Cyber Threat Emulation

dc.contributor.authorMagnusson, Olof
dc.contributor.departmentChalmers tekniska högskola / Institutionen för data och informationstekniksv
dc.contributor.departmentChalmers University of Technology / Department of Computer Science and Engineeringen
dc.contributor.examinerHorkoff, Jennifer
dc.contributor.supervisorStaron, Miroslaw
dc.date.accessioned2024-01-05T08:21:09Z
dc.date.available2024-01-05T08:21:09Z
dc.date.issued2023
dc.date.submitted2023
dc.description.abstractThe rising frequency of cyber attacks presents challenges in protecting confidential data. As technology continues to evolve, it empowers both attackers and defenders to enhance their capabilities to exploit and protect software systems. This dynamic fuels innovation in security measures as organizations seek new and effective methods to mitigate cyber attacks that aim to violate the confidentiality, integrity, and availability of information. To face emerging cyber threats, threat intelligence frameworks have been proven essential for gathering information on the motives, targets, and attack behaviors of threat actor groups. By connecting the information from these frameworks, organizations can facilitate realistic training environments to increase the excellence of security practitioners. In this master thesis, the capability of linking attack techniques used by known threat actor groups and modules for attack execution is investigated. This is done by developing a mapping framework in an attempt to represent these techniques in SVED and subsequently instantiate this as an attack profile against a virtual organization in CRATE. The results indicate that when a specific CVE-entry (Common Vulnerabilities and Exposures) is prevalent in the incident description, there is a high likelihood of identifying an attack module for an attack technique. However, in the context of the experiment, the thesis has identified difficulties in emulating techniques by known threat actor groups. The evidence implies further research to explore more effective solutions for processing the modules in the attack profiles.
dc.identifier.coursecodeDATX05
dc.identifier.urihttp://hdl.handle.net/20.500.12380/307500
dc.language.isoeng
dc.setspec.uppsokTechnology
dc.subjectcomputer science
dc.subjectsoftware engineering
dc.subjectsecurity
dc.subjectsved
dc.subjectcrate
dc.subjectlore
dc.titleCyber Threat Emulation
dc.type.degreeExamensarbete för masterexamensv
dc.type.degreeMaster's Thesisen
dc.type.uppsokH
local.programmeSoftware engineering and technology (MPSOF), MSc

Ladda ner

Original bundle

Visar 1 - 1 av 1
Hämtar...
Bild (thumbnail)
Namn:
CSE 23-160 OM.pdf
Storlek:
1.56 MB
Format:
Adobe Portable Document Format

License bundle

Visar 1 - 1 av 1
Hämtar...
Bild (thumbnail)
Namn:
license.txt
Storlek:
2.35 KB
Format:
Item-specific license agreed upon to submission
Beskrivning: