Laccolith: Hypervisor-Based Adversary Emulation with Anti-Detection
IEEE Transactions on Dependable and Secure Computing(2023)
摘要
Advanced Persistent Threats (APTs) represent the most threatening form of
attack nowadays since they can stay undetected for a long time. Adversary
emulation is a proactive approach for preparing against these attacks. However,
adversary emulation tools lack the anti-detection abilities of APTs. We
introduce Laccolith, a hypervisor-based solution for adversary emulation with
anti-detection to fill this gap. We also present an experimental study to
compare Laccolith with MITRE CALDERA, a state-of-the-art solution for adversary
emulation, against five popular anti-virus products. We found that CALDERA
cannot evade detection, limiting the realism of emulated attacks, even when
combined with a state-of-the-art anti-detection framework. Our experiments show
that Laccolith can hide its activities from all the tested anti-virus products,
thus making it suitable for realistic emulations.
更多查看译文
关键词
Cybersecurity,MITRE ATT&CK,TTPs,Adversary Emulation,APT,Virtualization
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要