Attack Planner: Systematization and Expansion of Persistence Knowledge
DownloadThesis PDF (4.009Mb)
Advisor
Shrobe, Howard
Terms of use
Metadata
Show full item recordAbstract
The internet has become a component of society’s critical infrastructure. However, the benefit of using the internet has been accompanied by an increasing volume of cyberattacks. Although documentation of these cyberattacks does exist, it is not readily machine processable are often in a form that is even hard for people to understand. In order to protect systems against these attacks, companies have to hire penetration testers to help them find vulnerabilities within the system. However, this can be very expensive and time consuming. It is also very hard to be completely thorough and comprehensive with penetration testing as there are so many different types of attacks.
The AttackPlanner is tool developed at CSAIL that allows users to easily understand the flow of an attack campaign as well as the different ways adversaries can achieve their goals, by representing cyberattacks in the form of trees called attack trees. In parallel with the development of the Attack Planner, CALDERA is another tool that assists in this project. My focus of this project is to expand the AttackPlanner’s plan repertoire, and its capabilities. There are many different purposes to which cyberattacks are put; this thesis focuses on the persistence aspect of attacks. By persistence, we assume that the attacker already has penetrated the system and can execute a malicious process, but the attacker’s goal is to implant an "advanced persistent threat" (APT) that can survive system reboot and continue exploiting the system over sustained periods of time.
Date issued
2022-05Department
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer SciencePublisher
Massachusetts Institute of Technology