HARMer: Cyber-attacks Automation and Evaluation

With the increasing growth of cyber-attack incidences, it is important to develop innovative and effective techniques to assess and defend networked systems against cyber attacks. One of the well-known techniques for this is performing penetration testing which is carried by a group of security prof...

Full description

Saved in:
Bibliographic Details
Published in:arXiv.org 2020-07
Main Authors: Simon Yusuf Enoch, Huang, Zhibin, Chun Yong Moon, Lee, Donghwan, Ahn, Myung Kil, Kim, Dong Seong
Format: Article
Language:English
Subjects:
Algorithms
Automation
Cybersecurity
Graphical representations
Penetration
Quality assessment
Security management
System effectiveness
Threat evaluation
Web services
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:With the increasing growth of cyber-attack incidences, it is important to develop innovative and effective techniques to assess and defend networked systems against cyber attacks. One of the well-known techniques for this is performing penetration testing which is carried by a group of security professionals (i.e, red team). Penetration testing is also known to be effective to find existing and new vulnerabilities, however, the quality of security assessment can be depending on the quality of the red team members and their time and devotion to the penetration testing. In this paper, we propose a novel automation framework for cyber-attacks generation named `HARMer' to address the challenges with respect to manual attack execution by the red team. Our novel proposed framework, design, and implementation is based on a scalable graphical security model called Hierarchical Attack Representation Model (HARM). (1) We propose the requirements and the key phases for the automation framework. (2) We propose security metrics-based attack planning strategies along with their algorithms. (3) We conduct experiments in a real enterprise network and Amazon Web Services. The results show how the different phases of the framework interact to model the attackers' operations. This framework will allow security administrators to automatically assess the impact of various threats and attacks in an automated manner.
ISSN:2331-8422
DOI:10.48550/arxiv.2006.14352