Ağ Sistemlerinin Güvenliği İçin Siber Saldırıların Ayrık Olaylı Sistem Tanımlama Tabanlı Modellenmesi ve Simülasyonu
Year 2023,
Volume: 5 Issue: 2, 186 - 202, 27.10.2023
Şahin Kara
,
Ahmet Zengin
,
Selman Hızal
Abstract
Bilişim ve ağ teknolojilerindeki hızlı ilerleme, hem bireyler için hem de kurumsal işleyişin her alanında bu teknolojileri vazgeçilmez birer araç haline getirmiştir. Bu gelişme ile oluşan bu zorunlu durum, beraberinde risk ve tehditleri de getirmiştir. Siber saldırılara karşı, pek çok saldırı tespit ve engelleme sistemleri geliştirilmesine rağmen zafiyet ihlalleri de artmaktadır. Bu çalışma ile güvenlik zafiyetlerinin belirlenmesi ve siber saldırıların tespit edilmesi için yazılım tabanlı bir araç geliştirilmesi amaçlanmıştır. Test zamanını ve maliyetleri düşürmek için gerçek sistemler yerine sanal ağlarda saldırı simülasyon deneyleri yapmanın etkili sonuçlarına örnek uygulamalarla ulaşılmıştır. Bir vaka çalışması olarak, belirli saldırı senaryoları için DEVS formalizmine dayalı bir siber saldırı simülasyon modeli ve uygulaması açık kaynak kodlu olarak geliştirilmiştir. Bu araç, sonraki çalışmalarda daha farklı siber-saldırı senaryolarının modellenmesi ve simülasyonu için uygun bir altyapı sağlamaktadır.
References
- M. Rai, H. Mandoria “A study on cyber crimes cyber criminals and major security breaches”, Int. Res. J. Eng. Technol., vol. 6, no. 7, pp. 1-8, 2019.
- S. McClure, J. Scambray, G. Kurtz “Network Security Secrets And Solutions”, McGraw-Hill Osborne Media, 2005.
- F. Cohen “Simulating cyber attacks, defences, and consequences. Computers and Security”, vol. 18, no. 6, pp. 479–518, 1999.
- S. Park, J-S. Lee, H. K. Kim, J-R. Jeong, D-B.Yeom, S-D Chi “Secusim: A tool for the cyber-attack simulation. Information and Communications Security", Third International Conference on. Springer, pp. 471–475, 2001.
- Kotenko, E. Man’kov “Experiments with simulation of attacks against computer networks, International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security”, Springer, vol. 2776, pp. 183–194, 2003.
- J. Kim, H. Kim, “JDEVS-based modeling methodology for cybersecurity simulations from a security perspective”, KSII Transactions on Internet and Information Systems (TIIS), vol. 14, no. 5, pp. 2186-2203, 2020.
- E.T. Dougherty, P.G. Gonslaves “Adaptive cyber-attack modeling system. Sensors, and Command, Control, Communications and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense”, SPIE, vol. 6201, pp. 16-24, 2006.
- S. Cheung, U. Lindqvist, M. W. Fong “Modeling multistep cyber attacks for scenario recognition”, IEEE vol. 1, pp. 284-292, 2003.
- M. Sudit, A. Stotz, M. Holender, “Situational awareness of a coordinated cyber attack”, SPIE, vol. 5812, pp. 114-129, 2005.
- G. Ashish, U. Shambhu, R. Chinchani, K. Kevin “SIMS: A Modeling and Simulation Platform for Intrusion Monitoring/Detection Systems”, Summer Computer Sımulatıon Conference, pp. 89-94, 2003.
- L.L. DeLooze, C. Graig., P. McKean, J.R. Mostow “Incorporating simulation into the computer security classroom”, 34th Annual Frontiers in Education. FIE, IEEE, vol. 3, pp. 13-18, 2004.
