Proactive Cyber Defense: Understanding and Testing for Advanced Persistent Threats (APTs)

摘要

Government and critical infrastructure networks are increasingly reliant on cyberspace. This reliance is in stark contrast to the inadequacy of cybersecurity: Many of these networks used to be closed and lack the robustness needed to withstand cyber-attacks. As a result, vulnerabilities in network protocol implementations can be exploited with Internet hacking tools to disrupt operations or to steal sensitive information. Fuzzing is a black-box testing technique originally used by blackhat hackers to find exploitable vulnerabilities. In this paper, we demonstrate how specification-based fuzzers can be used to discover exploitable vulnerabilities proactively to make networks and devices more robust against cyber-attacks. Advanced Persistent Threats (APTs) typically utilize previously unknown, zero-day vulnerabilities. Thus, proactive vulnerability discovery is an essential part of effective cybersecurity.