ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Simulating cyber-attacks for fun and profit
Full text PdfPdf (272 KB)
Source International Conference On Simulation Tools And Techniques For Communications, Networks And Systems & Workshops archive
Proceedings of the 2nd International Conference on Simulation Tools and Techniques table of contents
Rome, Italy
SESSION: Simulation of security systems table of contents
Article No. 4  
Year of Publication: 2009
ISBN:978-963-9799-45-5
Authors
Ariel Futoransky  Corelabs, Core Security Technologies
Fernando Miranda  Corelabs, Core Security Technologies
José Orlicki  Corelabs, Core Security Technologies and ITBA
Carlos Sarraute  Corelabs, Core Security Technologies and ITBA
Sponsors
: Create-Net
: ICST
Publisher
ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering)  ICST, Brussels, Belgium, Belgium
Bibliometrics
Downloads (6 Weeks): 17,   Downloads (12 Months): 35,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: 10.4108/ICST.SIMUTOOLS2009.5773

ABSTRACT

We introduce a new simulation platform called Insight, created to design and simulate cyber-attacks against large arbitrary target scenarios. Insight has surprisingly low hardware and configuration requirements, while making the simulation a realistic experience from the attacker's standpoint. The scenarios include a crowd of simulated actors: network devices, hardware devices, software applications, protocols, users, etc.

A novel characteristic of this tool is to simulate vulnerabilities (including 0-days) and exploits, allowing an attacker to compromise machines and use them as pivoting stones to continue the attack. A user can test and modify complex scenarios, with several interconnected networks, where the attacker has no initial connectivity with the objective of the attack.

We give a concise description of this new technology, and its possible uses in the security research field, such as pen-testing training, study of the impact of 0-days vulnerabilities, evaluation of security countermeasures, and risk assessment tool.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Chris Anley, John Heasman, Felix Lindner, and Gerardo Richarte. The Shellcoder's Handbook. Wiley Press, 2nd edition, 2007.
 
2
Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, and David Watson. The internet motion sensor: A distributed blackhole monitoring system. In In Proceedings of Network and Distributed System Security Symposium NDSS '05, pages 167--179, 2005.
3
S. M. Bellovin, Security problems in the TCP/IP protocol suite, ACM SIGCOMM Computer Communication Review, v.19 n.2, p.32-48, April 1, 1989  [doi>10.1145/378444.378449]
 
4
Rainer Bye , Stephan Schmidt , Katja Luther , Sahin Albayrak, Application-level simulation for network security, Proceedings of the 1st international conference on Simulation tools and techniques for communications, networks and systems & workshops, March 03-07, 2008, Marseille, France
 
5
Maximiliano Caceres. Syscall proxying - simulating remote execution. Technical report, CoreLabs, Core Security Technology, 2002. Available from http://www.coresecurity.com.
 
6
CERT. Computer Emergency Response Team, USA. http://www.cert.org.
 
7
Z. Chen, L. Gao, and K. Kwiat. Modeling the spread of active worms. In Proceedings of IEEE INFOCOM 2003, 2003.
 
8
Renzo Davoli, VDE: Virtual Distributed Ethernet, Proceedings of the First International Conference on Testbeds and Research Infrastructures for the DEvelopment of NeTworks and COMmunities, p.213-220, February 23-25, 2005  [doi>10.1109/TRIDNT.2005.38]
 
9
Jeff Dike. User Mode Linux. Prentice Hall, 1st edition, 2006.
10
Stefan Frei , Martin May , Ulrich Fiedler , Bernhard Plattner, Large-scale vulnerability analysis, Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense, p.131-138, September 11-15, 2006, Pisa, Italy  [doi>10.1145/1162666.1162671]
 
11
FrSirt. French Security Incident Response Team, France. http://www.frsirt.com.
 
12
Ariel Futoransky, Luciano Notarfrancesco, Gerardo Richarte, and Carlos Sarraute. Building computer network attacks. Technical report, CoreLabs, Core Security Technology, 2003. Available from http://www.coresecurity.com.
 
13
Michael Liljenstam , Jason Liu , David Nicol , Yougu Yuan , Guanhua Yan , Chris Grier, RINSE: The Real-Time Immersive Network Simulation Environment for Network Security Exercises, Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation, p.119-128, June 01-03, 2005  [doi>10.1109/PADS.2005.23]
 
14
Jean-Vincent Loddo and Luca Saiu. Marionnet: A virtual network laboratory and simulation tool. In First International Conference on Simulation Tools and Techniques for Communications, Networks and Systems, 2008.
 
15
David Moore , Vern Paxson , Stefan Savage , Colleen Shannon , Stuart Staniford , Nicholas Weaver, Inside the Slammer Worm, IEEE Security and Privacy, v.1 n.4, p.33-39, July 2003  [doi>10.1109/MSECP.2003.1219056]
 
16
H. D. Moore. Metasploitation. In CanSecWest 2006, 2006.
 
17
Aleph One. Smashing the stack for fun and profit. Phrack, 49--14, nov 1996. Available from http://www.phrack.com.
 
18
Marcelo Picorelli. Virtualization in software development and QA, 2006. WMWORLD 2006 - http://www.vmworld.com.
 
19
The Honeynet Project. Know your enemy: Learning about security threats. Addison-Wesley Professional, 2nd edition, 2004.
 
20
The Honeynet Project. Know your enemy: honeynets. Technical report, Infocus At Securityfocus.com, May 2006. http://www.honeynet.org/papers/honeynet/.
 
21
Niels Provos, A virtual honeypot framework, Proceedings of the 13th conference on USENIX Security Symposium, p.1-1, August 09-13, 2004, San Diego, CA
 
22
Secunia. http://www.secunia.com.
 
23
SecurityFocus. http://www.securityfocus.com.
 
24
D. Song, R. Malan, and R. Stone. A snapshot of global internet worm activity. Technical report, Arbor Networks, Nov 2001.
 
25
L. Spitzner, Honeypots: Tracking Hackers, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 2002
26
Michael Vrable , Justin Ma , Jay Chen , David Moore , Erik Vandekieft , Alex C. Snoeren , Geoffrey M. Voelker , Stefan Savage, Scalability, fidelity, and containment in the potemkin virtual honeyfarm, ACM SIGOPS Operating Systems Review, v.39 n.5, December 2005
 
27
Songjie Wei , Jelena Mirkovic , Martin Swany, Distributed Worm Simulation with a Realistic Internet Model, Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation, p.71-79, June 01-03, 2005  [doi>10.1109/PADS.2005.7]
 
28
V. Yegneswaran, P. Barford, and D. Plonka. The design and use of internet sinks for network abuse monitoring. In Proceedings of Recent Advances in Intrusion Detection (RAID), Sept. 2004.

INDEX TERMS

Primary Classification:
  I. Computing Methodologies
  I.6 SIMULATION AND MODELING
      I.6.7 Simulation Support Systems

Additional Classification:
  I. Computing Methodologies
  I.6 SIMULATION AND MODELING
      I.6.3 Applications


General Terms:
Experimentation, Security


Keywords:
0-day, cyber-attack, exploit, network security, network simulation, penetration test, training, vulnerability

Collaborative Colleagues:
Ariel Futoransky: colleagues
Fernando Miranda: colleagues
José Orlicki: colleagues
Carlos Sarraute: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player