Skip to main content
SpringerLink
Log in

Agents in Simulation of Cyberattacks to Evaluate Security of Critical Infrastructures

  • Chapter
Book cover Multiagent Systems and Applications

Part of the book series: Intelligent Systems Reference Library ((ISRL,volume 45))

  • 988 Accesses

Abstract

In the last years critical infrastructures have become highly dependent on the information technologies and exposed to cyberattacks. Because the effects of the attacks can be detrimental, it is crucial to comprehensively asses the security of the infrastructures’ information systems. This chapter describes MAlSim – the simulator of malicious software based on software agents, developed for the needs of a testbed for critical infrastructures security. The authors explain the choice of agent paradigm for the development of the toolkit, present main design decisions, overview changes to the project introduced during the implementation, and provide the details of the completed project followed by a brief description of the application of MAlSim to security evaluation of a power plant. The chapter concludes with the discussion of the perspectives for the future of agent technology based on the experiences which came during the course of the project.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bellifemine, F.L., Caire, G., Greenwood, D.: Developing Multi-Agent Systems with JADE. Wiley (2007)

    Google Scholar 

  2. Bryson, J., Decker, K., Deloach, S.A., Huhns, M., Wooldridge, M.: Panel Summary: Agent Development Tools. In: Castelfranchi, C., Lespérance, Y. (eds.) ATAL 2000. LNCS (LNAI), vol. 1986, pp. 331–338. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  3. Ceccato, M., Tonella, P., Preda, M.D., Majumdar, A.: Remote software protection by orthogonal client replacement. In: Proceedings of the 2009 ACM Symposium on Applied Computing, SAC 2009, pp. 448–455. ACM, New York (2009)

    Google Scholar 

  4. Chess, D., Grosof, B., Harrison, C., Levine, D., Parris, C., Tsudik, G.: Itinerant agents for mobile computing. IEEE Personal Communications 2(5), 34–49 (1995), citeseer.ist.psu.edu/article/chess95itinerant.html

    Article  Google Scholar 

  5. Commission, E.: COM(2008) 676 final, proposal for a council decision on a Critical Infrastructure Warning Information Network (CIWIN). Internet (2008)

    Google Scholar 

  6. Desnitsky, V., Kotenko, I.: Security and Scalability of Remote Entrusting Protection. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2010. LNCS, vol. 6258, pp. 298–306. Springer, Heidelberg (2010), http://portal.acm.org/citation.cfm?id=1885194.1885223

    Chapter  Google Scholar 

  7. Ellis, D.: Worm anatomy and model. In: WORM 2003: Proceedings of the 2003 ACM Workshop on Rapid Malcode, pp. 42–50. ACM, New York (2003)

    Chapter  Google Scholar 

  8. F-Secure: F-Secure virus description database. Website (2008), http://www.f-secure.com/v-descs/ (last access: January 18, 2008)

  9. Faistenhammer, T., Klöck, M., Klotz, K., Krüger, T., Reinisch, P., Wagner, J.: Virlab 2.1. Internet (1993), http://kklotz.de/html/virlab.html (last access: October 29, 2007)

  10. Farmer, W.M., Guttman, J.D., Swarup, V.: Security for mobile agents: Issues and requirements (1996), http://gunther.smeal.psu.edu/farmer96security.html

  11. Filiol, É.: Franc, E., Gubbioli, A., Moquet, B., Roblot, G.: Combinatorial optimisation of worm propagation on an unknown network. International Journal in Computer Science 2(2), 124 – 131 (2007), http://vx.netlux.org (last access: March 7, 2008)

  12. Fovino, I.N., Masera, M., Leszczyna, R.: Security Assessment of a Turbo-Gas Power Plant. In: Critical Infrastructure Protection, pp. 31–40. Springer (2009), http://www.springerlink.com/content/k0137022kw265n08

  13. Godoy, G., Tiwari, A.: Invariant Checking for Programs with Procedure Calls. In: Palsberg, J., Su, Z. (eds.) SAS 2009. LNCS, vol. 5673, pp. 326–342. Springer, Heidelberg (2009), http://dx.doi.org/10.1007/978-3-642-03237-0_22

    Chapter  Google Scholar 

  14. Gordon, S.: Are good virus simulators still a bad idea? Network Security 1996(9), 7–13 (1996)

    Article  Google Scholar 

  15. Hirst, J.: Virus simulation suite. Internet (1990)

    Google Scholar 

  16. Hohl, F.: Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Hosts. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, pp. 92–113. Springer, Heidelberg (1998), citeseer.ist.psu.edu/hohl98time.html (last access: May 10, 2006)

