TY - GEN
T1 - Predicting the Next Step of a Multistep Network Attacks During Capture the Flag Events Using LSTM
AU - Antonia Severin, C.
AU - Claudio Canales, P.
AU - Torres, Romina
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - DEFCON, the world's largest cybersecurity conference, hosts a highly competitive 'Capture the Flag' (CTF) competition, renowned for being one of the longest and most challenging in the cybersecurity community. This event typically spans three days and features the top 20 teams globally, each tasked with defending their systems while attacking others. During these events, teams have limited time to patch their services and develop exploits before engaging with other teams to capture their flags. The fast-paced nature of DEFCON CTF events means that success often hinges on the team's experience and agility. Teams face concurrent attacks from multiple opponents and have constrained resources, making it impossible to address all threats simultaneously. In this work, we propose leveraging long short-term memory (LSTM) neural networks to predict the next steps of concurrent multi-stage and multi-step network attacks (MSNAs). This approach aims to enhance team performance by enabling informed decision-making and efficient resource allocation. We extracted attack data from pcap files of CTFs provided by DEFCON, encompassing approximately 300 iterations per CTF. The model was trained on 80% of the initial iterations and validated on the remaining 20%, where more sophisticated behaviors and refined strategies are anticipated. Our methodology achieved a prediction accuracy over 80%, significantly improving response strategies and allowing teams to prioritize threats effectively.
AB - DEFCON, the world's largest cybersecurity conference, hosts a highly competitive 'Capture the Flag' (CTF) competition, renowned for being one of the longest and most challenging in the cybersecurity community. This event typically spans three days and features the top 20 teams globally, each tasked with defending their systems while attacking others. During these events, teams have limited time to patch their services and develop exploits before engaging with other teams to capture their flags. The fast-paced nature of DEFCON CTF events means that success often hinges on the team's experience and agility. Teams face concurrent attacks from multiple opponents and have constrained resources, making it impossible to address all threats simultaneously. In this work, we propose leveraging long short-term memory (LSTM) neural networks to predict the next steps of concurrent multi-stage and multi-step network attacks (MSNAs). This approach aims to enhance team performance by enabling informed decision-making and efficient resource allocation. We extracted attack data from pcap files of CTFs provided by DEFCON, encompassing approximately 300 iterations per CTF. The model was trained on 80% of the initial iterations and validated on the remaining 20%, where more sophisticated behaviors and refined strategies are anticipated. Our methodology achieved a prediction accuracy over 80%, significantly improving response strategies and allowing teams to prioritize threats effectively.
KW - CTF
KW - LSTM
KW - MSNA
KW - cybersecurity
UR - http://www.scopus.com/inward/record.url?scp=85213542563&partnerID=8YFLogxK
U2 - 10.1109/SCCC63879.2024.10767662
DO - 10.1109/SCCC63879.2024.10767662
M3 - Conference contribution
AN - SCOPUS:85213542563
T3 - Proceedings - International Conference of the Chilean Computer Science Society, SCCC
BT - 2024 43rd International Conference of the Chilean Computer Science Society, SCCC 2024
PB - IEEE Computer Society
T2 - 43rd International Conference of the Chilean Computer Science Society, SCCC 2024
Y2 - 28 October 2024 through 30 October 2024
ER -