Automated adversary emulation is becoming an indispensable tool of network security operators in testing and evaluating their cyber defenses. At the same time, it has exposed how quickly adversaries can propagate through the network. While research has greatly progressed on quality decoy generation to fool human adversaries, we may need different strategies to slow computer agents. In this paper, we show that decoy generation can slow an automated agent's decision process, but that the degree to which it is inhibited is greatly dependent on the types of objects used. This points to the need to explicitly evaluate decoy generation and placement strategies against fast moving, automated adversaries.
翻译:自动反向模拟正在成为网络安全操作者测试和评估其网络防御的一个不可或缺的工具。 同时,它暴露了对手通过网络传播的速度。 虽然关于质量诱饵生成的研究已经取得很大进展,以欺骗人类对手,但我们可能需要不同的策略来减缓计算机代理器的速度。 在本文中,我们表明诱饵生成可以减缓自动代理器的决策过程,但是它受抑制的程度在很大程度上取决于所使用的物体类型。 这表明需要明确评估诱饵生成和安插策略,以对抗快速移动的自动对手。
相关内容
微信扫码咨询专知VIP会员