648 research outputs found
Automated Adversary Emulation for Cyber-Physical Systems via Reinforcement Learning
Adversary emulation is an offensive exercise that provides a comprehensive
assessment of a system's resilience against cyber attacks. However, adversary
emulation is typically a manual process, making it costly and hard to deploy in
cyber-physical systems (CPS) with complex dynamics, vulnerabilities, and
operational uncertainties. In this paper, we develop an automated, domain-aware
approach to adversary emulation for CPS. We formulate a Markov Decision Process
(MDP) model to determine an optimal attack sequence over a hybrid attack graph
with cyber (discrete) and physical (continuous) components and related physical
dynamics. We apply model-based and model-free reinforcement learning (RL)
methods to solve the discrete-continuous MDP in a tractable fashion. As a
baseline, we also develop a greedy attack algorithm and compare it with the RL
procedures. We summarize our findings through a numerical study on sensor
deception attacks in buildings to compare the performance and solution quality
of the proposed algorithms.Comment: To appear in the Proceedings of the 18th IEEE International
Conference on Intelligence and Security Informatics (2020
Security and Privacy Challenges in Cognitive Wireless Sensor Networks
Wireless sensor networks (WSNs) have attracted a lot of interest in the
research community due to their potential applicability in a wide range of
real-world practical applications. However, due to the distributed nature and
their deployments in critical applications without human interventions and
sensitivity and criticality of data communicated, these networks are vulnerable
to numerous security and privacy threats that can adversely affect their
performance. These issues become even more critical in cognitive wireless
sensor networks (CWSNs) in which the sensor nodes have the capabilities of
changing their transmission and reception parameters according to the radio
environment under which they operate in order to achieve reliable and efficient
communication and optimum utilization of the network resources. This chapter
presents a comprehensive discussion on the security and privacy issues in CWSNs
by identifying various security threats in these networks and various defense
mechanisms to counter these vulnerabilities. Various types of attacks on CWSNs
are categorized under different classes based on their natures and targets, and
corresponding to each attack class, appropriate security mechanisms are also
discussed. Some critical research issues on security and privacy in CWSNs are
also identified.Comment: 36 pages, 4 figures, 2 tables. The book chapter is accepted for
publication in 201
Generative Adversarial Network for Wireless Signal Spoofing
The paper presents a novel approach of spoofing wireless signals by using a
general adversarial network (GAN) to generate and transmit synthetic signals
that cannot be reliably distinguished from intended signals. It is of paramount
importance to authenticate wireless signals at the PHY layer before they
proceed through the receiver chain. For that purpose, various waveform,
channel, and radio hardware features that are inherent to original wireless
signals need to be captured. In the meantime, adversaries become sophisticated
with the cognitive radio capability to record, analyze, and manipulate signals
before spoofing. Building upon deep learning techniques, this paper introduces
a spoofing attack by an adversary pair of a transmitter and a receiver that
assume the generator and discriminator roles in the GAN and play a minimax game
to generate the best spoofing signals that aim to fool the best trained defense
mechanism. The output of this approach is two-fold. From the attacker point of
view, a deep learning-based spoofing mechanism is trained to potentially fool a
defense mechanism such as RF fingerprinting. From the defender point of view, a
deep learning-based defense mechanism is trained against potential spoofing
attacks when an adversary pair of a transmitter and a receiver cooperates. The
probability that the spoofing signal is misclassified as the intended signal is
measured for random signal, replay, and GAN-based spoofing attacks. Results
show that the GAN-based spoofing attack provides a major increase in the
success probability of wireless signal spoofing even when a deep learning
classifier is used as the defense
Twin Based Continuous Patching To Minimize Cyber Risk
AbstractDigital twins are virtual replicas to simulate the behavior of physical devices before they are built and to support their maintenance. We extend this technology to cybersecurity and integrate it with adversary emulation to define a remediation policy that selects and schedules patches for the vulnerabilities of an information and communication infrastructure before threat actors can exploit them. Distinct twins model, respectively, the infrastructure and threat actors. The former twin describes the infrastructure modules, their vulnerabilities, and the elementary attacks actors can implement. The attributes of the twin of a threat actor describe its attack surface, its goals, how it selects attacks, and it handles attack failures. The Haruspex software platform builds the twins of the infrastructure and those of the threat actors, and it automates the emulation of an actor. In this way, it can discover the attack paths the actor implements without disturbing the infrastructure. In each path, the actor composes elementary attacks to reach its goal. Multiple emulations can discover all the paths of an actor by covering stochastic factors such as attack success or failure. The knowledge of these paths enables the remediation policy to minimize the patches to deploy. Since new vulnerabilities continuously become public, new countermeasures are needed. A twin-based approach supports a continuous remediation process to handle changes in the infrastructure, new vulnerabilities, and new threat actors because the platform can update the twins and run adversary emulations. If new attack paths exist, the platform applies the remediation policy. Experimental data confirm the effectiveness of this approach
SoK: A Survey of Open-Source Threat Emulators
Threat emulators are tools or sets of scripts that emulate cyber attacks or
malicious behavior. They can be used to create and launch single procedure
attacks and multi-step attacks; the resulting attacks may be known or unknown
cyber attacks. The motivation for using threat emulators varies and includes
the need to perform automated security audits in organizations or reduce the
size of red teams in order to lower pen testing costs; or the desire to create
baseline tests for security tools under development or supply pen testers with
another tool in their arsenal. In this paper, we review and compare various
open-source threat emulators. We focus on tactics and techniques from the MITRE
ATT&CK Enterprise matrix and determine whether they can be performed and tested
with the emulators. We develop a comprehensive methodology for our qualitative
and quantitative comparison of threat emulators with respect to general
features, such as prerequisites, attack definition, cleanup, and more. Finally,
we discuss the circumstances in which one threat emulator is preferred over
another. This survey can help security teams, security developers, and product
deployment teams examine their network environment or products with the most
suitable threat emulator. Using the guidelines provided, a team can select the
threat emulator that best meets their needs without evaluating all of them
Recommendations for Model-Driven Paradigms for Integrated Approaches to Cyber Defense
The North Atlantic Treaty Organization (NATO) Exploratory Team meeting,
"Model-Driven Paradigms for Integrated Approaches to Cyber Defense," was
organized by the NATO Science and Technology Organization's (STO) Information
Systems and Technology (IST) panel and conducted its meetings and electronic
exchanges during 2016. This report describes the proceedings and outcomes of
the team's efforts.
