Building automatic and intelligent cyber attack-defense platform

Chung Kuan Chen, Shiuhpyng Shieh

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

In this paper, an Automated Cyber Attack-Defense System (ACADS) is proposed in which various information systems are integrated and interconnected together through a flexible interface to establish the attack-defense test platform. Considering the variety of information systems, ACADS is not conducted using a single technique but a composite of multiple attack and defense techniques. ACADS is equipped with various classes of attack and defense systems. It consists of three subsystems: Reconnaissance, offense, and defense. For each subsystem, the current status of existing systems is first summarized, and then customized systems are proposed to complement these existing systems. The first subsystem, reconnaissance, aims to collect information of targets in order to assist both offense and defense subsystems. Among all reconnaissance systems, VulCrawl we propose is a reconnaissance subsystem to discover hidden entry points and related information in a large website. With this information, the offense subsystem can launch attacks in three different cases where source code, binary programs, and no information is available. In the case that source code is available, program analysis techniques can be utilized to discover vulnerabilities. Web Injection Scanner (WIS) is developed to discover injection vulnerabilities via string analysis. In the case that binary programs are available, Binary Vulnerability Assessment (BVA) automatically reverse binary programs with symbolic execution and model checking to find vulnerabilities. Even in the case that no information is available, VulScanner we propose can still be used to generate and mutate attack payload for web-based applications. In contrast to the offense subsystem, the defense subsystem is used to protect the system. While system defensive modules, such as WAF and IDS, protect the system without modifying vulnerable software, software repair modules directly patch the software to eliminate vulnerabilities. In this subsystem, BinaryPatcher and WebPatcher are proposed to repair binary and web applications.

Original languageEnglish
Title of host publicationProceedings of the 17th European Conference on Cyber Warfare and Security, ECCWS 2018
EditorsAudun Josang
PublisherCurran Associates Inc.
Pages96-105
Number of pages10
ISBN (Electronic)9781911218852
StatePublished - 1 Jan 2018
Event17th European Conference on Cyber Warfare and Security, ECCWS 2018 - Oslo, Norway
Duration: 28 Jun 201829 Jun 2018

Publication series

NameEuropean Conference on Information Warfare and Security, ECCWS
Volume2018-June
ISSN (Print)2048-8602
ISSN (Electronic)2048-8610

Conference

Conference17th European Conference on Cyber Warfare and Security, ECCWS 2018
CountryNorway
CityOslo
Period28/06/1829/06/18

Keywords

  • Attack
  • Cyber warfare
  • Cybersecurity
  • Defense
  • Security vulnerability
  • Software repair

Fingerprint Dive into the research topics of 'Building automatic and intelligent cyber attack-defense platform'. Together they form a unique fingerprint.

Cite this