    Chapter  Google Scholar 

  17. ISO/IEC: ISO/IEC 27001: 2005(E): Information technology – Security techniques – Information security management systems – Requirements. U.S. Government Printing Office (2005)

    Google Scholar 

  18. Jansen, W., Karygiannis, T.: NIST special publication 800-19 - mobile agent security (2000), http://citeseer.ist.psu.edu/jansen00nist.html

  19. Karjoth, G., Asokan, N., Gülcü, C.: Protecting the Computation Results of Free-Roaming Agents. In: Rothermel, K., Hohl, F. (eds.) MA 1998. LNCS, vol. 1477, pp. 195–207. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  20. Leeuwen, B.V., Urias, V., Eldridge, J., Villamarin, C., Olsberg, R.: Cyber security analysis testbed: Combining real, emulation, and simulation. In: Proceedings of the 2010 IEEE International Carnahan Conference on Security Technology (ICCST), pp. 121–126 (2010)

    Google Scholar 

  21. Leszczyna, R., Fovino, I.N., Masera, M.: MAlSim – mobile agent malware simulator. In: Proceedings of the First International Conference on Simulation Tools and Techniques for Communications, Networks and Systems (SIMUTools 2008), ICST, France (2008)

    Google Scholar 

  22. Leszczyna, R., Fovino, I.N., Masera, M.: Security evaluation of IT systems underlying critical networked infrastructures. In: Proceedings of the First International IEEE Conference on Information Technology (IT 2008), IEEE, Gdansk University of Technology, Gdańsk, Poland (2008)

    Google Scholar 

  23. Leszczyna, R., Fovino, I.N., Masera, M.: Simulating malware with MAlSim. Journal in Computer Virology (2008), http://www.springerlink.com/content/k0843hgq60333556 (last access: September 24, 2012)

  24. Leszczyna, R., Fovino, I.N., Masera, M.: An approach to security assessment of critical infrastructures’ information systems. IET Information Security 5, 135–144 (2011)

    Article  Google Scholar 

  25. Leszczyna, R., Kotenko, I.: Security and Anonymity in Agent Systems. In: Essaaidi, M., Ganzha, M., Paprzycki, M. (eds.) Software Agents, Agent Systems and Their Applications, Sub-Series D: Information and Communication Security, vol. 32, pp. 260–285. IOS Press, Amsterdam (2012)

    Google Scholar 

  26. Liljenstam, M., Nicol, D.M., Berk, V.H., Gray, R.S.: Simulating realistic network worm traffic for worm warning system design and testing. In: WORM 2003: Proceedings of the 2003 ACM Workshop on Rapid Malcode, pp. 24–33 (2003)

    Google Scholar 

  27. Liljenstam, M., Yuan, Y., Premore, B., Nicol, D.: A mixed abstraction level simulation model of large-scale internet worm infestations. In: Proceedings of the 10th IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems (MASCOTS 2002), p. 109. IEEE Computer Society, Washington, DC (2002)

    Chapter  Google Scholar 

  28. Luck, M., McBurney, P., Preist, C.: Agent Technology: Enabling Next Generation Computing (A Roadmap for Agent Based Computing). AgentLink (2003)

    Google Scholar 

  29. McAfee: McAfee virus information. Website (2008), http://uk.mcafee.com/virusInfo/ (last access: January 18, 2008)

  30. Mischel Internet Security: Trojan simulator. Internet (2003), http://www.misec.net/trojansimulator/ (last access: October 29, 2007)

  31. Moore, D., Shannon, C., Voelker, G.M., Savage, S.: Internet quarantine: Requirements for containing self-propagating code. In: NFOCOM 2003, Twenty-Second Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 3, pp. 1901–1910 (2003)

    Google Scholar 

  32. National Institute of Standards and Technology (NIST): DRAFT Recommended Security Controls for Federal Information Systems and Organizations. National Institute of Standards and Technology (NIST) Special Publication 800-53 Rev. 3. U.S. Government Printing Office (2009)

    Google Scholar 

  33. Nicol, D.M.: Modeling and simulation in security evaluation. IEEE Security and Privacy 3, 71–74 (2005), doi:10.1109/MSP.2005.129

