Title :
Breach detection system testing methodology
Author :
Balazs, Zoltan ; Miladinov, Sveta ; Pickard, Chris
Author_Institution :
MRG Effitas, Budapest, Hungary
Abstract :
Traditional antivirus systems, firewalls, intrusion detection or prevention systems, mail and web proxies have been bypassed by determined attackers for a long time. In order to fight these new threats, vendors started to develop new systems, called breach detection systems. Because the end-goal of these systems is detection, those can be considered as next generation intrusion detection systems. In order to measure the effectiveness of these breach detection systems, we propose a new type of test methodology. Our approach is based on that advanced attackers who can bypass the existing layers of security have the time, skill and resources to create unknown malware, with advanced bypass capabilities. We will evaluate a hybrid approach, where the IP / domain of the attacker C&C server is simulated in one case, and real in another case. Our approach uses only RAT (Remote Admin Tools / Remote Access Trojans) functionality, using both in-the-wild and custom developed RAT.
Keywords :
program testing; security of data; RAT functionality; antivirus systems; breach detection system; firewalls; intrusion detection system; intrusion prevention system; remote access trojans; remote admin tools; security layers; system testing methodology; Browsers; Home appliances; IP networks; Malware; Servers; Testing; Uniform resource locators; Advanced persistent threat; Breach detection system; test methodology;
Conference_Titel :
Anti-malware Testing Research (WATeR), 2014 Second Workshop on
Conference_Location :
Canterbury
DOI :
10.1109/WATeR.2014.7015756
