RISK WEIGHTED VULNERABILITY ANALYSIS IN AUTOMATED RED TEAMING
Loading...
Authors
Muse, Audrey C.
Subjects
advanced cyber operations
ACO
Cyber Automated Red Team Tool
CARTT
Department of Defense
DOD
Department of the Navy
DON
Director
Operational Test and Evaluation
DOT&E
graphical user interface
GUI
offensive cyber operations
OCO
persistent cyber operations
PCO
ACO
Cyber Automated Red Team Tool
CARTT
Department of Defense
DOD
Department of the Navy
DON
Director
Operational Test and Evaluation
DOT&E
graphical user interface
GUI
offensive cyber operations
OCO
persistent cyber operations
PCO
Advisors
Shaffer, Alan B.
Singh, Gurminder
Date of Issue
2022-09
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
The Cyber Automated Red Team Tool (CARTT) automates red teaming tasks, such as conducting vulnerabilities analysis in DOD networks. The tool provides its users with recommendations to either mitigate cyber threats against identified vulnerabilities or with options to exploit those vulnerabilities using cyber-attack actions. Previous versions of CARTT, however, did not consider a risk weighting of identified vulnerabilities before the exploitation phase. This thesis focused on extending CARTT by implementing a risk weighted framework that provides a risk-based analysis of identified vulnerabilities. The framework is based on the Host Exposure algorithm presented by the Naval Research Laboratory and was built into the existing CARTT server using the Python programming language. The resulting risk-based analysis of vulnerabilities is presented to the CARTT user in an easily readable table that provides more complete and actionable information. The implementation of this risk-weighted framework provides CARTT with enhanced analysis of vulnerabilities that pose the greatest risk to a target network.
Type
Thesis
Description
Series/Report No
Department
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
Funding
Format
Citation
Distribution Statement
Approved for public release. Distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.