- J. Kistner “Cyber Attack Simulation and Information Fusion Process Refinement Optimization Models for Cyber Security”, Masters Thesis, Department of Industrial and Systems Engineering, Rochester Institute of Technology, Kate Gleason College of Engineering, 2006.
- Kotenko, A. Ulanov “Agent-based simulation of DDoS attacks and defense mechanisms”, Journal of Computing, vol. 4, no. 2, pp. 16–37, 2005.
- M.E. Kuhl., M. Sudit “Cyber Attack Modeling and Simulation for Network Security Analysis”, IEEE Simulation Conference, pp. 1180–1188, 2007.
- B. Van Leeuwen, V. Urias, J. Eldridge, C. Villamarin, R. Olsberg “Performing cyber security analysis using a live, virtual, and constructive (LVC) testbed”, Proceedings - IEEE Military Communications Conference MILCOM, pp. 1806–1811, 2010.
- G. Torres, K. Smith, J. Buscemi, S. Doshi, H. Duong, D. Xu, H. K. Pickett “Distributed StealthNet (D-SN): Creating a live, virtual, constructive (LVC) environment for simulating cyber-attacks for test and evaluation (T&E)”, Proceedings - IEEE Military Communications Conference MILCOM, pp. 1284–1291, 2015.
- R. Norman, E.D. Christopher “Cyber Operations Research and Network Analysis (CORONA) Enables Rapidly Reconfigurable Cyberspace Test and Experimentation”, Modelıng and Simulation Coordination Office Publication, pp. 15-24, 2013.
- Kotenko, A. Chechulin “A Cyber Attack Modeling and Impact Assessment Framework”, 5th International Conference on In Cyber Conflict, IEEE, pp. 1–24, 2013.
- Ekelhart, E. Kiesling, B. Grill, C. Strauss, C. Stummer “Integrating attacker behavior in IT security analysis: a discrete-event simulation approach”, Information Technology and Management, vol. 16, no. 3, pp. 221–233, 2015.
- D. Bergin “Cyber-attack and defense simulation framework”, Journal of Defense Modeling and Simulation, vol. 2, no. 4, pp. 383–392, 2015.
- S. Hansman, R. Hunt “A taxonomy of network and computer attacks, Computers Security”, Computers and Security, vol. 24, no. 1, pp. 31–43, 2004.
- V.M. Igure, R.D. Williams “Taxonomies of attacks and vulnerabilities in computer systems”, IEEE Communications Surveys and Tutorials, vol. 10, no. 1, pp. 6-19, 2008.
- J. Friedman, D.V. Hoffman “Protecting data on mobile devices: A taxonomy of security threats to mobile computing and review of applicable defenses”, Information, Knowledge, Systems Management, vol. 7, no. 1, pp. 159-180, 2008.
- C. Myers, S. Powers, D. Faissol “Taxonomies of cyber adversaries and attacks: a survey of incidents and approaches”, Lawrence Livermore National Laboratory, vol. 7, pp. 1-22, 2009.
- P.K. Singh, A.K. Vatsa., R. Sharma, P. Tyagi “Taxonomy based intrusion attacks and Detection management scheme in peer-to-peer network”, International Journal of Network Security and Its Applications (IJNSA), vol. 4, no. 5, pp. 167-179, 2012.
- N. Ye, C. Newman, T. Farley “A system-fault-risk framework for cyber attack classification”, Information, Knowledge, Systems Management, vol. 5, no. 2, pp. 135- 151, 2006.
- Avizienis, J.C. Laprie, B. Randell, C. Landwehr “Basic concepts and taxonomy of dependable and secure computing”, Dependable and Secure Computing, IEEE Transactions, vol. 1, no. 1, pp. 11-33, 2004.
- Brathen “Correlating IDS alerts with system logs by means of a network-centric SIEM solution”, Master’s Thesis, Department of Computer Science and Media Technology, Gjovik University, 2011.
- M. Collins, C. Gates, G Kataria "A model for opportunistic network exploits: The case of P2P worms." In Workshop on the Economics of Information Security (WEIS), University of Cambridge, 2006.
