Perrone, Gaetano (2021) An Automated Approach to Offensive Security. [Tesi di dottorato]

[img]
Preview
Text
Perrone_Gaetano_34.pdf

Download (1MB) | Preview
[error in script] [error in script]
Item Type: Tesi di dottorato
Resource language: English
Title: An Automated Approach to Offensive Security
Creators:
CreatorsEmail
Perrone, Gaetanogaetano.perrone@unina.it
Date: 12 December 2021
Number of Pages: 109
Institution: Università degli Studi di Napoli Federico II
Department: Ingegneria Elettrica e delle Tecnologie dell'Informazione
Dottorato: Information technology and electrical engineering
Ciclo di dottorato: 34
Coordinatore del Corso di dottorato:
nomeemail
Riccio, Danieledaniele.riccio@unina.it
Tutor:
nomeemail
Romano, Simon PietroUNSPECIFIED
Date: 12 December 2021
Number of Pages: 109
Keywords: WebPT;Penetration Testing;Automation Offensive Security;cyber-range;security training;
Settori scientifico-disciplinari del MIUR: Area 09 - Ingegneria industriale e dell'informazione > ING-INF/05 - Sistemi di elaborazione delle informazioni
Date Deposited: 31 Jan 2022 09:32
Last Modified: 28 Feb 2024 11:41
URI: http://www.fedoa.unina.it/id/eprint/14296

Collection description

Cybersecurity is an increasingly important domain in Information Technology. In a time when each device is connected, cyber threats evolve more and more. Companies need to be protected and to evaluate the potential threats to their systems. There are several approaches to find flaws inside the systems. A very effective one is to simulate the attacker’s activities to break inside the environment, obtain access to sensitive information, and compromise the internal network. This kind of activity is called Penetration Testing, and its effectiveness lies in the ability to discover the most critical vulnerabilities. Despite its benefits, companies usually cannot meet their costs, as it requires advanced security experts. Our research work aims to integrate the knowledge of security experts inside an automated system that emulates a Penetration Tester’s activities. To accomplish this, we bring three main research contributions: - We develop behavioural models of Penetration Testing activities; - We develop a platform that integrates Behavioural Models and implements actions to send attacks; - We develop several solutions in the so-called cyber-range domain to test our platform in realistic virtual environments.

Downloads

Downloads per month over past year

Actions (login required)

View Item View Item