Modeling of Obfuscated Multi- Stage cyber Attacks

Document Type : Original Article

Authors

ihu

Abstract

One of the most important threats for computer systems and cyber space in recent years are cyber attacks, particularly the emerging  obfuscated cyber attacks. Obfuscation at the attack level means change of attack, without change in the behavior and type of impact of attack on the victim. So the highlighted problems are the complexity and ambiguity of these attacks and the difficulty in detecting and issueing alarms on time. This paper suggests the acquisition and deployment of a new model of multi - stage cyber - attacks that  enables network security defenders to create a deterrent to enemies in addition to timely diagnosis of cyber attacks. Using this model of attack to multi stage and obfuscate attacks, the attacker can imply false       classification in the attack sequence and break the dependence between the attack warnings, actions,steps and strategies, thus making changes in the sequence of attacks. As a result, network security managers   cannot easily recognize the ultimate goal of the attacker. To assess the presented model, we have used the Bayesian  algorithm.The results of the research and implementation of the model indicate that the accuracy of classification (in terms of log) for the best case of clean attacks is -0.04 whilst for multi-stage obfuscate attacks it reduces to -35. This indicates that the proposed model for multi - stage obfuscate cyber attacks is more efficient than the obfuscate logic of single - stage attacks, because of the ability to deceive intrusion detection systems and make uncertainties in penetration warnings.
 

Keywords

References

 

[1] F. Iserhani, et al., “MARS: multi-stage attack recognition system,” in 24th IEEE International Conference on Advanced Information Networking and Applications, 2010.##
[2] S. T. Eckmann, G. Vigna, and R. A. Kemmerer, “STATL: An attack language for state-based intrusion detection,” Journal of computer security, pp. 71-103, 2002.##
 [3] K. K. Thompson, “Not like an Egyptian: Cybersecurity and the Internet kill switch debate,” p. 465, 2011.##
[4] P. Disso and F. Jules, “A novel intrusion detection system (IDS) architecture,” Attack detection based on snort for multistage attack scenarios in a multi-cores environment, University of Bradford, 2011.##
[5] S. Noel and S. Jajodia, “Optimal ids sensor placement and alert prioritization using attack graphs,” Journal of Network and Systems Management, pp. 259-275, 2008.##
 [6] H. Du, “Probabilistic Modeling and Inference for Obfuscated Network Attack Sequences,” 2014.##
 [7] H. Du and S. J. Yang, “Sequential modeling for obfuscated network attack action sequences,” in IEEE Conference on Communications and Network Security (CNS), 2013.##
[8] R.Goyal, et al., “Obfuscation of stuxnet and flame malware. Latest Trends in Applied Informatics and Computing,” pp. 150-154, 2012.##
 [9] S. Andersson, A. J. Clark, and G. M. Mohay, “Detecting network-based obfuscated code injection attacks using sandboxing,” 2005.##
[10] B. Barak, et al., “On the (im) possibility of obfuscating programs. Journal of the ACM (JACM),” 2012.##
[11] S. Parsa, H. salehi, M. H. Alaeiyan, “Code Obfuscation to    Prevent Symbolic Execution,” Journal of Electoronic & Cyber defence, Imam Hossein Comprhensive Univercity, vol. 6, no. 1, 2018. (In Persion)##
[12] D. M. Farid and M. Z. Rahman, “Attribute weighting with adaptive NBTree for reducing false positives in intrusion detection,” 2010.##
[13] Mitre.org, Common Attack Pattern Enumeration and Classification (CAPEC) Schema Description, 2019.##
[14] M. H. Najari, “The design and simulation of an efficient algorithm for modeling the obfuscation of cyber attacks based on action insertion,” M.Sc, Malek-e-Ashtar University, 2017. (In Persion)##
  [15] N. Ghafori, “The design and simulation of an efficient algorithm for modeling the obfuscation of cyber attacks based on action alteration,” M.Sc, Malek-e-Ashtar University, 2017. ( In Persion)##
[16] R. Aliabadi, “The design and simulation of an efficient algorithm for modeling the obfuscation of cyber attacks based on action removal,” M.Sc, Malek-e-Ashtar University, 2017. (In Persion)##
 

Files

History

  • Receive Date: 12 June 2019
  • Revise Date: 24 September 2019
  • Accept Date: 22 November 2019
  • Publish Date: 22 August 2020

Share

How to cite

Statistics