nach oben

Erschienen in:

2024 | OriginalPaper | Buchkapitel

URSID: Automatically Refining a Single Attack Scenario into Multiple Cyber Range Architectures

verfasst von : Pierre-Victor Besson, Valérie Viet Triem Tong, Gilles Guette, Guillaume Piolle, Erwan Abgrall

Erschienen in: Foundations and Practice of Security

Verlag: Springer Nature Switzerland

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Contrary to intuition, insecure computer network architectures are valuable assets in IT security. Indeed, such architectures (referred to as cyber-ranges) are commonly used to train red teams and test security solutions, in particular ones related to supervision security. Unfortunately, the design and deployment of these cyber-ranges is costly, as they require designing an attack scenario from scratch and then implementing it in an architecture on a case-by-case basis, through manual choices of machines/users, OS versions, available services and configuration choices. This article presents URSID, a framework for automatic deployment of cyber-ranges based on the formal description of attack scenarios. The scenario is described at the technical attack level according to the MITRE nomenclature, refined into several variations (instances) at the procedural level and then deployed in virtual multiple architectures. URSID thus automates costly manual tasks and allows to have several instances of the same scenario on architectures with different OS, software or account configurations. URSID has been successfully tested in an academic cyber attack and defense training exercise.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel A Small World–Privacy Preserving IoT Device-Type Fingerprinting with Small Datasets

Nächstes Kapitel Does the Anchoring Effect Influence Individuals’ Anti-phishing Behavior Intentions?

We are here using the official MITRE numerotation for techniques.

We throughout this work will refer to the attacker’s machine as Attacker and consider they have complete control of it.

Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 217-224. CCS ’02, Association for Computing Machinery, New York, NY, USA (2002). https://doi.org/10.1145/586110.586140, https://doi.org/10.1145/586110.586140

BESSON, P.V.: Ursid repository (2023). https://gitlab.inria.fr/pibesson/ursid-final

Besson, P.V., et al.: CERBERE: cybersecurity exercise for red and blue team entertainment, reproducibility. In: CyberHunt 2023 - 6th Annual Workshop on Cyber Threat Intelligence and Hunting. IEEE Computer Society, Sorrento, Italy (Dec 2023). https://centralesupelec.hal.science/hal-04285565

Corporation, O.: Virtualbox (2005). https://www.virtualbox.org/

Costa, G., Russo, E., Armando, A.: Automating the generation of cyber range virtual scenarios with VSDL. J. Wirel. Mobile Netw., Ubiquit. Comput., Dependable Appl. 13(4), 61–80 (dec 2022). https://doi.org/10.58346/jowua.2022.i4.004, https://doi.org/10.58346

FBI: Internet crime report 2021 (2021). https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf

HashiCorp: Vagrant (2010). https://www.vagrantup.com/

Hat, R.: Cve-2019-14287 (2019). https://access.redhat.com/security/cve/cve-2019-14287

Hemberg, E., et al.: Linking threat tactics, techniques, and patterns with defensive weaknesses, vulnerabilities and affected platform configurations for cyber hunting (2021)

10.

HQ, S.: Generic signature format for siem systems (2017). https://github.com/SigmaHQ/sigma

11.

Inc, A.: Ansible (2012). https://www.ansible.com/

12.

Mensah, P.: Generation and Dynamic Update of Attack Graphs in Cloud Providers Infrastructures. Ph.D. thesis, CentraleSupélec, Châtenay-Malabry, France (2019). https://tel.archives-ouvertes.fr/tel-02416305

13.

MITRE: The mitre att &ck matrix for enterprise (2018). https://attack.mitre.org/matrices/enterprise//

14.

MITRE: Apt29 adversary emulation (2021). https://github.com/center-for-threat-informed-defense/adversary_emulation_library/tree/master/apt29

15.

NIST: Cyber ranges (2018). https://www.nist.gov/system/files/documents/2018/02/13/cyber_ranges.pdf

16.

NIST: Cve-2021-4034 detail (2021). https://nvd.nist.gov/vuln/detail/cve-2021-4034

17.

Outkin, A.V., Schulz, P.V., Schulz, T., Tarman, T.D., Pinar, A.: Defender policy evaluation and resource allocation using mitre attck evaluations data (2021)

18.

Russo, E., Costa, G., Armando, A.: Scenario design and validation for next generation cyber ranges. In: 2018 IEEE 17th International Symposium on Network Computing and Applications (NCA), pp. 1–4 (2018). https://doi.org/10.1109/NCA.2018.8548324

19.

Schreuders, C.: Security scenario generator (secgen). https://github.com/cliffe/secgen (2017), https://github.com/cliffe/SecGen

20.

Sharma, Y., Birnbach, S., Martinovic, I.: Radar: A ttp-based extensible, explainable, and effective system for network traffic analysis and malware detection (2023)

21.

Venkatesan, S., et al.: Vulnervan: A vulnerable network generation tool. In: MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM), pp. 1–6 (2019). https://doi.org/10.1109/MILCOM47813.2019.9021013

22.

Yamin, M.M., Katt, B.: Modeling and executing cyber security exercise scenarios in cyber ranges. Comput. Secur. 116, 102635 (2022). https://doi.org/10.1016/j.cose.2022.102635, https://www.sciencedirect.com/science/article/pii/S0167404822000347

Titel: URSID: Automatically Refining a Single Attack Scenario into Multiple Cyber Range Architectures
verfasst von: Pierre-Victor Besson
Valérie Viet Triem Tong
Gilles Guette
Guillaume Piolle
Erwan Abgrall
Verlag: Springer Nature Switzerland
Buch: Foundations and Practice of Security
Print ISBN: 978-3-031-57536-5

Electronic ISBN: 978-3-031-57537-2

Copyright-Jahr: 2024
DOI: https://doi.org/10.1007/978-3-031-57537-2_8

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner