A Hybrid Threat Model for Smart Systems

Valenza, Fulvio; Karafili, Erisa; Steiner, Rodrigo Vieira; Lupu, Emil

doi:10.1109/tdsc.2022.3213577

Cited by 8 publications

(8 citation statements)

References 28 publications

(49 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This approach aims to bridge the gap between industry and academia, enhancing the development and effectiveness of Ethical Hacking tools. [56], DFBC [69], ESASCF [73], ESRFuzzer [74], Firmaster [76], IoTFuzzer [83], LTESniffer [88], Lore [87], MaliceScript [92], Owfuzz [108], Pyciuti [118], RT-RCT [124], SVED [133], Scanner++ [125], ShoVAT [128], SuperEye [132], TOR-PEDO [136], UE Security Reloaded [137], Vulcan [142], Vulnsloit [146] Threat Modelling Cairis [60], ESSecA [75], HARMer [81], MAL [91], PenQuest [112], TAMELESS [134] Vulnerability Analysis AIBugHunter [52], ARMONY [53], AVAIN [55], Autosploit [54], Bbuzz [56], Black…”

Section: Discussionmentioning

confidence: 99%

“…No Name (TTCN-3) [102], NodeXP [104], OSV [107], ObjectMap [105], Owfuzz [108], PURITY [117], PenQuest [112], PentestGPT [113], PhpSAFE [114], Pyciuti [118], Pyciuti [118], RAT [119], ROSploit [123], RT-RCT [124], RT-RCT [124], Revealer [120], RiscyROP [121], Robin [122], SOA-Scanner [130], SVED [133], Scan-ner++ [125], SerialDetector [127], ShoVAT [128], ShoVAT [128], Snout [129], Snout [129], Spicy [131], Spicy [131], SuperEye [132], TAMELESS [134], TChecker [135], TORPEDO [136], UE Security Reloaded [137], VAPE-BRIDGE [139], VERA [140], VUDDY [141], VulCNN [143], VulDeePecker [144], VulPecker [147], Vulcan [142], Vulnet [145], Vulnsloit [146], WAPTT [148], WebFuzz [149], WebVIM [150] Resource Development ...…”

Section: Reconnaissancementioning

confidence: 99%

“…ADaMs [51], Firmaster [76], GNPassGAN [80], LTESniffer [88], NeuralNetwork-Cracking [100], NoCrack [103], OMEN [106], PassGAN [109], PassGPT [110], Pass-wordCrackingTraining [111], SemanticGuesser [126] Discovery AVAIN [55], Cairis [60], Firmaster [76], HILTI [82], Masat [93], PenQuest [112], RT-RCT [124], Snout [129], Spicy [131], TAMELESS [134], Vulcan [ Mitre ATT&CK Tools Collection: Adversary-In-The-Middle HILTI [82], Spicy [131] Credential Access: Brute Force: Password Cracking GNPassGAN [80], PassGAN [109], PasswordCrackingTraining [111] Discovery: Cloud Infrastructure Discovery MASAT [93], VULCAN [142] Discovery: Network Service Discovery AVAIN [55], Firmaster [76], HILTI [82], RT-RCT [124], Snout [129], Spicy [131] Enterprise: Credential Access: Brute Force Firmaster [76] Enterprise: Credential Access: Network Sniffing LTESniffer [88] Enterprise: Impact: Service Stop TORPEDO [136] Enterprise: Initial Access: External Remote Services NetCAT [99] Execution Bbuzz [56], Lore [87], Mirage [94], PentestGPT…”

Section: Persistence Privilege Escalation Defense Evasion Credential ...mentioning

confidence: 99%

“…Attacks & Defences: Adversarial Behaviours Cairis [60], ESASCF [73], ESSecA [75], HARMer [81], Lore [87], MAL [91], PenQuest [112], PenQuest [112], SVED [133], TAMELESS [134] Attacks & Defences: Malware & Attack Technology: Malware Analysis: Analysis Techniques: Static Analysis/Dynamic Analysis MAIT [90] Human, Organisational & Regulatory Aspects: Human Factors…”

