Malware Mimics for Network Security Assessment
Abstract
For computer network infiltration and defense training within the Department of Defense, the use of Red Teams results in the most effective, realistic, and comprehensive training for network administrators. Our thesis is meant to mimic that highly trained adversary. We developed a framework that would exist in that operational network, that mimics the actions of that adversary or malware, that creates observable behaviors, and that is fully controllable and configurable. The framework is based upon a client-server relationship. The server is a Java multi-threaded server that issues commands to the Java client software on all of the hosts of the operational network. Our thesis proved that commands could be sent to those clients to generate scanning behavior that was observable on the network, that the clients would generate or cease their behavior within five seconds of the issuance of the command, and that the clients would return to a failsafe state if communication with the command and control server was lost. The framework that was created can be expanded to control more than twenty hosts. Furthermore, the software is extensible so that additional modules can be created for the client software to generate additional and more complex malware mimic behaviors.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 2011
- Accession Number
- ADA543124
Entities
People
- Paul M. Salevski
- William R. Taff Jr.
Organizations
- Naval Postgraduate School