VulnerVAN: A Vulnerable Network Generation Tool

VulnerVAN: A Vulnerable Network Generation Tool

Cyber training, security testing, and research and development activities are vital to improve the security posture of a network. Currently, many institutions use cyber security testbeds to conduct these activities in an isolated virtual environment. One of the important requirements for such an env...

Full description

Saved in:
Bibliographic Details
Published in:MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM) pp. 1 - 6
Main Authors: Venkatesan, Sridhar, Youzwak, Jason A., Sugrim, Shridatt, Chiang, Cho-Yu J., Poylisher, Alexander, Witkowski, Matthew, Walther, Gary, Wolberg, Michelle, Chadha, Ritu, Newcomb, E. Allison, Hoffman, Blaine, Buchler, Norbou
Format: Conference Proceeding
Language:English
Published: IEEE 01-11-2019
Subjects:
Cyber Training
Data security
Simulation
Specification languages
Training
Virtual environments
Vulnerable Network Generator
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Cyber training, security testing, and research and development activities are vital to improve the security posture of a network. Currently, many institutions use cyber security testbeds to conduct these activities in an isolated virtual environment. One of the important requirements for such an environment is to provide organizers (or experimenters) with a library of vulnerable network scenarios and capabilities to mount attacks against them. However, the task of preparing a vulnerable network scenario in current testbed environments is costly in time and labor, requires significant support from the testbed staff. To this end, we present a toolset called VulnerVAN that creates a vulnerable network scenario to realize an attack sequence. In this paper, we discuss the design of VulnerVAn - our proof-of-concept implementation on CyberVAN - and present a new high-level attack specification language that enables users to chain attack steps into an attack sequence. For a given attack sequence and network scenario, VulnerVAN identifies all possible attack paths through the network that can realize the attack sequence, and provides instructions to configure machines on an attack path selected by the user. VulnerVAn also provides an attack blueprint that can guide a Red team or an automated attacker to execute the attack sequence. To demonstrate VulnerVAN's capability, we consider the use-case of a typical data exfiltration attack sequence conducted by APTs and study the performance of VulnerVAn in mapping the attack sequence to different networks.
ISSN:2155-7586
DOI:10.1109/MILCOM47813.2019.9021013