Visible to the public Characterizing Attacker Behavior in a Cybersecurity Penetration Testing CompetitionConflict Detection Enabled

TitleCharacterizing Attacker Behavior in a Cybersecurity Penetration Testing Competition
Publication TypeConference Paper
Year of Publication2019
AuthorsNuthan Munaiah, Akond Rahman, Justin Pelletier, Laurie Williams, Andrew Meneely
Conference Name13th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)
Date Published10/17/2019
PublisherACM/IEEE
Conference LocationPorto de Galinhas
ISBN Number978-1-7281-2968-6
Accession Number19078832
Keywords2019: October, Metrics, NCSU, Predicting the Difficulty of Compromise through How Attackers Discover Vulnerabilities
Abstract

Inculcating an attacker mindset (i.e. learning to think like an attacker) is an essential skill for engineers and administrators to improve the overall security of software. Describing the approach that adversaries use to discover and exploit vulnerabilities to infiltrate software systems can help inform such an attacker mindset. Aims: Our goal is to assist developers and administrators in inculcating an attacker mindset by proposing an approach to codify attacker behavior in cybersecurity penetration testing competition. Method: We use an existing multimodal dataset of events captured during the 2018 National Collegiate Penetration Testing Competition (CPTC'18) to characterize the approach a team of attackers used to discover and exploit vulnerabilities. Results: We collected 44 events to characterize the approach that one of the participating teams took to discover and exploit seven vulnerabilities. We used the MITRE ATT&CK (tm) framework to codify the approach in terms of tactics and techniques. Conclusions: We show that characterizing attackers' campaign as a chronological sequence of MITRE ATT&CK (tm) tactics and techniques is feasible. We hope that such a characterization can inform the attacker mindset of engineers and administrators in their pursuit of engineering secure software systems.

URLhttps://ieeexplore.ieee.org/document/8870147
DOI10.1109/ESEM.2019.8870147
Citation Keynode-63104