Building automatic and intelligent cyber attack-defense platform

Chung Kuan Chen, Shiuhpyng Shieh

研究成果: Conference contribution同行評審

摘要

In this paper, an Automated Cyber Attack-Defense System (ACADS) is proposed in which various information systems are integrated and interconnected together through a flexible interface to establish the attack-defense test platform. Considering the variety of information systems, ACADS is not conducted using a single technique but a composite of multiple attack and defense techniques. ACADS is equipped with various classes of attack and defense systems. It consists of three subsystems: Reconnaissance, offense, and defense. For each subsystem, the current status of existing systems is first summarized, and then customized systems are proposed to complement these existing systems. The first subsystem, reconnaissance, aims to collect information of targets in order to assist both offense and defense subsystems. Among all reconnaissance systems, VulCrawl we propose is a reconnaissance subsystem to discover hidden entry points and related information in a large website. With this information, the offense subsystem can launch attacks in three different cases where source code, binary programs, and no information is available. In the case that source code is available, program analysis techniques can be utilized to discover vulnerabilities. Web Injection Scanner (WIS) is developed to discover injection vulnerabilities via string analysis. In the case that binary programs are available, Binary Vulnerability Assessment (BVA) automatically reverse binary programs with symbolic execution and model checking to find vulnerabilities. Even in the case that no information is available, VulScanner we propose can still be used to generate and mutate attack payload for web-based applications. In contrast to the offense subsystem, the defense subsystem is used to protect the system. While system defensive modules, such as WAF and IDS, protect the system without modifying vulnerable software, software repair modules directly patch the software to eliminate vulnerabilities. In this subsystem, BinaryPatcher and WebPatcher are proposed to repair binary and web applications.

原文English
主出版物標題Proceedings of the 17th European Conference on Cyber Warfare and Security, ECCWS 2018
編輯Audun Josang
發行者Curran Associates Inc.
頁面96-105
頁數10
ISBN(電子)9781911218852
出版狀態Published - 6月 2018
事件17th European Conference on Cyber Warfare and Security, ECCWS 2018 - Oslo, 挪威
持續時間: 28 6月 201829 6月 2018

出版系列

名字European Conference on Information Warfare and Security, ECCWS
2018-June
ISSN(列印)2048-8602
ISSN(電子)2048-8610

Conference

Conference17th European Conference on Cyber Warfare and Security, ECCWS 2018
國家/地區挪威
城市Oslo
期間28/06/1829/06/18

指紋

深入研究「Building automatic and intelligent cyber attack-defense platform」主題。共同形成了獨特的指紋。

引用此