    Article  Google Scholar 

  34. Nicol, D.M., Sanders, W.H., Trivedi, K.S.: Model-based evaluation: From dependability to security. IEEE Trans. Dependable Secur. Comput. 1, 48–65 (2004), doi: http://dx.doi.org/10.1109/TDSC.2004.11

  35. Ordille, J.J.: When agents roam, who can you trust? In: First Conference on Emerging Technologies and Applications in Communications (etaCOM), Portland, OR, March 24 (1996), citeseer.ist.psu.edu/ordille96when.html (last access: March 24, 2006)

  36. Perumalla, K.S., Sundaragopalan, S.: High-fidelity modeling of computer network worms. acsac 00, 126–135 (2004)

    Google Scholar 

  37. Rosenthal Engineering: Rosenthal virus simulator. Internet (1997)

    Google Scholar 

  38. Sharif, M.I., Riley, G.F., Lee, W.: Comparative study between analytical models and packet-level worm simulations. In: PADS 2005: Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation, pp. 88–98. IEEE Computer Society, Washington, DC (2005)

    Chapter  Google Scholar 

  39. Singh, S., Lyons, J., Nicol, D.M.: Fast model-based penetration testing. In: Proceedings of the 36th conference on Winter simulation, WSC 2004, pp. 309–317 (2004), http://portal.acm.org/citation.cfm?id=1161734.1161797

  40. Skoudis, E., Zeltser, L.: Malware: Fighting Malicious Code. Prentice Hall Professional Technical Reference, Upper Saddle River (2003)

    Google Scholar 

  41. Symantec: Symantec security response. Website (2008), http://www.symantec.com/security_response/ (last access: January 18, 2008)

  42. Symantec: Symantec internet security threat report trends for 2010. Tech. rep., Symantec Corporation (2011)

    Google Scholar 

  43. Symantec Research Labs: Symantec worm simulator. Internet (2005)

    Google Scholar 

  44. Takebe, T.: Trend in security evaluation and accreditation. In: Proceedings of the SICE Annual Conference, vol. 2008, pp. 1482–1486 (2008)

    Google Scholar 

  45. Wagner, A., Dübendorfer, T., Plattner, B., Hiestand, R.: Experiences with worm propagation simulations. In: WORM 2003: Proceedings of the 2003 ACM Workshop on Rapid Malcode, pp. 34–41. ACM, New York (2003)

    Chapter  Google Scholar 

  46. Wei, S., Mirkovic, J., Swany, M.: Distributed worm simulation with a realistic internet model. In: PADS 2005: Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation, pp. 71–79. IEEE Computer Society, Washington, DC (2005)

    Google Scholar 

  47. Whitaker, A., Newman, D.: Penetration Testing and Cisco Network Defense. Cisco Press (2005)

    Google Scholar 

  48. Wilhelm, U.G., Staamann, S., Buttyán, L.: Protecting the Itinerary of Mobile Agents. In: Demeyer, S., Dannenberg, R.B. (eds.) ECOOP 1998 Workshops. LNCS, vol. 1543, pp. 301–301. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  49. Yee, B.S.: A sanctuary for mobile agents. In: Proceedings of the DARPA Workshop on Foundations for Secure Mobile Code, Monterey, USA (1997), citeseer.ist.psu.edu/article/yee97sanctuary.html (last access: May 08, 2006)

  50. Zou, C.C., Gong, W., Towsley, D.: Worm propagation modeling and analysis under dynamic quarantine defense. In: WORM 2003: Proceedings of the 2003 ACM Workshop on Rapid Malcode, pp. 51–60. ACM, New York (2003)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Management and Economics, Gdańsk University of Technology, Narutowicza 11/12, Gdańsk, Poland

    Rafał Leszczyna

Authors
  1. Rafał Leszczyna
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rafał Leszczyna .

Editor information

Editors and Affiliations

  1. , Institute of Informatics, University of Gdańsk, ul. Wita Stwosza 57 80-952, Gdańsk, Poland

    Maria Ganzha

  2. , School of Electrical and, University of South Australia, South Australia, 5095, Australia

    Lakhmi C. Jain

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Leszczyna, R. (2013). Agents in Simulation of Cyberattacks to Evaluate Security of Critical Infrastructures. In: Ganzha, M., Jain, L. (eds) Multiagent Systems and Applications. Intelligent Systems Reference Library, vol 45. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33323-1_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33323-1_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33322-4

  • Online ISBN: 978-3-642-33323-1

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation