Automated attack tree generation and evaluation : systemization of knowledge
Author(s)
Nguyen, Sam(Sam D.)
Download1227507670-MIT.pdf (1.956Mb)
Other Contributors
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science.
Advisor
Howard Shrobe.
Terms of use
Metadata
Show full item recordAbstract
The large scale infrastructure that modern society is dependent on has become more and more dependent on the computer systems that control it. Examples like electrical grids, water systems, or power plants all contribute heavily towards everyday function. Even though these systems have such importance, they have been repeatedly shown to be vulnerable to attacks. Cybersecurity research has shown that each month one in every five industrial control systems is attacked. A long-term concerted attack campaign to control or shutdown these systems could lead to disastrous results such as shutting down a power grid. Thus, it is crucial to be able to evaluate these systems and determine their vulnerabilities, especially by utilizing the bank of documented past attacks available as a resource. To address this, this thesis presents an extension to Dr. Howard Shrobe's Attack Planner, a computational vulnerability analysis system that is capable of outputting multistage attack model trees that achieve a desired goal on a desired system resource. It generates the attack models based on already known tactics and techniques that achieve different goals. In this thesis, I describe the systemization of knowledge of MITRE and NIST's available categorization and bank of exploits and vulnerabilities into the Attack Planner, an additional tactic based on an attacker-controlled ad server, and a critique of the internal organization and semantics. In order to incorporate MITRE and NIST's data, I used Dr. Erik Hemberg's BRON framework and created an interface between BRON's network representation of this data and the Attack Planner. MITRE and NIST categorize and organize all stages of an attack campaign at varying levels of depth starting from an overarching goal to down to specific exploits on a specific version of an operating system. By using BRON's network to link the specific exploits with their parent goals, the Attack Planner is able to generate plans with higher levels of detail
Description
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, September, 2020 Cataloged from student-submitted PDF of thesis. Includes bibliographical references (pages 37-38).
Date issued
2020Department
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer SciencePublisher
Massachusetts Institute of Technology
Keywords
Electrical Engineering and Computer Science.