Tanmoy Sarkar, Johnny Wong, Samik Basu Response to Collaborative Attacks Against Network Vulnerability Iowa State University, Department Of Computer Science.

Slides:



Advertisements
Similar presentations
1 Instituto de Sistemas e Robótica 10th IEEE MEDITERRANEAN CONFERENCE ON CONTROL AND AUTOMATION Instituto Superior Técnico – Instituto de Sistemas e Robótica.
Advertisements

Gfarm v2 and CSF4 Osamu Tatebe University of Tsukuba Xiaohui Wei Jilin University SC08 PRAGMA Presentation at NCHC booth Nov 19,
International Technology Alliance In Network & Information Sciences International Technology Alliance In Network & Information Sciences 1 Interference.
Battalion Level Staff PERSONAL STAFF GROUP COORDINATING STAFF GROUP
A mobile single sign-on system Master thesis 2006 Mats Byfuglien.
Formal Methods for Intrusion Detection Presented by Brian Kellogg CSE 914: Formal Methods for Software Development Michigan State University December 11.
Copyright © 2012, SAS Institute Inc. All rights reserved. Cyber Security threats to Open Government Data Vishal Marria April 2014.
Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.
Automated Analysis and Code Generation for Domain-Specific Models George Edwards Center for Systems and Software Engineering University of Southern California.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.
1 Steve Chenoweth Tuesday, 10/18/11 Week 7, Day 2 Right – One view of the layers of ingredients to an enterprise security program. From
Self-Stabilization An Introduction Aly Farahat Ph.D. Student Automatic Software Design Lab Computer Science Department Michigan Technological University.
A Virtual Environment for Investigating Counter Measures for MITM Attacks on Home Area Networks Lionel Morgan 1, Sindhuri Juturu 2, Justin Talavera 3,
March 24, 2003Upadhyaya – IWIA A Tamper-resistant Framework for Unambiguous Detection of Attacks in User Space Using Process Monitors R. Chinchani.
Project Description The project basically consists of three main components-Attacker, Defender, and Observer. Our project scenario is the following: A.
Distributed System Concepts and Architectures Summary By Srujana Gorge.
Intrusion Detection System Marmagna Desai [ 520 Presentation]
Building Survivable Systems based on Intrusion Detection and Damage Containment Paper by: T. Bowen Presented by: Tiyseer Al Homaiyd 1.
WAC/ISSCI Automated Anomaly Detection Using Time-Variant Normal Profiling Jung-Yeop Kim, Utica College Rex E. Gantenbein, University of Wyoming.
Intrusion and Anomaly Detection in Network Traffic Streams: Checking and Machine Learning Approaches ONR MURI area: High Confidence Real-Time Misuse and.
Lucent Technologies – Proprietary Use pursuant to company instruction Learning Sequential Models for Detecting Anomalous Protocol Usage (work in progress)
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 17: Code Mining.
Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.
Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.
© Siemens AG, CT SE 1, Dr. A. Ulrich C O R P O R A T E T E C H N O L O G Y Research at Siemens CT SE Software & Engineering Development Techniques.
Architecting secure software systems
Matching TCP/IP Packet to Detect Stepping-stone Intrusion Jianhua Yang TSYS School of Computer Science Edward Bosworth Center for Information Assurance.
Event Stream Processing for Intrusion Detection in ZigBee Home Area Networks Sandra Pogarcic, Samujjwal Bhandari, Kedar Hippalgaonkar, and Susan Urban.
GrIDS -- A Graph Based Intrusion Detection System For Large Networks Paper by S. Staniford-Chen et. al.
Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.
NICE :Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems.
Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
The Research on Credibility of Knowledge Management System Wang FanLin Department of Accounting Capital University of Economic Business Beijing, China.
WHAT IS VIRUS? NAE GRAND CHALLENGE SECURE CYBERSPACE.
NETWORK FILE ACCESS SECURITY Daniel Mattingly EKU, Dept. of Technology, CEN/CET.
Models of Models: Digital Forensics and Domain-Specific Languages Daniel A. Ray and Phillip G. Bradford The University of Alabama Tuscaloosa, AL
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
Architectural Blueprints The “4+1” View Model of Software Architecture
Jhih-sin Jheng 2009/09/01 Machine Learning and Bioinformatics Laboratory.
DISTRIBUTED tcpdump CAPABILITY FOR LINUX Research Paper EJAZ AHMED SYED Dr. JIM MARTIN Internet Research Group. Department Of Computer Science – Clemson.
A System for Denial-of- Service Attack Detection Based on Multivariate Correlation Analysis.
Extending Traditional Algorithms for Cyber-Physical Systems Sumeet Gujrati and Gurdip Singh Kansas State University.
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
A Systematic Survey of Self-Protecting Software Systems
R ECONFIGURABLE SECURITY SUPPORT FOR EMBEDDED SYSTEMS 1 AKSHATA VARDHARAJ.
Introduction to Grids By: Fetahi Z. Wuhib [CSD2004-Team19]
1 An Efficient, Low-Cost Inconsistency Detection Framework for Data and Service Sharing in an Internet-Scale System Yijun Lu †, Hong Jiang †, and Dan Feng.
Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.
Cryptography and Network Security Sixth Edition by William Stallings.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.
Automated Worm Fingerprinting Authors: Sumeet Singh, Cristian Estan, George Varghese and Stefan Savage Publish: OSDI'04. Presenter: YanYan Wang.
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.
Item 4 - Intrusion Detection and Prevention Yuh-Jye Lee Dept. of Computer Science and Information Engineering National Taiwan University of Science and.
Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.
DETECTION OF WORMHOLE ATTACK IN MANET
Software Architecture
High Performance Computing Lab.
Detection and Analysis of Threats to the Energy Sector (DATES)
12/6/2018 Honeypot ICT Infrastructure Sashan
How to Detect Attacks and Supervise Rail Systems?
THE INTERNET MOTION SENSOR: A Distributed Blackhole Monitoring System
Identifying Slow HTTP DoS/DDoS Attacks against Web Servers DEPARTMENT ANDDepartment of Computer Science & Information SPECIALIZATIONTechnology, University.
Automated Analysis and Code Generation for Domain-Specific Models
Maria Méndez Real, Vincent Migliore, Vianney Lapotre, Guy Gogniat
Introduction to Internet Worm
Presentation transcript:

