Abstract
Identifying patterns in the modus operandi of attackers is an essential requirement in the study of Advanced Persistent Threats. Previous studies have been hampered by the lack of accurate, relevant, and representative datasets of current threats. System logs and network traffic captured during attacks on real companies’ information systems are the best data sources to build such datasets. Unfortunately, for apparent reasons of companies’ reputation, privacy, and security, such data is seldom available. This article proposes an alternative approach to such issues involved with collecting data. It first presents a formal model of an attacker’s tactical progression during their network propagation phase. Such a progression is expressed according to the attacker’s state, called muSE, which specifies their propagation area, collected secrets, and knowledge of the environment. The new model wields the operational semantics of attack techniques proposed in this article. The semantics formally define a transition relation between attackers’ states. Hence, it can be used to describe an entire attack scenario. This formalization allows the ability to describe the PWNJUTSU experiment unequivocally. In this experiment, 22 Red Teamers attacked the vulnerable infrastructure to compromise machines and steal secret flags. Each Red Teamer operated on a dedicated instance. Sensors captured system logs and network traffic on each of these instances. This article’s second contribution is the public release of the PWNJUTSU dataset.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
More From: IEEE Transactions on Network and Service Management
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.