- Dodiya, U.K. Singh “Identification of Taxonomic Features through Assessment of Existing Taxonomies for Vulnerabilities Identification”, International Journal of Computer Applications, vol. 174, no. 31, pp. 14–22, 2021.
- M. Kjaerland "A taxonomy and comparison of computer security incidents from the commercial and government sectors" Computers and Security, vol. 25, no. 7, pp. 522-538, 2006.
- L. Lough “A taxonomy of computer attacks with applications to wireless networks”, PhD thesis, Virginia Polytechnic Institute and State University, 2001.
- B. K. Mishra, H. Saini, “Cyber attack classification using game theoretic weighted metrics approach”, World Applied Sciences Journal, vol .7, pp. 206-215, 2009
- P. Monahan, T. Mary “Attack Evolution: Identifying Attack Evolution Characteristics to Predict Future Attacks” PhD Thesis,, Institute of Systems Research
University of Maryland, 2006.
- K. Nasr, A. El Kalam, A. Fraboul “Generating Representative Attack Test Cases for Evaluating and Testing Wireless Intrusion Detection Systems”, International Journal of Network Security and Its Applications (IJNSA), vol. 4, no. 3, pp. 1-19, 2012.
- S.R. Nunes “Web attack risk awareness with lessons learned from high interaction honeypots”, PhD thesis, Carnegie Mellon University, 2009.
- J. Rutkowska “Introducing stealth malware taxonomy”, COSEINC Advanced Malware Labs, vol. 1, no.1, pp. 1-9, 2006.
- M. Saber, T. Bouchentouf, A. Benazzi, M. Azizi “Amelioration of attack classifications for evaluating and testing intrusion detection system”, Journal of Computer Science, vol. 6, no. 7, pp. 716-722, 2010.
- America’s Cyber Defence Agency, “Understanding Denial-of-Service Attacks” Url:https://www.cisa.gov/uscert/ncas/tips/ST04-015. (Erişim Tarihi: 10.02.2023).
- M.F. Hasan, and N.S. Al-Ramadan “Cyber-attacks and Cyber Security Readiness: Iraqi Private Banks” Case. Soc. Sci. Humanit. J, vol. 5, no. 8, pp. 2312-2323, 2021.
- F.E. Lubna, D.P. Robert “DoS and DDoS attacks in Software Defined Networks: A survey of existing solutions and research challenges”, Future Generation Computer Systems, vol. 122, no. 1, pp. 149-171, 2021.
- J. Myllyla, A. Costin “Reducing the Time to Detect Cyber-attacks: Combining At-tack Simulation With Detection Logic”, Proceedings of the 29th Conference of Open Inno-vations Association FRUCT, pp. 465-474, 2021.
Year 2023,
Volume: 5 Issue: 2, 186 - 202, 27.10.2023
Şahin Kara
,
Ahmet Zengin
,
Selman Hızal
References
- M. Rai, H. Mandoria “A study on cyber crimes cyber criminals and major security breaches”, Int. Res. J. Eng. Technol., vol. 6, no. 7, pp. 1-8, 2019.
- S. McClure, J. Scambray, G. Kurtz “Network Security Secrets And Solutions”, McGraw-Hill Osborne Media, 2005.
- F. Cohen “Simulating cyber attacks, defences, and consequences. Computers and Security”, vol. 18, no. 6, pp. 479–518, 1999.
- S. Park, J-S. Lee, H. K. Kim, J-R. Jeong, D-B.Yeom, S-D Chi “Secusim: A tool for the cyber-attack simulation. Information and Communications Security", Third International Conference on. Springer, pp. 471–475, 2001.
- Kotenko, E. Man’kov “Experiments with simulation of attacks against computer networks, International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security”, Springer, vol. 2776, pp. 183–194, 2003.
- J. Kim, H. Kim, “JDEVS-based modeling methodology for cybersecurity simulations from a security perspective”, KSII Transactions on Internet and Information Systems (TIIS), vol. 14, no. 5, pp. 2186-2203, 2020.
