HARMer: Cyber-attacks Automation and Evaluation

TL;DR

HARMer is an automated framework for generating cyber-attacks using a scalable security model, enabling more efficient and consistent security assessments without relying solely on manual red team efforts.

Contribution

The paper introduces HARMer, a novel automation framework based on HARM, with new attack planning strategies and experimental validation in real and cloud environments.

Findings

Effective attack modeling and planning demonstrated in enterprise and cloud networks.

Automation reduces dependency on manual red team efforts.

Framework enables automated impact assessment of cyber threats.

Abstract

With the increasing growth of cyber-attack incidences, it is important to develop innovative and effective techniques to assess and defend networked systems against cyber attacks. One of the well-known techniques for this is performing penetration testing which is carried by a group of security professionals (i.e, red team). Penetration testing is also known to be effective to find existing and new vulnerabilities, however, the quality of security assessment can be depending on the quality of the red team members and their time and devotion to the penetration testing. In this paper, we propose a novel automation framework for cyber-attacks generation named `HARMer' to address the challenges with respect to manual attack execution by the red team. Our novel proposed framework, design, and implementation is based on a scalable graphical security model called Hierarchical Attack Representation Model (HARM). (1) We propose the requirements and the key phases for the automation framework. (2) We propose security metrics-based attack planning strategies along with their algorithms. (3) We conduct experiments in a real enterprise network and Amazon Web Services. The results show how the different phases of the framework interact to model the attackers' operations. This framework will allow security administrators to automatically assess the impact of various threats and attacks in an automated manner.