Rongyao Cai,Xiao Xv,Zhengming Lu,Kexin Zhang,Yong Liu

DOI: https://doi.org/10.1109/isas61044.2024.10552597

2024-01-01

Abstract:Fault tree analysis is the most commonly used methodology in industrial safety analysis to predict the probability or frequency of system failure. Although fault tree analysis has been proposed for more than six decades, the assumptions used in most commercial fault tree analysis codes have not changed significantly, which limits the ability of the method to represent design, operation, and maintenance characteristics in the context of the increasing complexity and specialization of modern industrial systems. The basic setup of traditional fault trees is unable to include dependencies between events, time-varying failures, and repair rate realities to explain complex maintenance strategies. To address the above shortcomings, we propose a fusion tree model combining fault tree and attack tree, and simplify the causal structure of the fusion tree by modularization, and utilize the dynamic Markov model to represent the complex coupling relationship between components or nodes. Finally, we demonstrate the calculation process of fusion tree in pressure vessel systems with temporal control.

Jialu Fan,Jiming Chen,Ruilong Deng,Youxian Sun,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1145/1582379.1582477

2009-01-01

Abstract:Protocol testing has been one of the most active fields in computer networks. In Wireless Sensor Networks (WSNs), before directly employing protocols on hardware testbed, we expect an effective test framework to verify the logical correctness of protocols on computers, which could facilitate the whole test process. Towards this goal, this paper introduces an upper test framework in WSNs, namely Protocol Testing Framework for WSNs (PTFW). PTFW is a visual client-server test framework which is built upon the unique features of WSNs. It is based on the layered architecture of WSNs and uses Finite State Machine (FSM) theory as the kernel. The proposed test framework is developed on Linux Operating System (OS) and coded in standard C language for the consideration of compatibility for real-world implementation. PTFW provides the standards/specifications of conformance testing for test on hardware testbed. To validate the performance and effectiveness of PTFW, we apply it to a real-world WSNs protocol. The results show that PTFW exhibits excellent visual and real-time features, which bring considerable convenience to the later employments on testbed.

张恺伦,江全元

2013-01-01

Abstract:With the promotion and application of wide area measurement systems (WAMS) in power system, the security of its communication system is attracting a growing body of research. To analyze the vulnerability of WAMS communication infrastructures when facing network intrusions, an assessing method of vulnerability based on attack tree model is proposed. First, the attack tree model of WAMS communication system is established, which directly reflects the intrusion scenarios when the system is maliciously attacked. Second, a more reasonable assessing method for the vulnerability of passwords and ports is proposed, as well as the vulnerability of the system with all scenarios taken into consideration. Finally, the paper puts forth the concept of vulnerability sensitivity, which can quantitatively evaluate the effect of changes in the leaf vulnerability on the system, so as to find out the critical port.

Chiem Trieu Phong,Wei Qi Yan

DOI: https://doi.org/10.4018/ijdcf.2014100104

2014-01-01

International Journal of Digital Crime and Forensics

Abstract:Penetration testing is an effort to attack a system using similar techniques and tools adopted by real hackers. The ultimate goal of penetration testing is to call to light as many existing vulnerabilities as possible, then come up with practical solutions to remediate the problems; thus, enhance the system security as a whole. The paper introduces concepts and definitions related to penetration testing, together with different models and methodologies to conduct a penetration test. A wide range of penetration testing state-of-the-art, as well as related tools (both commercial and free open source available on the market) are also presented in relatively rich details.

Fan Zhang,Qianmei Wu,Bohan Xuan,Yuqi Chen,Wei Lin,Christopher M. Poskitt,Jun Sun,Binbin Chen

DOI: https://doi.org/10.1109/tse.2023.3309330

2020-01-01

Abstract:Cyber-physical systems (CPSs) automating critical public infrastructure face a pervasive threat of attack, motivating research into different types of countermeasures. Assessing the effectiveness of these countermeasures is challenging, however, as benchmarks are difficult to construct manually, existing automated testing solutions often make unrealistic assumptions, and blindly fuzzing is ineffective at finding attacks due to the enormous search spaces and resource requirements. In this work, we propose active sensor fuzzing , a fully automated approach for building test suites without requiring any a prior knowledge about a CPS. Our approach employs active learning techniques. Applied to a real-world water treatment system, our approach manages to find attacks that drive the system into 15 different unsafe states involving water flow, pressure, and tank levels, including nine that were not covered by an established attack benchmark. Furthermore, we successfully generate targeted multi-point attacks which have been long suspected to be possible. We reveal that active sensor fuzzing successfully extends the attack benchmarks generated by our previous work, an ML-guided fuzzing tool, with two more kinds of attacks. Finally, we investigate the impact of active learning on models and the reason that the model trained with active learning is able to discover more attacks.