- E.T. Dougherty, P.G. Gonslaves “Adaptive cyber-attack modeling system. Sensors, and Command, Control, Communications and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense”, SPIE, vol. 6201, pp. 16-24, 2006.
- S. Cheung, U. Lindqvist, M. W. Fong “Modeling multistep cyber attacks for scenario recognition”, IEEE vol. 1, pp. 284-292, 2003.
- M. Sudit, A. Stotz, M. Holender, “Situational awareness of a coordinated cyber attack”, SPIE, vol. 5812, pp. 114-129, 2005.
- G. Ashish, U. Shambhu, R. Chinchani, K. Kevin “SIMS: A Modeling and Simulation Platform for Intrusion Monitoring/Detection Systems”, Summer Computer Sımulatıon Conference, pp. 89-94, 2003.
- L.L. DeLooze, C. Graig., P. McKean, J.R. Mostow “Incorporating simulation into the computer security classroom”, 34th Annual Frontiers in Education. FIE, IEEE, vol. 3, pp. 13-18, 2004.
- J. Kistner “Cyber Attack Simulation and Information Fusion Process Refinement Optimization Models for Cyber Security”, Masters Thesis, Department of Industrial and Systems Engineering, Rochester Institute of Technology, Kate Gleason College of Engineering, 2006.
- Kotenko, A. Ulanov “Agent-based simulation of DDoS attacks and defense mechanisms”, Journal of Computing, vol. 4, no. 2, pp. 16–37, 2005.
- M.E. Kuhl., M. Sudit “Cyber Attack Modeling and Simulation for Network Security Analysis”, IEEE Simulation Conference, pp. 1180–1188, 2007.
- B. Van Leeuwen, V. Urias, J. Eldridge, C. Villamarin, R. Olsberg “Performing cyber security analysis using a live, virtual, and constructive (LVC) testbed”, Proceedings - IEEE Military Communications Conference MILCOM, pp. 1806–1811, 2010.
- G. Torres, K. Smith, J. Buscemi, S. Doshi, H. Duong, D. Xu, H. K. Pickett “Distributed StealthNet (D-SN): Creating a live, virtual, constructive (LVC) environment for simulating cyber-attacks for test and evaluation (T&E)”, Proceedings - IEEE Military Communications Conference MILCOM, pp. 1284–1291, 2015.
- R. Norman, E.D. Christopher “Cyber Operations Research and Network Analysis (CORONA) Enables Rapidly Reconfigurable Cyberspace Test and Experimentation”, Modelıng and Simulation Coordination Office Publication, pp. 15-24, 2013.
- Kotenko, A. Chechulin “A Cyber Attack Modeling and Impact Assessment Framework”, 5th International Conference on In Cyber Conflict, IEEE, pp. 1–24, 2013.
- Ekelhart, E. Kiesling, B. Grill, C. Strauss, C. Stummer “Integrating attacker behavior in IT security analysis: a discrete-event simulation approach”, Information Technology and Management, vol. 16, no. 3, pp. 221–233, 2015.
- D. Bergin “Cyber-attack and defense simulation framework”, Journal of Defense Modeling and Simulation, vol. 2, no. 4, pp. 383–392, 2015.
- S. Hansman, R. Hunt “A taxonomy of network and computer attacks, Computers Security”, Computers and Security, vol. 24, no. 1, pp. 31–43, 2004.
- V.M. Igure, R.D. Williams “Taxonomies of attacks and vulnerabilities in computer systems”, IEEE Communications Surveys and Tutorials, vol. 10, no. 1, pp. 6-19, 2008.
- J. Friedman, D.V. Hoffman “Protecting data on mobile devices: A taxonomy of security threats to mobile computing and review of applicable defenses”, Information, Knowledge, Systems Management, vol. 7, no. 1, pp. 159-180, 2008.