Many of the defensive activities in the fields of cyber warfare and
information assurance rely on essentially ad hoc techniques. The cyber
community recognizes that comprehensive, systematic, principle-based modeling
and simulation are more likely to produce long-term, lasting, reusable
approaches to defensive cyber operations.
A model-driven paradigm is predicated on creation and validation of
mechanisms of modeling the organization whose mission is subject to assessment,
the mission (or missions) itself, and the cyber-vulnerable systems that support
the mission. This by any definition is a complex socio-technical system (of
systems), and the level of detail of this class of problems ranges from the
level of host and network events to the systems' functions up to the function
of the enterprise. Solving this class of problems is of medium to high
difficulty and can draw in part on advances in Systems Engineering (SE). Such
model-based approaches and analysis could be used to explore multiple
alternative mitigation and work-around strategies and to select the optimal
course of mitigating actions. Furthermore, the model-driven paradigm applied to
cyber operations is likely to benefit traditional disciplines of cyber defense
such as security, vulnerability analysis, intrusion prevention, intrusion
detection, analysis, forensics, attribution, and recovery
Network-based APT profiler
Constant innovation in attack methods presents a significant problem for the security community which struggles to remain current in attack prevention, detection and response. The practice of threat hunting provides a proactive approach to identify and mitigate attacks in real-time before the attackers complete their objective. In this research, I present a matrix of adversary techniques inspired by MITRE’s ATT&CK matrix. This study allows threat hunters to classify the actions of advanced persistent threats (APTs) according to network-based behaviors
Secure Mobile Identities
The unique identities of every mobile user (phone number,IMSI) and device
(IMEI) are far from secure and are increasingly vulnerable to a variety of
network-level threats. The exceedingly high reliance on the weak SIM
authentication layer does not present any notion of end-to-end security for
mobile users. We propose the design and implementation of Secure Mobile
Identities (SMI), a repetitive key-exchange protocol that uses this weak SIM
authentication as a foundation to enable mobile users to establish stronger
identity authenticity. The security guarantees of SMI are directly reliant on
the mobility of users and are further enhanced by external trusted entities
providing trusted location signatures (e.g. trusted GPS, NFC synchronization
points). In this paper, we demonstrate the efficacy of our protocol using an
implementation and analysis across standard mobility models
When Wireless Security Meets Machine Learning: Motivation, Challenges, and Research Directions
Wireless systems are vulnerable to various attacks such as jamming and
eavesdropping due to the shared and broadcast nature of wireless medium. To
support both attack and defense strategies, machine learning (ML) provides
automated means to learn from and adapt to wireless communication
characteristics that are hard to capture by hand-crafted features and models.
This article discusses motivation, background, and scope of research efforts
that bridge ML and wireless security. Motivated by research directions surveyed
in the context of ML for wireless security, ML-based attack and defense
solutions and emerging adversarial ML techniques in the wireless domain are
identified along with a roadmap to foster research efforts in bridging ML and
wireless security
Deep Learning for Wireless Communications
Existing communication systems exhibit inherent limitations in translating
theory to practice when handling the complexity of optimization for emerging
wireless applications with high degrees of freedom. Deep learning has a strong
potential to overcome this challenge via data-driven solutions and improve the
performance of wireless systems in utilizing limited spectrum resources. In
this chapter, we first describe how deep learning is used to design an
end-to-end communication system using autoencoders. This flexible design
effectively captures channel impairments and optimizes transmitter and receiver
operations jointly in single-antenna, multiple-antenna, and multiuser
communications. Next, we present the benefits of deep learning in spectrum
situation awareness ranging from channel modeling and estimation to signal
detection and classification tasks. Deep learning improves the performance when
the model-based methods fail. Finally, we discuss how deep learning applies to
wireless communication security. In this context, adversarial machine learning
provides novel means to launch and defend against wireless attacks. These
applications demonstrate the power of deep learning in providing novel means to
design, optimize, adapt, and secure wireless communications
- …