Jianbin Hu,Yonggang Wang,Cong Tang,Zhi Guan,Fengxian Ren,Zhong Chen

DOI: https://doi.org/10.5815/ijcnis.2011.03.01

2011-01-01

International Journal of Computer Network and Information Security

Abstract:in current cloud services, users put their data and resources into the cloud so as to enjoy the on-demand high quality applications and services. Different from the conventional services, users in cloud services lose control of their data which is instead manipulated by the large-scale cloud. Therefore, cloud service providers (CSP) guarantee that the cloud which they provide is of high confidence in accuracy and integrity. Traditional penetration test is carried out manually and has low efficiency. In this paper, we propose FPTC, a novel framework of penetration test in cloud environment. In FPTC, there are managers, executors and toolkits. FPTC managers guide FPTC executors to gather information from the cloud environment, generate appropriate testing scenarios, run matched tools in the toolkit and collect test results to do evaluation. The capacity and quality of the toolkit is a key issue in FPTC. We develop a prototype in which FPTC is implemented and the experimental results show that FPTC is helpful to automatically carry out penetration test in cloud environment.

Zhang Kai-lun,Tang Quan,Zhang Hong-gang

DOI: https://doi.org/10.1109/ispec50848.2020.9351155

2020-01-01

Abstract:With the promotion and application of wide area measurement systems (WAMS) in the Energy Internet, the security of its communication system is attracting a growing body of research. To analyze the vulnerability of WAMS communication infrastructures when facing network intrusions, an assessing method of vulnerability based on attack tree model is proposed. First, the attack tree model of WAMS communication system is established, which directly reflects the intrusion scenarios when the system is maliciously attacked. Second, a more reasonable assessing method for the vulnerability of passwords and ports is proposed, as well as the vulnerability of the system with all scenarios taken into consideration. Finally, the paper puts forth the definition of vulnerability sensitivity, which can quantitatively evaluate the effects of changes in the leaf vulnerability on the system, so as to find out the critical port.

Jianbin Hu,Yonggang Wang,Cong Tang,Zhong Chen

2010-01-01

Abstract:Automatic Network Penetration Testing (ANPT) has been widely used in exploring vulnerabilities. With network topology becoming more complex, the demand of ANPT also increases quite a lot. However, due to the tool management and scale problems, etc, current ANPT methodologies and processes are not automatic enough to meet the increasing demand for network security assessment. Aiming at a higher degree of automation, this paper proposes three main challenges existing in ANPT. In response, we introduce several principles to meet the challenges, combining with some new definitions that we propose, such as Key Penetration State(KPS), and Penetration Probability(PPrb).

Mohammed Alabbad,Neerja Mhaskar,Ridha Khedri

DOI: https://doi.org/10.1016/j.jnca.2024.103851

IF: 7.574

2024-04-01

Journal of Network and Computer Applications

Abstract:We study the problem of hardening the security of existing networks. Dynamic and static analysis are two main approaches that are used to address this problem. Dynamic analysis is performed using penetration testing. Penetration testing (short pentesting) simulates attacks on an existing and possibly dynamic network to identify its vulnerabilities without causing it any harm. Static analysis analyzes the access control policies of both network resources and firewalls without executing them. Although, dynamic and static analysis are extremely useful approaches, they also have several drawbacks. For instance, they do not identify vulnerabilities resulting from weak network segmentation, improper implementation of the Defence in Depth strategy, and an increased attack surface for a given resource or firewall. In this paper, we propose a novel approach termed as the referential penetration testing (RPT) approach to evaluate the security of networks. The RPT approach evaluates the network and checks for segmentation flaws, while checking for other traditional vulnerabilities. We then propose a novel framework, called the RPT framework, that incorporates the RPT approach to identify vulnerabilities in networks. The proposed framework is an application of the Digital Twin Technology in network security. We compare RPT to the network vulnerabilities assessment tools Nessus, OpenVAS, Qualys, Illumio, Tufin, and AlgoSec. The comparison reveals that RPT is different from the other tools on all the considered technical aspects, which indicates that it brings a novel approach to assess network segmentation. It has a very limited focus compared to the others, which makes it suitable for being used in combination with anyone of them to further enhance the robustness of the segmentation. Finally, we implement this framework in the Software Defined Network (SDN) environment and discuss its usefulness.

computer science, interdisciplinary applications, software engineering, hardware & architecture

Zhenduo Wang,Saifei Li,Lijie Zhang,Chunduo Hu,Lianshan Yan

DOI: https://doi.org/10.1016/j.cose.2024.103945

IF: 5.105

2024-06-08

Computers & Security

Abstract:Post-penetration red team automation testing effectively addresses the pain points of traditional manual red teams, including manpower, time costs, and the high level of professional knowledge required, thereby improving the efficiency and effectiveness of red team penetration testing. However, introducing automation technology into the red team testing domain still faces numerous technical challenges. These challenges include accurately simulating real attack environments, coordinating complex attack actions, and effectively resolving uncertainties during the attack process. These challenges remain critical issues that require urgent solutions. In this context, we propose a post-penetration-oriented automated red team penetration test modeling and planning approach. The objective of this approach is to automatically generate attack paths, coordinate attack behaviors, and adjust attack behaviors based on feedback, enabling attacks on real target networks through corresponding operations. We conducted analysis and performance testing on our solution, comparing it with other available planners. Our experimental results demonstrate the effectiveness of the proposed planner in achieving automated penetration testing. Compared to other available planners, ours can generate valid attack paths more quickly and exhibits excellent performance in planning effectiveness and quality. Furthermore, our planner possesses wide applicability across various penetration testing scenarios.

computer science, information systems

Stéphane Paul

DOI: https://doi.org/10.48550/arXiv.1404.1986

2014-04-08

Cryptography and Security

Abstract:Security risk management can be applied on well-defined or existing systems; in this case, the objective is to identify existing vulnerabilities, assess the risks and provide for the adequate countermeasures. Security risk management can also be applied very early in the system's development life-cycle, when its architecture is still poorly defined; in this case, the objective is to positively influence the design work so as to produce a secure architecture from the start. The latter work is made difficult by the uncertainties on the architecture and the multiple round-trips required to keep the risk assessment study and the system architecture aligned. This is particularly true for very large projects running over many years. This paper addresses the issues raised by those risk assessment studies performed early in the system's development life-cycle. Based on industrial experience, it asserts that attack trees can help solve the human cognitive scalability issue related to securing those large, continuously-changing system-designs. However, big attack trees are difficult to build, and even more difficult to maintain. This paper therefore proposes a systematic approach to automate the construction and maintenance of such big attack trees, based on the system's operational and logical architectures, the system's traditional risk assessment study and a security knowledge database.

Qianyu Li,Ruipeng Wang,Min Zhang,Fan Shi,Yi Shen,Miao Hu,Bingyang Guo,Chengxi Xu

DOI: https://doi.org/10.1109/tii.2024.3379633

IF: 12.3

2024-01-01

IEEE Transactions on Industrial Informatics

Abstract:Penetration testing is widely acknowledged as the foremost method for evaluating network security. However, three challenges impede the generation of strategies that align with human expectations. In this article, we present, for the first time, a method based on human feedback to enhance strategy generation. Our approach comprises two components: agent training and decision-making. During agent training, we establish a hierarchical framework to decompose tasks and a knowledge base to offer advice for improving data efficiency. We then impose constraints on the action space to mitigate ineffective exploration. Finally, we train a reward model based on human feedback and fine tune the model guided by this reward model. In decision-making, we process the model output to enhance decision accuracy. We crafted scenarios based on real-world networks, and the results demonstrate the effectiveness of our method in generating penetration testing strategies that align more closely with human intentions.

