Rechercher
Fermer ce champ de recherche.

Vous êtes victime d’un incident de sécurité ? Contactez notre CERT

18/11/2021

Publications

Reinforced Autonomous Agents with Attack-Defense Exercises in Realistic Environments

Frédéric Guihery, Damien Crémilleux, AMOSSYS & SEKOIA

Abstract

The current trend is towards automation inside a security operations center (SOC), in particular on the remediation side. However, the implementation of remediation playbooks must be qualified in terms of impact on the protected service, in order to avoid loss of availability. Here we propose an approach aimed at automating the execution of attacker intrusion sets against an IT network, to learn the best
countermeasures to apply. This approach is based on an environment that automates attack and defense, with a learning capability. Attack automation relies on simulating the modus operandi of threat actors as well as their attack infrastructures. In defense, automated learning of the most suitable remediation action sequences for the protection of an information system (IS) is carried out. This article details the results obtained by the DALID platform, which allows the behavior of autonomous attackers and defenders to be observed during repeated exercises to automatically create the best remediation strategies for SOC teams. In the future, this platform aims to become an attack-defense gamification framework for evaluating the effectiveness of defensive computer warfare architectures.

Voir les dernières Publications

25 novembre 2024
Avec une souche éprouvée, des outils bien choisis et des cibles stratégiques, 8Base se distingue comme une menace particulièrement redoutable. […]
28 mai 2024
Cet article présente et expérimente AWARE (Attacks in Windows Architectures REvealed), un outil défensif capable d'interroger un système Windows et […]
28 mai 2024
Cet article présente la première proposition du format CAPG, qui est une méthode de représentation d'une vulnérabilité CVE, d'une exploitation […]
26 janvier 2021
Persistent Threats (APT) since only pre-registered and well-characterized attacks can be catched. Some recent systems use unsupervised ML algorithms [...]
15 décembre 2020
Cet article expose la mise en oeuvre du leurrage dans un but de renseignement sur les attaquants (outils et méthodes).
23 novembre 2018
The current trend is towards automation inside a security operations center (SOC), in particular on the remediation side [...]
28 août 2018
Understanding data distributions is one of the most fundamentalresearch topic in data analysis. The literature provides a great dealof powerful […]
21 août 2017
Anomaly detection in time series has attracted considerable attention due to its importance in many real-world applications including intrusion detection, […]
22 mai 2017
Le langage C++ s’est imposé comme une référence dans les domaines où la modularité du développement ne doit pas empiéter […]
5 juillet 2016
Verification of software security properties, when conducted at the binary code level, is a difficult and cumbersome task. This paper […]