De Pasquale, G;
Grishchenko, I;
Iesari, R;
Pizarro, G;
Cavallaro, L;
Kruegel, C;
Vigna, G;
(2024)
ChainReactor: Automated Privilege Escalation Chain Discovery via AI Planning.
In:
Proceedings of the 33rd USENIX Security Symposium.
(pp. pp. 5913-5929).
USENIX: Philadelphia, PA, USA.
Preview |
Text
usesec24-ChainReactor.pdf - Accepted Version Download (757kB) | Preview |
Abstract
Current academic vulnerability research predominantly focuses on identifying individual bugs and exploits in programs and systems. However, this goes against the growing trend of modern, advanced attacks that rely on a sequence of steps (i.e., a chain of exploits) to achieve their goals, often incorporating individually benign actions. This paper introduces a novel approach to the automated discovery of such exploitation chains using AI planning. In particular, we aim to discover privilege escalation chains, some of the most critical and pervasive security threats, which involve exploiting vulnerabilities to gain unauthorized access and control over systems. We implement our approach as a tool, ChainReactor, that models the problem as a sequence of actions to achieve privilege escalation from the initial access to a target system. ChainReactor extracts information about available executables, system configurations, and known vulnerabilities on the target and encodes this data into a Planning Domain Definition Language (PDDL) problem. Using a modern planner, ChainReactor can generate chains incorporating vulnerabilities and benign actions. We evaluated ChainReactor on 3 synthetic vulnerable VMs, 504 real-world Amazon EC2 and 177 Digital Ocean instances, demonstrating its capacity to rediscover known privilege escalation exploits and identify new chains previously unreported. Specifically, the evaluation showed that ChainReactor successfully rediscovered the exploit chains in the Capture the Flag (CTF) machines and identified zero-day chains on 16 Amazon EC2 and 4 Digital Ocean VMs.
| Type: | Proceedings paper |
|---|---|
| Title: | ChainReactor: Automated Privilege Escalation Chain Discovery via AI Planning |
| Open access status: | An open access version is available from UCL Discovery |
| Publisher version: | https://www.usenix.org/publications/proceedings/Au... |
| Language: | English |
| Additional information: | This version is the version of record. For information on re-use, please refer to the publisher’s terms and conditions. |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
| URI: | https://discovery.ucl.ac.uk/id/eprint/10200412 |
Loading...
Loading...Loading...Loading...Archive Staff Only
 |
View Item |