Hui Lu,Xun Huang,Xiang Yu,Rufeng Liang,Man Zhang,Chengcong Zheng,Junhan Chen,Zhihong Tian

DOI: https://doi.org/10.1109/CloudNet59005.2023.10490046

2023-11-01

Abstract:As networks continue to expand in scale and complexity, the frequency and severity of network attacks are rapidly increasing. Regular penetration testing is essential to enhance cybersecurity defense. However, manual testing lacks the intelligence necessary for effective assessments. Breach and Attack Simulation (BAS) represents an advanced penetration method for automated evaluation of security situations. Current methodologies primarily focus on individual vulnerabilities or attack behaviors, which exhibit weaknesses in correlation and granularity, and do not adapt well to real-world scenarios. To improve the accuracy and efficacy of BAS, it is imperative to integrate vulnerability correlation, multi-step attacks, and exploit chains. The paper is divided into three sections, providing a comprehensive exposition on vulnerability association. It summarizes the implementation principles of various methods and offers recommendations concerning current research advancements and future research directions.

Engineering,Computer Science

Haozhe Lei,Yunfei Ge,Quanyan Zhu

2024-11-01

Abstract:The integration of AI into modern critical infrastructure systems, such as healthcare, has introduced new vulnerabilities that can significantly impact workflow, efficiency, and safety. Additionally, the increased connectivity has made traditional human-driven penetration testing insufficient for assessing risks and developing remediation strategies. Consequently, there is a pressing need for a distributed, adaptive, and efficient automated penetration testing framework that not only identifies vulnerabilities but also provides countermeasures to enhance security posture. This work presents ADAPT, a game-theoretic and neuro-symbolic framework for automated distributed adaptive penetration testing, specifically designed to address the unique cybersecurity challenges of AI-enabled healthcare infrastructure networks. We use a healthcare system case study to illustrate the methodologies within ADAPT. The proposed solution enables a learning-based risk assessment. Numerical experiments are used to demonstrate effective countermeasures against various tactical techniques employed by adversarial AI.

Cryptography and Security,Artificial Intelligence,Computer Science and Game Theory

Jeremy Straub

2023-06-07

Abstract:Penetration testing increases the security of systems through tasking testers to 'think like the adversary' and attempt to find the ways that an attacker would break into the system. For many systems, this can be conducted in a safe and controlled way; however, some systems are so critical to human life and safety that the risk of their failure or disablement due to active penetration testing cannot be assumed. These systems are also critical to evaluate the security of, to prevent attackers from disabling them or causing their maloperation; however, this must be done in a manner that doesn't risk the very malady that testing seeks to avoid through the testing process itself. This paper presents P2SCP, a paradigm for penetration testing of systems that cannot be subjected to the risk of penetration testing. It discusses how data collection, the creation of digital twins and cousins and evaluative analysis can be utilized to conduct virtual penetration tests on critical infrastructure systems. This proposed paradigm is analyzed through the use of several case studies.

Cryptography and Security

Feng Dong,Liu Wang,Xu Nie,Fei Shao,Haoyu Wang,Ding Li,Xiapu Luo,Xusheng Xiao

2023-01-01

Abstract:Building provenance graph that considers causal relationships among software behaviors can better provide contextual information of cyber attacks, especially for advanced attacks such as Advanced Persistent Threat (APT) attacks. Despite its promises in assisting attack investigation, existing approaches that use provenance graphs to perform attack detection suffer from two fundamental limitations. First, existing approaches adopt a centralized detection architecture that sends all system auditing logs to the server for processing, incurring intolerable costs of data transmission, data storage, and computation. Second, they adopt either rule-based techniques that cannot detect unknown threats, or anomaly-detection techniques that produce numerous false alarms, failing to achieve a balance of precision and recall in APT detection. To address these fundamental challenges, we propose DISTDET, a distributed detection system that detects APT attacks by (1) performing light weight detection based on the host model built in the client side, (2) filtering false alarms based on the semantics of the alarm proprieties, and (3) deriving global models to complement the local bias of the host models. Our experiments on a large-scale industrial environment (1,130 hosts, 14 days, similar to 1.6 billion events) and the DARPA TC dataset show that DISTDET is as effective as sate-of-the-art techniques in detecting attacks, while dramatically reducing network bandwidth from 11.28Mb/s to 17.08Kb/S (676.5x reduction), memory usages from 364MB to 5.523MB (66x reduction), and storage from 1.47GB to 130.34MB (11.6x reduction). By the time of this writing, DISTDET has been deployed to 50+ industry customers with 22,000+ hosts for more than 6 months, and identified over 900 real-world attacks.

