Applying The Attacks Tracer on Advanced Persistent Threats to Real Networks

Yuya Tajima, Hiroshi Koide

研究成果: 書籍/レポート タイプへの寄稿会議への寄与

1 被引用数 (Scopus)

抄録

In this paper, we improve and expand the attacks tracer to receive information from real networks and to simulate advanced persistent threats in the networks based on it. Our improvement of the proposed system helps administrators to correctly recognize the status of the system and to expect near future events. Advanced persistent threats are cyber attacks that mainly target the information systems of organizations such as governments, research institutes, and enterprises. The attacks are characterized by long-lasting and continuous attacks that eventually result in the seizure of confidential information. In the past, system administrators and/or designers conducted digital forensic analysis. However the analysis is difficult because the number of communication traffic and connected devices are increasing now. The attacks tracer is a software that uses the actor model to simulate the behavior of an information system by modeling networked devices such as routers and servers abstractly. The abstract model and the actor model give the attacks tracer a scalable concurrency. Therefore the attacks tracer simulates a lot of attack scenarios of advanced persistent threats. However the attacks tracer before improvement we have implemented can only simulate specific scenarios in virtual spaces, and cannot analyze actual attacks. Therefore, in this proposal, we implemented the interface of gRPC, which is a high performance remote procedure call framework, in the attacks tracer. This allows attacks tracer to receive and analyze events that occur on the network immediately, thus the attacks tracer can simulate actual attacks. For example, if a system such as a firewall detects that an attack has occurred from a PC in the network, the attacks tracer can use that information to determine that the PC has been infected with malware and then indicate what kind of attack will occur. As a result of applying the attacks tracer to a real network, we found that the attacks tracer can get feedback from a real system and simulate advanced persistent threats based on it. The overview of the attacks tracer before improvement, the implementation method for applying to real environments and the case study are presented in this paper.

本文言語英語
ホスト出版物のタイトルProceedings - 2021 9th International Symposium on Computing and Networking Workshops, CANDARW 2021
出版社Institute of Electrical and Electronics Engineers Inc.
ページ392-397
ページ数6
ISBN(電子版)9781665428354
DOI
出版ステータス出版済み - 2021
イベント9th International Symposium on Computing and Networking Workshops, CANDARW 2021 - Virtual, Online, 日本
継続期間: 11月 23 202111月 26 2021

出版物シリーズ

名前Proceedings - 2021 9th International Symposium on Computing and Networking Workshops, CANDARW 2021

会議

会議9th International Symposium on Computing and Networking Workshops, CANDARW 2021
国/地域日本
CityVirtual, Online
Period11/23/2111/26/21

!!!All Science Journal Classification (ASJC) codes

  • 人工知能
  • コンピュータ ネットワークおよび通信
  • 情報システム
  • ソフトウェア

フィンガープリント

「Applying The Attacks Tracer on Advanced Persistent Threats to Real Networks」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル