Cyber attacks have evolved in complexity to the point that they have been structured in ordered sequences of steps, called killchains. Executing a killchain means carrying out targeted actions corresponding to specific steps defined within the killchain. While typically associated with adversarial attacks, the concept of killchain is important even in legitimate offensive security contexts, e.g. for penetration testing activities. This paper explores the novel application of killchains to the regulatory context of security directives, which are normative instruments that aim to regulate common security behaviours for essential and/or important entities for the European Union itself. We hypothesise that if a company is not compliant with the measures contained in such directives, it may a) become vulnerable to targeted attacks; b) simulate attacks to assess potential weaknesses due to the compliance gaps. We propose an original methodology that employs the attack patterns from CAPEC to model each step in constructing ad-hoc killchains for assessing weaknesses due to compliance gaps. The attack patterns are correlated with the killchains through the techniques from the ATT&CK framework as intermediate nodes. To identify these correlations, we analyse different machine learning techniques, which allow us to obtain the best correlational method, i.e. the method that best captures these correlations, to create the most correct killchain possible.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Modelling Offensive Security Killchains from Compliance Gaps with Security Directives

  • Gianpietro Castiglione,
  • Giampaolo Bella

摘要

Cyber attacks have evolved in complexity to the point that they have been structured in ordered sequences of steps, called killchains. Executing a killchain means carrying out targeted actions corresponding to specific steps defined within the killchain. While typically associated with adversarial attacks, the concept of killchain is important even in legitimate offensive security contexts, e.g. for penetration testing activities. This paper explores the novel application of killchains to the regulatory context of security directives, which are normative instruments that aim to regulate common security behaviours for essential and/or important entities for the European Union itself. We hypothesise that if a company is not compliant with the measures contained in such directives, it may a) become vulnerable to targeted attacks; b) simulate attacks to assess potential weaknesses due to the compliance gaps. We propose an original methodology that employs the attack patterns from CAPEC to model each step in constructing ad-hoc killchains for assessing weaknesses due to compliance gaps. The attack patterns are correlated with the killchains through the techniques from the ATT&CK framework as intermediate nodes. To identify these correlations, we analyse different machine learning techniques, which allow us to obtain the best correlational method, i.e. the method that best captures these correlations, to create the most correct killchain possible.