陈国栋,杨光临,段晓辉

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.13.042

2008-01-01

Abstract:This paper presents a new approach to automatic construction and optimization of the Network Attack Graph(NAG). For solving scalability problem of the NAG, a hierarchy has been adapted for the network structure that can be divided into attack subgraph and attack supergraph. The attack subgraph describes concrete attack scenarios from the source host to the destination host. The attack supergraph described the attacker’s privilege transition processing. This approach reduces the complexity of NAG by simplifying the structure of it.

Yuntao Wang,Han Liu,Zhendong Li,Zhou Su,Jiliang Li

DOI: https://doi.org/10.1109/MNET.2024.3389734

2024-04-12

Abstract:The rise of advanced persistent threats (APTs) has marked a significant cybersecurity challenge, characterized by sophisticated orchestration, stealthy execution, extended persistence, and targeting valuable assets across diverse sectors. Provenance graph-based kernel-level auditing has emerged as a promising approach to enhance visibility and traceability within intricate network environments. However, it still faces challenges including reconstructing complex lateral attack chains, detecting dynamic evasion behaviors, and defending smart adversarial subgraphs. To bridge the research gap, this paper proposes an efficient and robust APT defense scheme leveraging provenance graphs, including a network-level distributed audit model for cost-effective lateral attack reconstruction, a trust-oriented APT evasion behavior detection strategy, and a hidden Markov model based adversarial subgraph defense approach. Through prototype implementation and extensive experiments, we validate the effectiveness of our system. Lastly, crucial open research directions are outlined in this emerging field.

Cryptography and Security

Xiangmin Shen,Lingzhi Wang,Zhenyuan Li,Yan Chen,Wencheng Zhao,Dawei Sun,Jiashui Wang,Wei Ruan

2024-11-08

Abstract:Penetration testing is a critical technique for identifying security vulnerabilities, traditionally performed manually by skilled security specialists. This complex process involves gathering information about the target system, identifying entry points, exploiting the system, and reporting findings. Despite its effectiveness, manual penetration testing is time-consuming and expensive, often requiring significant expertise and resources that many organizations cannot afford. While automated penetration testing methods have been proposed, they often fall short in real-world applications due to limitations in flexibility, adaptability, and implementation. Recent advancements in large language models (LLMs) offer new opportunities for enhancing penetration testing through increased intelligence and automation. However, current LLM-based approaches still face significant challenges, including limited penetration testing knowledge and a lack of comprehensive automation capabilities. To address these gaps, we propose PentestAgent, a novel LLM-based automated penetration testing framework that leverages the power of LLMs and various LLM-based techniques like Retrieval Augmented Generation (RAG) to enhance penetration testing knowledge and automate various tasks. Our framework leverages multi-agent collaboration to automate intelligence gathering, vulnerability analysis, and exploitation stages, reducing manual intervention. We evaluate PentestAgent using a comprehensive benchmark, demonstrating superior performance in task completion and overall efficiency. This work significantly advances the practical applicability of automated penetration testing systems.

Cryptography and Security

Simon Yusuf Enoch,Zhibin Huang,Chun Yong Moon,Donghwan Lee,Myung Kil Ahn,Dong Seong Kim

DOI: https://doi.org/10.1109/ACCESS.2020.3009748

2020-07-18

Abstract:With the increasing growth of cyber-attack incidences, it is important to develop innovative and effective techniques to assess and defend networked systems against cyber attacks. One of the well-known techniques for this is performing penetration testing which is carried by a group of security professionals (i.e, red team). Penetration testing is also known to be effective to find existing and new vulnerabilities, however, the quality of security assessment can be depending on the quality of the red team members and their time and devotion to the penetration testing. In this paper, we propose a novel automation framework for cyber-attacks generation named `HARMer' to address the challenges with respect to manual attack execution by the red team. Our novel proposed framework, design, and implementation is based on a scalable graphical security model called Hierarchical Attack Representation Model (HARM). (1) We propose the requirements and the key phases for the automation framework. (2) We propose security metrics-based attack planning strategies along with their algorithms. (3) We conduct experiments in a real enterprise network and Amazon Web Services. The results show how the different phases of the framework interact to model the attackers' operations. This framework will allow security administrators to automatically assess the impact of various threats and attacks in an automated manner.

Cryptography and Security