- C. Myers, S. Powers, D. Faissol “Taxonomies of cyber adversaries and attacks: a survey of incidents and approaches”, Lawrence Livermore National Laboratory, vol. 7, pp. 1-22, 2009.
- P.K. Singh, A.K. Vatsa., R. Sharma, P. Tyagi “Taxonomy based intrusion attacks and Detection management scheme in peer-to-peer network”, International Journal of Network Security and Its Applications (IJNSA), vol. 4, no. 5, pp. 167-179, 2012.
- N. Ye, C. Newman, T. Farley “A system-fault-risk framework for cyber attack classification”, Information, Knowledge, Systems Management, vol. 5, no. 2, pp. 135- 151, 2006.
- Avizienis, J.C. Laprie, B. Randell, C. Landwehr “Basic concepts and taxonomy of dependable and secure computing”, Dependable and Secure Computing, IEEE Transactions, vol. 1, no. 1, pp. 11-33, 2004.
- Brathen “Correlating IDS alerts with system logs by means of a network-centric SIEM solution”, Master’s Thesis, Department of Computer Science and Media Technology, Gjovik University, 2011.
- M. Collins, C. Gates, G Kataria "A model for opportunistic network exploits: The case of P2P worms." In Workshop on the Economics of Information Security (WEIS), University of Cambridge, 2006.
- Dodiya, U.K. Singh “Identification of Taxonomic Features through Assessment of Existing Taxonomies for Vulnerabilities Identification”, International Journal of Computer Applications, vol. 174, no. 31, pp. 14–22, 2021.
- M. Kjaerland "A taxonomy and comparison of computer security incidents from the commercial and government sectors" Computers and Security, vol. 25, no. 7, pp. 522-538, 2006.
- L. Lough “A taxonomy of computer attacks with applications to wireless networks”, PhD thesis, Virginia Polytechnic Institute and State University, 2001.
- B. K. Mishra, H. Saini, “Cyber attack classification using game theoretic weighted metrics approach”, World Applied Sciences Journal, vol .7, pp. 206-215, 2009
- P. Monahan, T. Mary “Attack Evolution: Identifying Attack Evolution Characteristics to Predict Future Attacks” PhD Thesis,, Institute of Systems Research
University of Maryland, 2006.
- K. Nasr, A. El Kalam, A. Fraboul “Generating Representative Attack Test Cases for Evaluating and Testing Wireless Intrusion Detection Systems”, International Journal of Network Security and Its Applications (IJNSA), vol. 4, no. 3, pp. 1-19, 2012.
- S.R. Nunes “Web attack risk awareness with lessons learned from high interaction honeypots”, PhD thesis, Carnegie Mellon University, 2009.
- J. Rutkowska “Introducing stealth malware taxonomy”, COSEINC Advanced Malware Labs, vol. 1, no.1, pp. 1-9, 2006.
- M. Saber, T. Bouchentouf, A. Benazzi, M. Azizi “Amelioration of attack classifications for evaluating and testing intrusion detection system”, Journal of Computer Science, vol. 6, no. 7, pp. 716-722, 2010.
- America’s Cyber Defence Agency, “Understanding Denial-of-Service Attacks” Url:https://www.cisa.gov/uscert/ncas/tips/ST04-015. (Erişim Tarihi: 10.02.2023).
- M.F. Hasan, and N.S. Al-Ramadan “Cyber-attacks and Cyber Security Readiness: Iraqi Private Banks” Case. Soc. Sci. Humanit. J, vol. 5, no. 8, pp. 2312-2323, 2021.
- F.E. Lubna, D.P. Robert “DoS and DDoS attacks in Software Defined Networks: A survey of existing solutions and research challenges”, Future Generation Computer Systems, vol. 122, no. 1, pp. 149-171, 2021.
- J. Myllyla, A. Costin “Reducing the Time to Detect Cyber-attacks: Combining At-tack Simulation With Detection Logic”, Proceedings of the 29th Conference of Open Inno-vations Association FRUCT, pp. 465-474, 2021.