HARMer: Cyber-Attacks Automation and Evaluation
With the increasing growth of cyber-attack incidences, it is important to develop innovative and effective techniques to assess and defend networked systems against cyber attacks. One of the well-known techniques for this is performing penetration testing which is carried by a group of security prof...
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2020-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9142179/ |
| _version_ | 1818351357813325824 |
|---|---|
| author | Simon Yusuf Enoch Zhibin Huang Chun Yong Moon Donghwan Lee Myung Kil Ahn Dong Seong Kim |
| author_facet | Simon Yusuf Enoch Zhibin Huang Chun Yong Moon Donghwan Lee Myung Kil Ahn Dong Seong Kim |
| author_sort | Simon Yusuf Enoch |
| collection | DOAJ |
| description | With the increasing growth of cyber-attack incidences, it is important to develop innovative and effective techniques to assess and defend networked systems against cyber attacks. One of the well-known techniques for this is performing penetration testing which is carried by a group of security professionals (i.e, red team). Penetration testing is also known to be effective to find existing and new vulnerabilities, however, the quality of security assessment can be depending on the quality of the red team members and their time and devotion to the penetration testing. In this paper, we propose a novel automation framework for cyber-attacks generation named `HARMer' to address the challenges with respect to manual attack execution by the red team. Our novel proposed framework, design, and implementation is based on a scalable graphical security model called Hierarchical Attack Representation Model (HARM). (1) We propose the requirements and the key phases for the automation framework. (2) We propose security metrics-based attack planning strategies along with their algorithms. (3) We conduct experiments in a real enterprise network and Amazon Web Services. The results show how the different phases of the framework interact to model the attackers' operations. This framework will allow security administrators to automatically assess the impact of various threats and attacks in an automated manner. |
| first_indexed | 2024-12-13T18:36:28Z |
| format | Article |
| id | doaj.art-42c90c7f836c4aab9c6160e8796c9e7b |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-12-13T18:36:28Z |
| publishDate | 2020-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-42c90c7f836c4aab9c6160e8796c9e7b2022-12-21T23:35:21ZengIEEEIEEE Access2169-35362020-01-01812939712941410.1109/ACCESS.2020.30097489142179HARMer: Cyber-Attacks Automation and EvaluationSimon Yusuf Enoch0https://orcid.org/0000-0002-0970-3621Zhibin Huang1Chun Yong Moon2Donghwan Lee3Myung Kil Ahn4Dong Seong Kim5School of Information Technology and Electrical Engineering, The University of Queensland, Brisbane, QLD, AustraliaSchool of Information Technology and Electrical Engineering, The University of Queensland, Brisbane, QLD, AustraliaSchool of Information Technology and Electrical Engineering, The University of Queensland, Brisbane, QLD, AustraliaThe 2nd Research and Development Institute - 3rd Directorate, Agency for Defense Development, Seoul, South KoreaThe 2nd Research and Development Institute - 3rd Directorate, Agency for Defense Development, Seoul, South KoreaSchool of Information Technology and Electrical Engineering, The University of Queensland, Brisbane, QLD, AustraliaWith the increasing growth of cyber-attack incidences, it is important to develop innovative and effective techniques to assess and defend networked systems against cyber attacks. One of the well-known techniques for this is performing penetration testing which is carried by a group of security professionals (i.e, red team). Penetration testing is also known to be effective to find existing and new vulnerabilities, however, the quality of security assessment can be depending on the quality of the red team members and their time and devotion to the penetration testing. In this paper, we propose a novel automation framework for cyber-attacks generation named `HARMer' to address the challenges with respect to manual attack execution by the red team. Our novel proposed framework, design, and implementation is based on a scalable graphical security model called Hierarchical Attack Representation Model (HARM). (1) We propose the requirements and the key phases for the automation framework. (2) We propose security metrics-based attack planning strategies along with their algorithms. (3) We conduct experiments in a real enterprise network and Amazon Web Services. The results show how the different phases of the framework interact to model the attackers' operations. This framework will allow security administrators to automatically assess the impact of various threats and attacks in an automated manner.https://ieeexplore.ieee.org/document/9142179/Attack automationattack planningblue teamcybersecurityoffensive securitypenetration testing |
| spellingShingle | Simon Yusuf Enoch Zhibin Huang Chun Yong Moon Donghwan Lee Myung Kil Ahn Dong Seong Kim HARMer: Cyber-Attacks Automation and Evaluation IEEE Access Attack automation attack planning blue team cybersecurity offensive security penetration testing |
| title | HARMer: Cyber-Attacks Automation and Evaluation |
| title_full | HARMer: Cyber-Attacks Automation and Evaluation |
| title_fullStr | HARMer: Cyber-Attacks Automation and Evaluation |
| title_full_unstemmed | HARMer: Cyber-Attacks Automation and Evaluation |
| title_short | HARMer: Cyber-Attacks Automation and Evaluation |
| title_sort | harmer cyber attacks automation and evaluation |
| topic | Attack automation attack planning blue team cybersecurity offensive security penetration testing |
| url | https://ieeexplore.ieee.org/document/9142179/ |
| work_keys_str_mv | AT simonyusufenoch harmercyberattacksautomationandevaluation AT zhibinhuang harmercyberattacksautomationandevaluation AT chunyongmoon harmercyberattacksautomationandevaluation AT donghwanlee harmercyberattacksautomationandevaluation AT myungkilahn harmercyberattacksautomationandevaluation AT dongseongkim harmercyberattacksautomationandevaluation |