Abstract
In the last years critical infrastructures have become highly dependent on the information technologies and exposed to cyberattacks. Because the effects of the attacks can be detrimental, it is crucial to comprehensively asses the security of the infrastructures’ information systems. This chapter describes MAlSim – the simulator of malicious software based on software agents, developed for the needs of a testbed for critical infrastructures security. The authors explain the choice of agent paradigm for the development of the toolkit, present main design decisions, overview changes to the project introduced during the implementation, and provide the details of the completed project followed by a brief description of the application of MAlSim to security evaluation of a power plant. The chapter concludes with the discussion of the perspectives for the future of agent technology based on the experiences which came during the course of the project.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bellifemine, F.L., Caire, G., Greenwood, D.: Developing Multi-Agent Systems with JADE. Wiley (2007)
Bryson, J., Decker, K., Deloach, S.A., Huhns, M., Wooldridge, M.: Panel Summary: Agent Development Tools. In: Castelfranchi, C., Lespérance, Y. (eds.) ATAL 2000. LNCS (LNAI), vol. 1986, pp. 331–338. Springer, Heidelberg (2001)
Ceccato, M., Tonella, P., Preda, M.D., Majumdar, A.: Remote software protection by orthogonal client replacement. In: Proceedings of the 2009 ACM Symposium on Applied Computing, SAC 2009, pp. 448–455. ACM, New York (2009)
Chess, D., Grosof, B., Harrison, C., Levine, D., Parris, C., Tsudik, G.: Itinerant agents for mobile computing. IEEE Personal Communications 2(5), 34–49 (1995), citeseer.ist.psu.edu/article/chess95itinerant.html
Commission, E.: COM(2008) 676 final, proposal for a council decision on a Critical Infrastructure Warning Information Network (CIWIN). Internet (2008)
Desnitsky, V., Kotenko, I.: Security and Scalability of Remote Entrusting Protection. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2010. LNCS, vol. 6258, pp. 298–306. Springer, Heidelberg (2010), http://portal.acm.org/citation.cfm?id=1885194.1885223
Ellis, D.: Worm anatomy and model. In: WORM 2003: Proceedings of the 2003 ACM Workshop on Rapid Malcode, pp. 42–50. ACM, New York (2003)
F-Secure: F-Secure virus description database. Website (2008), http://www.f-secure.com/v-descs/ (last access: January 18, 2008)
Faistenhammer, T., Klöck, M., Klotz, K., Krüger, T., Reinisch, P., Wagner, J.: Virlab 2.1. Internet (1993), http://kklotz.de/html/virlab.html (last access: October 29, 2007)
Farmer, W.M., Guttman, J.D., Swarup, V.: Security for mobile agents: Issues and requirements (1996), http://gunther.smeal.psu.edu/farmer96security.html
Filiol, É.: Franc, E., Gubbioli, A., Moquet, B., Roblot, G.: Combinatorial optimisation of worm propagation on an unknown network. International Journal in Computer Science 2(2), 124 – 131 (2007), http://vx.netlux.org (last access: March 7, 2008)
Fovino, I.N., Masera, M., Leszczyna, R.: Security Assessment of a Turbo-Gas Power Plant. In: Critical Infrastructure Protection, pp. 31–40. Springer (2009), http://www.springerlink.com/content/k0137022kw265n08
Godoy, G., Tiwari, A.: Invariant Checking for Programs with Procedure Calls. In: Palsberg, J., Su, Z. (eds.) SAS 2009. LNCS, vol. 5673, pp. 326–342. Springer, Heidelberg (2009), http://dx.doi.org/10.1007/978-3-642-03237-0_22
Gordon, S.: Are good virus simulators still a bad idea? Network Security 1996(9), 7–13 (1996)
Hirst, J.: Virus simulation suite. Internet (1990)
Hohl, F.: Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Hosts. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, pp. 92–113. Springer, Heidelberg (1998), citeseer.ist.psu.edu/hohl98time.html (last access: May 10, 2006)
ISO/IEC: ISO/IEC 27001: 2005(E): Information technology – Security techniques – Information security management systems – Requirements. U.S. Government Printing Office (2005)
Jansen, W., Karygiannis, T.: NIST special publication 800-19 - mobile agent security (2000), http://citeseer.ist.psu.edu/jansen00nist.html
Karjoth, G., Asokan, N., Gülcü, C.: Protecting the Computation Results of Free-Roaming Agents. In: Rothermel, K., Hohl, F. (eds.) MA 1998. LNCS, vol. 1477, pp. 195–207. Springer, Heidelberg (1998)
Leeuwen, B.V., Urias, V., Eldridge, J., Villamarin, C., Olsberg, R.: Cyber security analysis testbed: Combining real, emulation, and simulation. In: Proceedings of the 2010 IEEE International Carnahan Conference on Security Technology (ICCST), pp. 121–126 (2010)
Leszczyna, R., Fovino, I.N., Masera, M.: MAlSim – mobile agent malware simulator. In: Proceedings of the First International Conference on Simulation Tools and Techniques for Communications, Networks and Systems (SIMUTools 2008), ICST, France (2008)
Leszczyna, R., Fovino, I.N., Masera, M.: Security evaluation of IT systems underlying critical networked infrastructures. In: Proceedings of the First International IEEE Conference on Information Technology (IT 2008), IEEE, Gdansk University of Technology, Gdańsk, Poland (2008)
Leszczyna, R., Fovino, I.N., Masera, M.: Simulating malware with MAlSim. Journal in Computer Virology (2008), http://www.springerlink.com/content/k0843hgq60333556 (last access: September 24, 2012)
