TY - CONF
T1 - A framework for generation, replay, and analysis of real-world attack variants
AU - Cao, Phuong
AU - Badger, Eric C.
AU - Kalbarczyk, Zbigniew T.
AU - Iyer, Ravishankar K.
N1 - Funding Information:
We acknowledge the NCSA security team for providing incident data and ground truth; undergraduate researchers Surya Bakshi and Simon Kim for contributing to the attack repository of the testbed. This work was supported by the National Security Agency under Award No. H98230-14-C-0141, in part by the National Science Foundation under Grant No. CNS 10-185303 CISE, and in part by the Air Force Research Laboratory and the Air Force Office of Scientific Research under agreement No. FA8750-11-20084. The opinions, findings, and conclusions stated herein are those of the authors and do not necessarily reflect those of the sponsors.
Publisher Copyright:
© 2016 ACM.
PY - 2016
Y1 - 2016
N2 - This paper presents a framework for (1) generating variants of known attacks, (2) replaying attack variants in an isolated environment and, (3) validating detection capabilities of attack detection techniques against the variants. Our framework facilitates reproducible security experiments. We generated 648 variants of three real-world attacks (observed at the National Center for Supercomputing Applications at the University of Illinois). Our experiment showed the value of generating attack variants by quantifying the detection capabilities of three detection methods: a signature-based detection technique, an anomaly-based detection technique, and a probabilistic graphical model-based technique.
AB - This paper presents a framework for (1) generating variants of known attacks, (2) replaying attack variants in an isolated environment and, (3) validating detection capabilities of attack detection techniques against the variants. Our framework facilitates reproducible security experiments. We generated 648 variants of three real-world attacks (observed at the National Center for Supercomputing Applications at the University of Illinois). Our experiment showed the value of generating attack variants by quantifying the detection capabilities of three detection methods: a signature-based detection technique, an anomaly-based detection technique, and a probabilistic graphical model-based technique.
UR - http://www.scopus.com/inward/record.url?scp=85080534088&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85080534088&partnerID=8YFLogxK
U2 - 10.1145/2898375.2898392
DO - 10.1145/2898375.2898392
M3 - Paper
AN - SCOPUS:85080534088
SP - 28
EP - 37
T2 - Symposium and Bootcamp on the Science of Security, HotSos 2016
Y2 - 19 April 2016 through 21 April 2016
ER -