This code is part of a submission to DAC24: EPIC: Efficient and Proactive Instruction-level Cyberdefense
We devised an attacker-defender player game, simulating diverse scenarios wherein an attacker endeavors to exploit memory vulnerabilities, potentially compromising an application's control flow. Our simulation setup, inspired by the network attack simulator (NASim) [1], provides a versatile environment that allows users to configure multiple parameters. Leveraging NASim's attacker-defender modeling functions, we created a Python-based environment comprising a victim with various vulnerabilities, a defender with adaptable defense strategies, and an attacker aiming to discover and exploit vulnerabilities. Our key simulation parameters, derived from the RIPE benchmark suite [2], are outlined below:
Configuration Parameters | Values Explored |
---|---|
vulnerability_types | buffer, pointer, return address, code gadgets |
exploit_types | simple, r2libc, rop |
attack_variables | payload_size, target_addr |
num_vulnerabilities | 1 to N |
success_threshold | 0 to 100% |
defender_strategy | EPIC_Redirect, EPIC_Exhaust, MTD |
num_honey_vulnerabilities | 0 to 100% |
viable_honey_types | pointer |
attack_budget | low, medium, high |
attack_actions | find_vulnerabilities, tune_variables, perform_exploit |
defense_actions | MTD_churn, PRIME |
In our simulations, the attacker begins with an initial budget to accomplish the attack. The defender has a similar starting budget for game modeling purposes to protect the system. The attacker and defender incur a cost (proportional to the number of instructions executed) for every action during the exploration and defense phases, respectively. If the defender has successfully thwarted the attack completely, the defender gains the attacker's remaining budget (i.e., the attacker is under the defender's control and can inspect every one of the adversary's future actions in its controlled environment).
To run the code, use this command:
python3 analytical_model_v2.py
Once the command runs to completion, it generates a chart comparing the trend of attackers' and defenders' budgets for the game's duration.
[1] Callum Baillie, Maxwell Standen, Jonathon Schwartz, Michael Docking, David Bowman, and Junae Kim. 2020. Cyborg: An autonomous cyber operations research gym. arXiv preprint arXiv:2002.10667 (2020).
[2] John Wilander, Nick Nikiforakis, Yves Younan, Mariam Kamkar, and Wouter Joosen. 2011. RIPE: Runtime intrusion prevention evaluator. In ACM ACSAC’11. 41–50.