Journal of the Korea Society of Computer and Information (한국컴퓨터정보학회논문지)

Korean Society of Computer Information (한국컴퓨터정보학회)
권호 표지
DOI QR코드

DOI QR Code

Design and Implementation of Cyber Attack Simulator based on Attack Techniques Modeling

  • Kang, Yong Goo (Graduate School of Information Security, Korea University) ;
  • Yoo, Jeong Do (Graduate School of Information Security, Korea University) ;
  • Park, Eunji (Graduate School of Information Security, Korea University) ;
  • Kim, Dong Hwa (The 2nd R&D Institute, Agency for Defense Development) ;
  • Kim, Huy Kang (Graduate School of Information Security, Korea University)
  • Received : 2020.02.28
  • Accepted : 2020.03.12
  • Published : 2020.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

With the development of information technology and the growth of the scale of system and network, cyber threats and crimes continue to increase. To cope with these threats, cybersecurity training based on actual attacks and defenses is required. However, cybersecurity training requires expert analysis and attack performance, which is inefficient in terms of cost and time. In this paper, we propose a cyber attack simulator that automatically executes attack techniques. This simulator generates attack scenarios by combining attack techniques modeled to be implemented and executes the attack by sequentially executing the derived scenarios. In order to verify the effectiveness of the proposed attack simulator, we experimented by setting an example attack goal and scenarios in a real environment. The attack simulator successfully performed five attack techniques to gain administrator privileges.

정보 기술의 발달과 시스템 및 네트워크의 규모가 증가함에 따라 사이버 위협 및 범죄가 꾸준히 증가하고 있다. 이러한 위협에 대응하기 위해서 실질적인 공격과 방어 기반의 사이버 보안 훈련이 필요하다. 그러나 사이버 보안 훈련은 전문가의 분석과 공격 수행능력을 요구하므로, 비용 및 시간적인 측면에서 비효율적이다. 본 논문에서는 공격 기법들을 자동으로 수행하는 사이버 공격 시뮬레이터를 제안한다. 이 시뮬레이터는 구현 가능하도록 모델링 된 공격 기법들을 조합하여 공격 시나리오를 도출하고, 도출된 시나리오들을 순차적으로 수행함으로써 공격을 수행한다. 제안하는 공격 시뮬레이터의 유효성을 검증하기 위해 실제 환경에서 예시 공격 목표와 시나리오를 설정하여 실험하였다. 이 공격 시뮬레이터는 5 가지 공격 기법을 자동으로 수행하여 관리자 권한을 획득하는 공격에 성공하였다.

Keywords

References

  1. P. Passeri, A year of cyber attacks, Available at https://www.hackmageddon.com/2019/01/15/2018-a-year-of-cyber-attacks.
  2. Vulnerability Quick View Report, Available at https://pages.riskbasedsecurity.com/2018-midyear-vulnerability-quickview-report.
  3. Locked Shields, Available at https://ccdcoe.org/exercises/locked-shields.
  4. CYBERGYM, Available at https://www.cybergym.com.
  5. CALDERA, Available at https://www.mitre.org/research/technology-transfer/open-source-software/caldera.
  6. MITRE ATT&CK, Available at https://attack.mitre.org.
  7. European Network and Information Security Agency, Available at https://www.enisa.europa.eu.
  8. Asia Pacific Computer Emergency Response Team, Available at https://www.apcert.org.
  9. Z. C. Schreuders, T. Shaw, M. Shan-A-Khuda, G. Ravichandran, J. Keighley, and M. Ordean, "Security Scenario Generator (SecGen): A Framework for Generating Randomly Vulnerable Rich-scenario VMs for Learning Computer Security and Hosting CTF Events," In 2017 USENIX Workshop on Advances in Security Education (ASE 17).
  10. J. Mirkovic, G. Bartlett, and J. Blythe, "DEW: Distributed Experiment Workflows," In 11th USENIX Workshop on Cyber Security Experimentation and Test (CSET 18).
  11. S. Wi, J. Choi, and S. K. Cha, "Git-based CTF: A Simple and Effective Approach to Organizing In-Course Attack-and-Defense Security Competition," In 2018 USENIX Workshop on Advances in Security Education (ASE 18).
  12. E. Trickel, F. Disperati, E. Gustafson, F. Kalantari, M. Mabey, N. Tiwari, Y. Safaei, A. Doupe, and G. Vigna, "Shell We Play A Game? CTF-as-a-service for Security Education," In 2017 USENIX Workshop on Advances in Security Education (ASE 17).