Leszczyna, R., Fovino, I.N., Masera, M.: An approach to security assessment of critical infrastructures’ information systems. IET Information Security 5, 135–144 (2011)
Leszczyna, R., Kotenko, I.: Security and Anonymity in Agent Systems. In: Essaaidi, M., Ganzha, M., Paprzycki, M. (eds.) Software Agents, Agent Systems and Their Applications, Sub-Series D: Information and Communication Security, vol. 32, pp. 260–285. IOS Press, Amsterdam (2012)
Liljenstam, M., Nicol, D.M., Berk, V.H., Gray, R.S.: Simulating realistic network worm traffic for worm warning system design and testing. In: WORM 2003: Proceedings of the 2003 ACM Workshop on Rapid Malcode, pp. 24–33 (2003)
Liljenstam, M., Yuan, Y., Premore, B., Nicol, D.: A mixed abstraction level simulation model of large-scale internet worm infestations. In: Proceedings of the 10th IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems (MASCOTS 2002), p. 109. IEEE Computer Society, Washington, DC (2002)
Luck, M., McBurney, P., Preist, C.: Agent Technology: Enabling Next Generation Computing (A Roadmap for Agent Based Computing). AgentLink (2003)
McAfee: McAfee virus information. Website (2008), http://uk.mcafee.com/virusInfo/ (last access: January 18, 2008)
Mischel Internet Security: Trojan simulator. Internet (2003), http://www.misec.net/trojansimulator/ (last access: October 29, 2007)
Moore, D., Shannon, C., Voelker, G.M., Savage, S.: Internet quarantine: Requirements for containing self-propagating code. In: NFOCOM 2003, Twenty-Second Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 3, pp. 1901–1910 (2003)
National Institute of Standards and Technology (NIST): DRAFT Recommended Security Controls for Federal Information Systems and Organizations. National Institute of Standards and Technology (NIST) Special Publication 800-53 Rev. 3. U.S. Government Printing Office (2009)
Nicol, D.M.: Modeling and simulation in security evaluation. IEEE Security and Privacy 3, 71–74 (2005), doi:10.1109/MSP.2005.129
Nicol, D.M., Sanders, W.H., Trivedi, K.S.: Model-based evaluation: From dependability to security. IEEE Trans. Dependable Secur. Comput. 1, 48–65 (2004), doi: http://dx.doi.org/10.1109/TDSC.2004.11
Ordille, J.J.: When agents roam, who can you trust? In: First Conference on Emerging Technologies and Applications in Communications (etaCOM), Portland, OR, March 24 (1996), citeseer.ist.psu.edu/ordille96when.html (last access: March 24, 2006)
Perumalla, K.S., Sundaragopalan, S.: High-fidelity modeling of computer network worms. acsac 00, 126–135 (2004)
Rosenthal Engineering: Rosenthal virus simulator. Internet (1997)
Sharif, M.I., Riley, G.F., Lee, W.: Comparative study between analytical models and packet-level worm simulations. In: PADS 2005: Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation, pp. 88–98. IEEE Computer Society, Washington, DC (2005)
Singh, S., Lyons, J., Nicol, D.M.: Fast model-based penetration testing. In: Proceedings of the 36th conference on Winter simulation, WSC 2004, pp. 309–317 (2004), http://portal.acm.org/citation.cfm?id=1161734.1161797
Skoudis, E., Zeltser, L.: Malware: Fighting Malicious Code. Prentice Hall Professional Technical Reference, Upper Saddle River (2003)
Symantec: Symantec security response. Website (2008), http://www.symantec.com/security_response/ (last access: January 18, 2008)
Symantec: Symantec internet security threat report trends for 2010. Tech. rep., Symantec Corporation (2011)
Symantec Research Labs: Symantec worm simulator. Internet (2005)
Takebe, T.: Trend in security evaluation and accreditation. In: Proceedings of the SICE Annual Conference, vol. 2008, pp. 1482–1486 (2008)
Wagner, A., Dübendorfer, T., Plattner, B., Hiestand, R.: Experiences with worm propagation simulations. In: WORM 2003: Proceedings of the 2003 ACM Workshop on Rapid Malcode, pp. 34–41. ACM, New York (2003)
Wei, S., Mirkovic, J., Swany, M.: Distributed worm simulation with a realistic internet model. In: PADS 2005: Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation, pp. 71–79. IEEE Computer Society, Washington, DC (2005)
Whitaker, A., Newman, D.: Penetration Testing and Cisco Network Defense. Cisco Press (2005)
Wilhelm, U.G., Staamann, S., Buttyán, L.: Protecting the Itinerary of Mobile Agents. In: Demeyer, S., Dannenberg, R.B. (eds.) ECOOP 1998 Workshops. LNCS, vol. 1543, pp. 301–301. Springer, Heidelberg (1998)
Yee, B.S.: A sanctuary for mobile agents. In: Proceedings of the DARPA Workshop on Foundations for Secure Mobile Code, Monterey, USA (1997), citeseer.ist.psu.edu/article/yee97sanctuary.html (last access: May 08, 2006)
Zou, C.C., Gong, W., Towsley, D.: Worm propagation modeling and analysis under dynamic quarantine defense. In: WORM 2003: Proceedings of the 2003 ACM Workshop on Rapid Malcode, pp. 51–60. ACM, New York (2003)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Leszczyna, R. (2013). Agents in Simulation of Cyberattacks to Evaluate Security of Critical Infrastructures. In: Ganzha, M., Jain, L. (eds) Multiagent Systems and Applications. Intelligent Systems Reference Library, vol 45. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33323-1_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-33323-1_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33322-4
Online ISBN: 978-3-642-33323-1
eBook Packages: EngineeringEngineering (R0)