Paper Presentation at PCI 2022 Conference
On Saturday, 27 November 2021, Stylianos Karagiannis (PDMFC) and Sotiris Pelekis (NTUA) represented the authoring team of the scientific paper A-DEMO: ATT&CK Documentation, Emulation and Mitigation Operations at the 25th Pan-Hellenic Conference on Informatics (PCI 2021). The Conference was organised by the Greek Computer Society as a hybrid event with physical participation in Volos, Greece and online streaming.
The scope of the event revolved around multiple areas of the ICT research fields, featuring high-quality papers presenting pure or applied original research results. There were 6 Special Sessions distributed across the 3-days program of the conference.
In this context, the SPHINX partners contributed to the Cyber Security of Critical Infrastructures (CSCI) Special Session, whose scope revolved around both research and practical aspects of cyber security considerations for the resilience of sectors, including Healthcare. The topics addressed in this section included cybersecurity of industrial control systems, cybersecurity modelling and simulation, vulnerability and risk assessment methods for distributed infrastructures, incident response and many more.
According to its abstract, the joint paper elaborated on a rootkit case study about deploying and documenting realistic cyberattack scenarios:
Cyberattacks aimed at critical infrastructures are a tangible threat. Malicious actors can execute sequences of adversarial tactics, aiming to steal sensitive medical data or cause significant damage. The detection of such actions requires a thorough analysis of adversary behaviour and constant validation of security controls and mechanisms. Those can be achieved through realistic adversary emulations in safe testbed environments. This research paper proposes A-DEMO, a framework aimed at researchers and security analysts, that provides a structured methodology for the proper analysis, documentation and emulation of real-world cyberattacks along with mitigation actions. As a case study for validation of A-DEMO, a rootkit attack emulation against a replicated healthcare infrastructure is implemented and documented.
The paper is published in the PCI 2021 proceedings and it is available here.