Tanmoy Sarkar, Johnny Wong, Samik Basu Response to Collaborative Attacks Against Network Vulnerability Iowa State University, Department Of Computer Science 11/19/2008

Motivation A large network usually has multiple hosts, diverse software packages and supports several modes of connectivity. Must take into account the exploitation in such a network. Current research on vulnerability analysis (Logical) Attack Graph Based. Model based Vulnerability Analysis.

Correlation Analysis Current research mainly focuses on sequential attacks, little attention was paid to coordinated attacks. It is often the case the effect of an action is modified concurrently by another action in a distributed environment. Correlation analysis is required to detect coordinated attack.

Broader Problem Scenario FirewallRouter Correlating Atomic Actions to Analyze Global Vulnerability RR Attacker Notations Global Attack Atomic Attack R Preemptive Response for Single Host

Preemptive Intrusion Response Host Based – System behavior is represented by set of all possible sequences observed. Extended Action Graph (EXACT) - Represents normal and anomalous behavioral patterns of a system. Currently deals with single host, monitoring system behavior in terms of system calls. Need to capture Network behavior Deploy in distributed environment

Example EXACT Generated by three sequences S1, S2, S3, S2 and S2, S4, S5, S1, S3, S6 and S1, S3, S6

Example Problem File1 File2 File3 Open File1 Open File2 Open File3 User 1: Legitimate User of File 2 User 2: Legitimate User of File 3 File Sharing System Create Symbolic Link File 1 pointing to File2 Create Symbolic Link File 1 pointing to File3

Our Approach S1 S2 S3 User1 creates Symbolic link File1 to File2 Symbolic Link created between File1 & File2 User1 opens File 1 User1 is able to access File 2 User 1 T1 T2 User2 creates Symbolic link File1 to File3 Symbolic Link created between File1 & File3 User 2

Tasks Task 1 Survey and investigate current intrusion response solutions (e.g. preemption based, tracing based, attack graph based) for attack planning and vulnerability analysis of a network of hosts. Study and evaluate how well the existing and new response solutions can be applied to the above distributed environment. Task 2 Design a new automated response solution for the distributed environments by extending preemptive response solution for a single host. The mechanism will provide to respond against global vulnerability due to sequential and concurrent atomic attacks in a network. Testing the response mechanism using simulation/prototype implementation in a distributed environment. Testing the response mechanism using simulation/prototype implementation in a distributed environment.

Publications Taxonomy of Intrusion Response Systems. International Journal of Information and Computer Security. Vol. 1. No. 1/2, pp , N. Stakhanova, S. Basu and J. Wong Specification Synthesis for Monitoring and Analysis of MANET Protocols. The International Symposium on Frontiers in Networking with Applications, FINA 2007 N. Stakhanova, S. Basu, W. Zhang, X.Wang and J.Wong A Cost-Sensitive Model for Preemptive Intrusion Response Systems. Nokia Best Student Paper Award The International Conference on Advanced Information Networking and Applications, AINA 2007 N. Stakhanova, S. Basu and J.Wong Automated caching of behavioral patterns for efficient run-time monitoring. IEEE International Symposium on Dependable, Autonomic and Secure Computing, DASC 2006 N. Stakhanova, S. Basu, R. Lutz and J.Wong

Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.