Section: Cybok Toolsmentioning

confidence: 99%

See 3 more Smart Citations

Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools

Modesti,

Golightly,

Holmes

et al. 2024

JCP

View full text Add to dashboard Cite

The majority of Ethical Hacking (EH) tools utilised in penetration testing are developed by practitioners within the industry or underground communities. Similarly, academic researchers have also contributed to developing security tools. However, there appears to be limited awareness among practitioners of academic contributions in this domain, creating a significant gap between industry and academia’s contributions to EH tools. This research paper aims to survey the current state of EH academic research, primarily focusing on research-informed security tools. We categorise these tools into process-based frameworks (such as PTES and Mitre ATT&CK) and knowledge-based frameworks (such as CyBOK and ACM CCS). This classification provides a comprehensive overview of novel, research-informed tools, considering their functionality and application areas. The analysis covers licensing, release dates, source code availability, development activity, and peer review status, providing valuable insights into the current state of research in this field.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Reconnaissancementioning

confidence: 99%

Section: Persistence Privilege Escalation Defense Evasion Credential ...mentioning

confidence: 99%

Section: Cybok Toolsmentioning

confidence: 99%

See 2 more Smart Citations

Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools

Modesti,

Golightly,

Holmes

et al. 2024

JCP

View full text Add to dashboard Cite

show abstract

“…al. [14], the focus is to include human and physical elements in the Threat modeling process. Typical Threat Analysis activities include the cyber security aspects.…”

Section: Threat Modeling Articlesmentioning

confidence: 99%

A Systematic Evaluation of Artificial Intelligence's Impact on the Landscape of Threat Modeling

Pai,

R.Kunte,

Najee

2023

STAIQC

View full text Add to dashboard Cite

This article systematically evaluates the influence of Artificial Intelligence (AI) on the landscape of Threat modelingin cybersecurity. The study involves an extensive review of relevant journal articles, books, and conference papers to comprehensively assess the current state of the field. By synthesizing existing literature, we identify and analyze the ways in which AItechnologies are applied in Threat modelingmethodologies. The evaluation explores the strengths and limitations of these applications, shedding light on the advancements that have significantly enhancedThreat modeling.Furthermore, the research includes a meticulous gap analysis within the existing literature, revealing areas where further investigation is warranted. Identified gaps in the current research landscape serve as a foundation for proposing future research directions in AI-enhanced Threat modeling. The current literature related to the current landscape of Artificial Intelligence research in cybersecurity predominantly focuses on articles and active studies pertaining to the detection and prevention of cyber-attacks. However, there is a noticeable gap in the existing literature when it comes to leveraging Artificial Intelligence to enhance Threat modeling. While numerous innovative methods have been proposed in recent articles, these predominantly concentrate on Threat modeling within specific domains, such as unmanned vehicles, Cyber-Physical Systems, and Healthcare. There is a lack of generalization in applying these findings to improve Threat modeling practices more broadly. A promising avenue for further research lies in the automation of Threat modeling. Existing literature predominantly emphasizes the study of Threat generation areas, leaving other crucial aspects, such as Architecture representation and Model validation,in need of more comprehensive exploration and analysis

show abstract

Systematic analysis of automated threat modelling techniques: Comparison of open-source tools

Granata

Rak

2023

Software Qual J

View full text Add to dashboard Cite

Companies face increasing pressure to protect themselves and their customers from security threats. Security by design is a proactive approach that builds security into all aspects of a system from the ground up, rather than adding it on as an afterthought. By taking security into account at every stage of development, organizations can create systems that are more resistant to attacks and better able to recover from them if they do occur. One of the most relevant practices is threat modelling, i.e. the process of identifying and analysing the security threat to an information system, application, or network. These processes require security experts with high skills to anticipate possible issues: therefore, it is a costly task and requires a lot of time. To face these problems, many different automated threat modelling methodologies are emerging. This paper first carries out a systematic literature review (SLR) aimed at both having an overview of the automated threat modelling techniques used in literature and enumerating all the tools that implement these techniques. Then, an analysis was carried out considering four open-source tools and a comparison with our threat modelling approach using a simple, but significant case study: an e-commerce site developed on top of WordPress.

show abstract

A Hybrid Threat Model for Smart Systems

Cited by 8 publications

References 28 publications

Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools

Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools

A Systematic Evaluation of Artificial Intelligence's Impact on the Landscape of Threat Modeling

Systematic analysis of automated threat modelling techniques: Comparison of open-source tools

Contact Info

Product

Resources

About