: Cyber-Attacks Automation and Evaluation

HARMer: Cyber-Attacks Automation and Evaluation

Risk Assessment Methods for Cybersecurity in Nuclear Facilities: Compliance to Regulatory Requirements

Twin Based Continuous Patching To Minimize Cyber Risk

Contact Info

Product

Resources

About