Risk Weighted Vulnerability Analysis in Automated Red Teaming

Abstract

The Cyber Automated Red Team Tool (CARTT) automates red teaming tasks, such as conducting vulnerabilities analysis in DOD networks. The tool provides its users with recommendations to either mitigate cyber threats against identified vulnerabilities or with options to exploit those vulnerabilities using cyber-attack actions. Previous versions of CARTT, however, did not consider a risk weighting of identified vulnerabilities before the exploitation phase. This thesis focused on extending CARTT by implementing a risk weighted framework that provides a risk-based analysis of identified vulnerabilities. The framework is based on the Host Exposure algorithm presented by the Naval Research Laboratory and was built into the existing CARTT server using the Python programming language. The resulting risk-based analysis of vulnerabilities is presented to the CARTT user in an easily readable table that provides more complete and actionable information. The implementation of this risk-weighted framework provides CARTT with enhanced analysis of vulnerabilities that pose the greatest risk to a target network.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2022
Accession Number
AD1201627

Entities

People

  • Audrey C Muse

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Authentication
  • Computer Programming
  • Computer Science
  • Computers
  • Cyber Protection
  • Cyber Threats
  • Cyberattacks
  • Cybersecurity
  • Cyberspace Operations
  • Graphical User Interface
  • Html
  • Information Systems
  • Language
  • Operating Systems
  • Python Programming Language
  • Risk
  • Risk Analysis
  • Standards
  • Test And Evaluation
  • User Interface
  • Vulnerability

Fields of Study

  • Computer science

Readers

  • Computational Modeling and Simulation
  • Cybersecurity.

Technology Areas

  • Cyber