Applying The Attacks Tracer on Advanced Persistent Threats to Real Networks

Yuya Tajima, Hiroshi Koide

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

In this paper, we improve and expand the attacks tracer to receive information from real networks and to simulate advanced persistent threats in the networks based on it. Our improvement of the proposed system helps administrators to correctly recognize the status of the system and to expect near future events. Advanced persistent threats are cyber attacks that mainly target the information systems of organizations such as governments, research institutes, and enterprises. The attacks are characterized by long-lasting and continuous attacks that eventually result in the seizure of confidential information. In the past, system administrators and/or designers conducted digital forensic analysis. However the analysis is difficult because the number of communication traffic and connected devices are increasing now. The attacks tracer is a software that uses the actor model to simulate the behavior of an information system by modeling networked devices such as routers and servers abstractly. The abstract model and the actor model give the attacks tracer a scalable concurrency. Therefore the attacks tracer simulates a lot of attack scenarios of advanced persistent threats. However the attacks tracer before improvement we have implemented can only simulate specific scenarios in virtual spaces, and cannot analyze actual attacks. Therefore, in this proposal, we implemented the interface of gRPC, which is a high performance remote procedure call framework, in the attacks tracer. This allows attacks tracer to receive and analyze events that occur on the network immediately, thus the attacks tracer can simulate actual attacks. For example, if a system such as a firewall detects that an attack has occurred from a PC in the network, the attacks tracer can use that information to determine that the PC has been infected with malware and then indicate what kind of attack will occur. As a result of applying the attacks tracer to a real network, we found that the attacks tracer can get feedback from a real system and simulate advanced persistent threats based on it. The overview of the attacks tracer before improvement, the implementation method for applying to real environments and the case study are presented in this paper.

Original languageEnglish
Title of host publicationProceedings - 2021 9th International Symposium on Computing and Networking Workshops, CANDARW 2021
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages392-397
Number of pages6
ISBN (Electronic)9781665428354
DOIs
Publication statusPublished - 2021
Event9th International Symposium on Computing and Networking Workshops, CANDARW 2021 - Virtual, Online, Japan
Duration: Nov 23 2021Nov 26 2021

Publication series

NameProceedings - 2021 9th International Symposium on Computing and Networking Workshops, CANDARW 2021

Conference

Conference9th International Symposium on Computing and Networking Workshops, CANDARW 2021
Country/TerritoryJapan
CityVirtual, Online
Period11/23/2111/26/21

All Science Journal Classification (ASJC) codes

  • Artificial Intelligence
  • Computer Networks and Communications
  • Information Systems
  • Software

Fingerprint

Dive into the research topics of 'Applying The Attacks Tracer on Advanced Persistent Threats to Real Networks'. Together they form a unique fingerprint.

Cite this