-
CVE representation to build attack positions graphs
Authors:
Manuel Poisson,
Valérie Viet Triem Tong,
Gilles Guette,
Frédéric Guihéry,
Damien Crémilleux
Abstract:
In cybersecurity, CVEs (Common Vulnerabilities and Exposures) are publicly disclosed hardware or software vulnerabilities. These vulnerabilities are documented and listed in the NVD database maintained by the NIST. Knowledge of the CVEs impacting an information system provides a measure of its level of security. This article points out that these vulnerabilities should be described in greater deta…
▽ More
In cybersecurity, CVEs (Common Vulnerabilities and Exposures) are publicly disclosed hardware or software vulnerabilities. These vulnerabilities are documented and listed in the NVD database maintained by the NIST. Knowledge of the CVEs impacting an information system provides a measure of its level of security. This article points out that these vulnerabilities should be described in greater detail to understand how they could be chained together in a complete attack scenario. This article presents the first proposal for the CAPG format, which is a method for representing a CVE vulnerability, a corresponding exploit, and associated attack positions.
△ Less
Submitted 5 December, 2023;
originally announced December 2023.
-
URSID: Using formalism to Refine attack Scenarios for vulnerable Infrastructure Deployment
Authors:
Pierre-Victor Besson,
Valérie Viet Triem Tong,
Gilles Guette,
Guillaume Piolle,
Erwan Abgrall
Abstract:
In this paper we propose a novel way of deploying vulnerable architectures for defense and research purposes, which aims to generate deception platforms based on the formal description of a scenario. An attack scenario is described by an attack graph in which transitions are labeled by ATT&CK techniques or procedures. The state of the attacker is modeled as a set of secrets he acquires and a set o…
▽ More
In this paper we propose a novel way of deploying vulnerable architectures for defense and research purposes, which aims to generate deception platforms based on the formal description of a scenario. An attack scenario is described by an attack graph in which transitions are labeled by ATT&CK techniques or procedures. The state of the attacker is modeled as a set of secrets he acquires and a set of nodes he controls. Descriptions of a single scenario on a technical level can then be declined into several different scenarios on a procedural level, and each of these scenarios can be deployed into its own vulnerable architecture. To achieve this goal we introduce the notion of architecture constraints, as some procedures may only be exploited on system presenting special properties, such as having a specific operating system version. Finally, we present our deployment process for converting one of these scenarios into a vulnerable infrastructure, and offer an online proof of concept demonstration of our tool, where readers may deploy locally deploy a complete scenario inspired by the threat actor APT-29.
△ Less
Submitted 30 March, 2023;
originally announced March 2023.
-
A War Beyond Deepfake: Benchmarking Facial Counterfeits and Countermeasures
Authors:
Minh Tam Pham,
Thanh Trung Huynh,
Van Vinh Tong,
Thanh Tam Nguyen,
Thanh Thi Nguyen,
Hongzhi Yin,
Quoc Viet Hung Nguyen
Abstract:
In recent years, visual forgery has reached a level of sophistication that humans cannot identify fraud, which poses a significant threat to information security. A wide range of malicious applications have emerged, such as fake news, defamation or blackmailing of celebrities, impersonation of politicians in political warfare, and the spreading of rumours to attract views. As a result, a rich body…
▽ More
In recent years, visual forgery has reached a level of sophistication that humans cannot identify fraud, which poses a significant threat to information security. A wide range of malicious applications have emerged, such as fake news, defamation or blackmailing of celebrities, impersonation of politicians in political warfare, and the spreading of rumours to attract views. As a result, a rich body of visual forensic techniques has been proposed in an attempt to stop this dangerous trend. In this paper, we present a benchmark that provides in-depth insights into visual forgery and visual forensics, using a comprehensive and empirical approach. More specifically, we develop an independent framework that integrates state-of-the-arts counterfeit generators and detectors, and measure the performance of these techniques using various criteria. We also perform an exhaustive analysis of the benchmarking results, to determine the characteristics of the methods that serve as a comparative reference in this never-ending war between measures and countermeasures.
△ Less
Submitted 7 April, 2022; v1 submitted 25 November, 2021;
originally announced November 2021.
-
Evasive Windows Malware: Impact on Antiviruses and Possible Countermeasures
Authors:
Cédric Herzog,
Valérie Viet Triem Tong,
Pierre Wilke,
Arnaud van Straaten,
Jean-Louis Lanet
Abstract:
The perpetual opposition between antiviruses and malware leads both parties to evolve continuously. On the one hand, antiviruses put in place solutions that are more and more sophisticated and propose more complex detection techniques in addition to the classic signature analysis. This sophistication leads antiviruses to leave more traces of their presence on the machine they protect. To remain un…
▽ More
The perpetual opposition between antiviruses and malware leads both parties to evolve continuously. On the one hand, antiviruses put in place solutions that are more and more sophisticated and propose more complex detection techniques in addition to the classic signature analysis. This sophistication leads antiviruses to leave more traces of their presence on the machine they protect. To remain undetected as long as possible, malware can avoid executing within such environments by hunting down the modifications left by the antiviruses. This paper aims at determining the possibilities for malware to detect the antiviruses and then evaluating the efficiency of these techniques on a panel of antiviruses that are the most used nowadays. We then collect samples showing this kind of behavior and propose to evaluate a countermeasure that creates false artifacts, thus forcing malware to evade.
△ Less
Submitted 25 September, 2020;
originally announced September 2020.
