Perrone, Gaetano (2021) An Automated Approach to Offensive Security. [Tesi di dottorato]

[thumbnail of Perrone_Gaetano_34.pdf]
Preview
Text
Perrone_Gaetano_34.pdf

Download (1MB) | Preview
Item Type: Tesi di dottorato
Resource language: English
Title: An Automated Approach to Offensive Security
Creators:
Creators
Email
Perrone, Gaetano
gaetano.perrone@unina.it
Date: 12 December 2021
Number of Pages: 109
Institution: Università degli Studi di Napoli Federico II
Department: Ingegneria Elettrica e delle Tecnologie dell'Informazione
Dottorato: Information technology and electrical engineering
Ciclo di dottorato: 34
Coordinatore del Corso di dottorato:
nome
email
Riccio, Daniele
daniele.riccio@unina.it
Tutor:
nome
email
Romano, Simon Pietro
UNSPECIFIED
Date: 12 December 2021
Number of Pages: 109
Keywords: WebPT;Penetration Testing;Automation Offensive Security;cyber-range;security training;
Settori scientifico-disciplinari del MIUR: Area 09 - Ingegneria industriale e dell'informazione > ING-INF/05 - Sistemi di elaborazione delle informazioni
Date Deposited: 31 Jan 2022 09:32
Last Modified: 28 Feb 2024 11:41
URI: http://www.fedoa.unina.it/id/eprint/14296

Collection description

Cybersecurity is an increasingly important domain in Information Technology. In a time when each device is connected, cyber threats evolve more and more. Companies need to be protected and to evaluate the potential threats to their systems. There are several approaches to find flaws inside the systems. A very effective one is to simulate the attacker’s activities to break inside the environment, obtain access to sensitive information, and compromise the internal network. This kind of activity is called Penetration Testing, and its effectiveness lies in the ability to discover the most critical vulnerabilities. Despite its benefits, companies usually cannot meet their costs, as it requires advanced security experts. Our research work aims to integrate the knowledge of security experts inside an automated system that emulates a Penetration Tester’s activities. To accomplish this, we bring three main research contributions: - We develop behavioural models of Penetration Testing activities; - We develop a platform that integrates Behavioural Models and implements actions to send attacks; - We develop several solutions in the so-called cyber-range domain to test our platform in realistic virtual environments.

Downloads

Downloads per month over past year

Actions (login required)

View Item View Item