| Title | Network Attack Surface Simplification for Red and Blue Teams |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Everson, Douglas, Cheng, Long |
| Conference Name | 2020 IEEE Secure Development (SecDev) |
| Keywords | attack surface, cluster analysis, Clustering algorithms, Complexity theory, Metrics, Network Attack Surface, Organizations, pubcrawl, Resiliency, Scalability, Shape, Software algorithms, Surface treatment, Tools |
| Abstract | Network port scans are a key first step to developing a true understanding of a network-facing attack surface. However in large-scale networks, the data resulting from such scans can be too numerous for Red Teams to process for manual and semiautomatic testing. Indiscriminate port scans can also compromise a Red Team seeking to quickly gain a foothold on a network. A large attack surface can even complicate Blue Team activities like threat hunting. In this paper we provide a cluster analysis methodology designed to group similar hosts to reduce security team workload and Red Team observability. We also measure the Internet-facing network attack surface of 13 organizations by clustering their hosts based on similarity. Through a case study we demonstrate how the output of our clustering technique provides new insight to both Red and Blue Teams, allowing them to quickly identify potential high-interest points on the attack surface. |
| DOI | 10.1109/SecDev45635.2020.00027 |
| Citation Key | everson_network_2020 |
Network Attack Surface Simplification for Red and Blue Teams