A framework for generation, replay, and analysis of real-world attack variants

Phuong Cao; Eric C. Badger; Zbigniew T. Kalbarczyk; Ravishankar K. Iyer

doi:10.1145/2898375.2898392

A framework for generation, replay, and analysis of real-world attack variants

Phuong Cao, Eric C. Badger, Zbigniew T. Kalbarczyk, Ravishankar K. Iyer

Research output: Contribution to conference › Paper › peer-review

Abstract

This paper presents a framework for (1) generating variants of known attacks, (2) replaying attack variants in an isolated environment and, (3) validating detection capabilities of attack detection techniques against the variants. Our framework facilitates reproducible security experiments. We generated 648 variants of three real-world attacks (observed at the National Center for Supercomputing Applications at the University of Illinois). Our experiment showed the value of generating attack variants by quantifying the detection capabilities of three detection methods: a signature-based detection technique, an anomaly-based detection technique, and a probabilistic graphical model-based technique.

Original language	English (US)
Pages	28-37
Number of pages	10
DOIs	https://doi.org/10.1145/2898375.2898392
State	Published - 2016
Event	Symposium and Bootcamp on the Science of Security, HotSos 2016 - Pittsburgh, United States Duration: Apr 19 2016 → Apr 21 2016

Conference

Conference	Symposium and Bootcamp on the Science of Security, HotSos 2016
Country/Territory	United States
City	Pittsburgh
Period	4/19/16 → 4/21/16

ASJC Scopus subject areas

Software
Human-Computer Interaction
Computer Vision and Pattern Recognition
Computer Networks and Communications

Online availability

10.1145/2898375.2898392

Library availability

Discover UIUC Full Text

Cite this

@conference{14dbebbab9ab48cc9c85adab5219621d,

title = "A framework for generation, replay, and analysis of real-world attack variants",

abstract = "This paper presents a framework for (1) generating variants of known attacks, (2) replaying attack variants in an isolated environment and, (3) validating detection capabilities of attack detection techniques against the variants. Our framework facilitates reproducible security experiments. We generated 648 variants of three real-world attacks (observed at the National Center for Supercomputing Applications at the University of Illinois). Our experiment showed the value of generating attack variants by quantifying the detection capabilities of three detection methods: a signature-based detection technique, an anomaly-based detection technique, and a probabilistic graphical model-based technique.",

author = "Phuong Cao and Badger, {Eric C.} and Kalbarczyk, {Zbigniew T.} and Iyer, {Ravishankar K.}",

note = "Funding Information: We acknowledge the NCSA security team for providing incident data and ground truth; undergraduate researchers Surya Bakshi and Simon Kim for contributing to the attack repository of the testbed. This work was supported by the National Security Agency under Award No. H98230-14-C-0141, in part by the National Science Foundation under Grant No. CNS 10-185303 CISE, and in part by the Air Force Research Laboratory and the Air Force Office of Scientific Research under agreement No. FA8750-11-20084. The opinions, findings, and conclusions stated herein are those of the authors and do not necessarily reflect those of the sponsors. Publisher Copyright: {\textcopyright} 2016 ACM.; Symposium and Bootcamp on the Science of Security, HotSos 2016 ; Conference date: 19-04-2016 Through 21-04-2016",

year = "2016",

doi = "10.1145/2898375.2898392",

language = "English (US)",

pages = "28--37",

}

TY - CONF

T1 - A framework for generation, replay, and analysis of real-world attack variants

AU - Cao, Phuong

AU - Badger, Eric C.

AU - Kalbarczyk, Zbigniew T.

AU - Iyer, Ravishankar K.

N1 - Funding Information: We acknowledge the NCSA security team for providing incident data and ground truth; undergraduate researchers Surya Bakshi and Simon Kim for contributing to the attack repository of the testbed. This work was supported by the National Security Agency under Award No. H98230-14-C-0141, in part by the National Science Foundation under Grant No. CNS 10-185303 CISE, and in part by the Air Force Research Laboratory and the Air Force Office of Scientific Research under agreement No. FA8750-11-20084. The opinions, findings, and conclusions stated herein are those of the authors and do not necessarily reflect those of the sponsors. Publisher Copyright: © 2016 ACM.

PY - 2016

Y1 - 2016

N2 - This paper presents a framework for (1) generating variants of known attacks, (2) replaying attack variants in an isolated environment and, (3) validating detection capabilities of attack detection techniques against the variants. Our framework facilitates reproducible security experiments. We generated 648 variants of three real-world attacks (observed at the National Center for Supercomputing Applications at the University of Illinois). Our experiment showed the value of generating attack variants by quantifying the detection capabilities of three detection methods: a signature-based detection technique, an anomaly-based detection technique, and a probabilistic graphical model-based technique.

AB - This paper presents a framework for (1) generating variants of known attacks, (2) replaying attack variants in an isolated environment and, (3) validating detection capabilities of attack detection techniques against the variants. Our framework facilitates reproducible security experiments. We generated 648 variants of three real-world attacks (observed at the National Center for Supercomputing Applications at the University of Illinois). Our experiment showed the value of generating attack variants by quantifying the detection capabilities of three detection methods: a signature-based detection technique, an anomaly-based detection technique, and a probabilistic graphical model-based technique.

UR - http://www.scopus.com/inward/record.url?scp=85080534088&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85080534088&partnerID=8YFLogxK

U2 - 10.1145/2898375.2898392

DO - 10.1145/2898375.2898392

M3 - Paper

AN - SCOPUS:85080534088

SP - 28

EP - 37

T2 - Symposium and Bootcamp on the Science of Security, HotSos 2016

Y2 - 19 April 2016 through 21 April 2016

ER -

A framework for generation, replay, and analysis of real-world attack variants

Abstract

Conference

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this