Beyond Evaluation: Towards Automated and Explainable Red Teaming
Guardado en:
| Publicado en: | ProQuest Dissertations and Theses (2025) |
|---|---|
| Autor principal: | |
| Publicado: |
ProQuest Dissertations & Theses
|
| Materias: | |
| Acceso en línea: | Citation/Abstract Full Text - PDF |
| Etiquetas: |
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
| Resumen: | Understanding how security defenses perform under real-world adversarial conditions remains a core challenge in enterprise security. While detection and response systems are widely deployed, organizations often lack the ability to evaluate their effectiveness in a structured and meaningful way. This dissertation begins by examining the MITRE ATT&CK Evaluations, a leading framework for adversary emulation that tests commercial Endpoint Detection and Response (EDR) products using multi-stage attack simulations. Despite the value of these evaluations, their publicly reported results are coarse and difficult to interpret, offering limited insight into detection quality, alert timing, or systemic blind spots. To address this, the first part of the dissertation introduces Decoding MITRE ATT&CK Evaluations, a graph-based framework for reconstructing attack chains and modeling detection responses. The system quantifies protection latency, detection coverage, and alert connectivity, enabling a more nuanced and actionable analysis of EDR performance. However, this analysis also reveals a deeper limitation: evaluation efforts are constrained by the scarcity and rigidity of curated attack scenarios. To overcome this limitation, the remainder of the dissertation focuses on facilitating the generation of high-quality red team simulations through automation and decision support. It first presents PentestAgent, a multi-agent penetration testing framework powered by large language models and retrieval-augmented generation. PentestAgent decomposes the attack workflow into specialized agents that collaborate to perform reconnaissance, planning, and exploitation. This system reduces manual effort and improves the realism and scalability of attack emulation. Next, the dissertation introduces AEAS, the Actionable Exploit Assessment System. AEAS analyzes public exploit artifacts using structured feature extraction and language model reasoning to produce actionability scores, severity assessments, and human-readable justifications. It helps red teamers and automated systems make more informed exploit selection decisions during the planning phase. Together, these three systems address key limitations in how red teaming is interpreted, executed, and prioritized. Rather than attempting to generate novel attacks from scratch, this dissertation focuses on building the tools and frameworks that make red teaming more explainable, scalable, and practically useful. By bridging evaluation, simulation, and planning, it contributes to a more integrated and operationally relevant approach to proactive security testing. |
|---|---|
| ISBN: | 9798291584408 |
| Fuente: | ProQuest Dissertations & Theses Global |