TY - GEN
T1 - Building automatic and intelligent cyber attack-defense platform
AU - Chen, Chung Kuan
AU - Shieh, Shiuhpyng
PY - 2018/6
Y1 - 2018/6
N2 - In this paper, an Automated Cyber Attack-Defense System (ACADS) is proposed in which various information systems are integrated and interconnected together through a flexible interface to establish the attack-defense test platform. Considering the variety of information systems, ACADS is not conducted using a single technique but a composite of multiple attack and defense techniques. ACADS is equipped with various classes of attack and defense systems. It consists of three subsystems: Reconnaissance, offense, and defense. For each subsystem, the current status of existing systems is first summarized, and then customized systems are proposed to complement these existing systems. The first subsystem, reconnaissance, aims to collect information of targets in order to assist both offense and defense subsystems. Among all reconnaissance systems, VulCrawl we propose is a reconnaissance subsystem to discover hidden entry points and related information in a large website. With this information, the offense subsystem can launch attacks in three different cases where source code, binary programs, and no information is available. In the case that source code is available, program analysis techniques can be utilized to discover vulnerabilities. Web Injection Scanner (WIS) is developed to discover injection vulnerabilities via string analysis. In the case that binary programs are available, Binary Vulnerability Assessment (BVA) automatically reverse binary programs with symbolic execution and model checking to find vulnerabilities. Even in the case that no information is available, VulScanner we propose can still be used to generate and mutate attack payload for web-based applications. In contrast to the offense subsystem, the defense subsystem is used to protect the system. While system defensive modules, such as WAF and IDS, protect the system without modifying vulnerable software, software repair modules directly patch the software to eliminate vulnerabilities. In this subsystem, BinaryPatcher and WebPatcher are proposed to repair binary and web applications.
AB - In this paper, an Automated Cyber Attack-Defense System (ACADS) is proposed in which various information systems are integrated and interconnected together through a flexible interface to establish the attack-defense test platform. Considering the variety of information systems, ACADS is not conducted using a single technique but a composite of multiple attack and defense techniques. ACADS is equipped with various classes of attack and defense systems. It consists of three subsystems: Reconnaissance, offense, and defense. For each subsystem, the current status of existing systems is first summarized, and then customized systems are proposed to complement these existing systems. The first subsystem, reconnaissance, aims to collect information of targets in order to assist both offense and defense subsystems. Among all reconnaissance systems, VulCrawl we propose is a reconnaissance subsystem to discover hidden entry points and related information in a large website. With this information, the offense subsystem can launch attacks in three different cases where source code, binary programs, and no information is available. In the case that source code is available, program analysis techniques can be utilized to discover vulnerabilities. Web Injection Scanner (WIS) is developed to discover injection vulnerabilities via string analysis. In the case that binary programs are available, Binary Vulnerability Assessment (BVA) automatically reverse binary programs with symbolic execution and model checking to find vulnerabilities. Even in the case that no information is available, VulScanner we propose can still be used to generate and mutate attack payload for web-based applications. In contrast to the offense subsystem, the defense subsystem is used to protect the system. While system defensive modules, such as WAF and IDS, protect the system without modifying vulnerable software, software repair modules directly patch the software to eliminate vulnerabilities. In this subsystem, BinaryPatcher and WebPatcher are proposed to repair binary and web applications.
KW - Attack
KW - Cyber warfare
KW - Cybersecurity
KW - Defense
KW - Security vulnerability
KW - Software repair
UR - http://www.scopus.com/inward/record.url?scp=85050817675&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85050817675
T3 - European Conference on Information Warfare and Security, ECCWS
SP - 96
EP - 105
BT - Proceedings of the 17th European Conference on Cyber Warfare and Security, ECCWS 2018
A2 - Josang, Audun
PB - Curran Associates Inc.
T2 - 17th European Conference on Cyber Warfare and Security, ECCWS 2018
Y2 - 28 June 2018 through 29 June 2018
ER -