Enabling Dynamic Network Access Control with Anomaly-based IDS and SDN

Slides:



Advertisements
Similar presentations
Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.
Advertisements

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Openflow App Security Chao SHI Stephen Duraski. Background Software-defined networking o Control plane abstraction o Abstract topology view o Abstraction.
 Firewalls and Application Level Gateways (ALGs)  Usually configured to protect from at least two types of attack ▪ Control sites which local users.
Towards a High-speed Router-based Anomaly/Intrusion Detection System (HRAID) Zhichun Li, Yan Gao, Yan Chen Northwestern.
Optical Ring Networks Research over MAC protocols for optical ring networks with packet switching. MAC protocols divide the ring bandwidth according to.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Jaehoon (Paul) Jeong, Hyoungshick Kim, and Jung-Soo Park
1 Towards Anomaly/Intrusion Detection and Mitigation on High-Speed Networks Yan Gao, Zhichun Li, Yan Chen Northwestern Lab for Internet and Security Technology.
1. Introduction Generally Intrusion Detection Systems (IDSs), as special-purpose devices to detect network anomalies and attacks, are using two approaches.
IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Where Are the Nuggets in System Audit Data? Wenke Lee College of Computing Georgia Institute of Technology.
Chapter 6: Packet Filtering
Network Intrusion Detection Using Random Forests Jiong Zhang Mohammad Zulkernine School of Computing Queen's University Kingston, Ontario, Canada.
1 Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Benchmark H. Güneş Kayacık Nur Zincir-Heywood Malcolm I. Heywood.
VeriFlow: Verifying Network-Wide Invariants in Real Time
SDN based Network Security Monitoring in Dynamic Cloud Networks Xiuzhen CHEN School of Information Security Engineering Shanghai Jiao Tong University,
INTERNATIONAL NETWORKS At Indiana University Hans Addleman TransPAC Engineer, International Networks University Information Technology Services Indiana.
Internetworking – What is internetworking? Connect multiple networks of one or more organizations into a large, uniform communication system. The resulting.
Detection Unknown Worms Using Randomness Check Computer and Communication Security Lab. Dept. of Computer Science and Engineering KOREA University Hyundo.
An Overview of Intrusion Detection Using Soft Computing Archana Sapkota Palden Lama CS591 Fall 2009.
Bohatei: Flexible and Elastic DDoS Defense
Firewall Fingerprinting Amir R. Khakpour 1, Joshua W. Hulst 1, Zhihui Ge 2, Alex X. Liu 1, Dan Pei 2, Jia Wang 2 1 Michigan State University 2 AT&T Labs.
Implementation of Machine Learning and Chaos Combination for Improving Attack Detection Accuracy on Intrusion Detection System (IDS) Bisyron Wahyudi Kalamullah.
Exploiting Context Analysis for Combining Multiple Entity Resolution Systems -Ramu Bandaru Zhaoqi Chen Dmitri V.kalashnikov Sharad Mehrotra.
1 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED. Cognitive Security: Security Analytics and Autonomics for Virtualized Networks Lalita Jagadeesan.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
COMPSCI 726 Sumeet Outside the Closed World: On Using Machine Learning for Network Intrusion Detection Robin Sommer and Vern Paxson.
Consensus Extraction from Heterogeneous Detectors to Improve Performance over Network Traffic Anomaly Detection Jing Gao 1, Wei Fan 2, Deepak Turaga 2,
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.
Firewall Technology and InterCell Communication Peter T. Dinsmore Trusted Information Systems Network Associates Inc 3060 Washington Rd (Rt. 97) Glenwood,
Data Security in Local Network Using Distributed Firewall Presented By- Rahul N.Bais Guide Prof. Vinod Nayyar H.O.D Prof.Anup Gade.
Role Of Network IDS in Network Perimeter Defense.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Denial of Service detection and mitigation on GENI
OS Fingerprinting and Tethering Detection in Mobile Networks
Xin Li, Chen Qian University of Kentucky
Denial of Service detection and mitigation on GENI
Intrusion Detection using Deep Neural Networks
University of Maryland College Park
Chapter 7. Classification and Prediction
Where Did You Go: Personalized Annotation of Mobility Records
CompTIA Security+ SY0-401 Real Exam Question Answer
Correlation and Regression
Intelligent Information System Lab
Anna Giannakou Christine Morin, Jean-Louis Pazat, Louis Rilling
Security in Networking
A Novel Framework for Software Defined Wireless Body Area Network
UNIT-4 BLACKBOX AND WHITEBOX TESTING
Digital Pacman: Firewall Edition
* Essential Network Security Book Slides.
DDoS Attack Detection under SDN Context
Networking Specialization Overview
SPEAKER: Yu-Shan Chou ADVISOR: DR. Kai-Wei Ke
Adversarial Evasion-Resilient Hardware Malware Detectors
CORE Security Technologies
VNIDS: Towards Elastic Security with Safe and Efficient Virtualization of Network Intrusion Detection Systems Hongda Li1, Hongxin Hu1, Guofei Gu2, Gail-Joon.
Firewalls Jiang Long Spring 2002.
RHMD: Evasion-Resilient Hardware Malware Detectors
Firewalls.
REU student: Domonique Cox Graduate mentors: Kaiqiang Song
Binghui Wang, Le Zhang, Neil Zhenqiang Gong
Autonomous Network Alerting Systems and Programmable Networks
Modeling IDS using hybrid intelligent systems
UNIT-4 BLACKBOX AND WHITEBOX TESTING
Intrusion Detection Systems
Chapter 4: outline 4.1 Overview of Network layer data plane
Presentation transcript:

Enabling Dynamic Network Access Control with Anomaly-based IDS and SDN Hongda Li, Feng Wei, and Hongxin Hu SDN-NFV Security 2019

Outline Motivation Background Our Approach Case Study

Network Access Control with SDN FlowGuard [HotSDN’14] Access Control Policies Dynamic Firewall [RAID’15] Virtual Firewall [NDSS’17] How to generate new ACP? Anomaly Unknown vulnerabilities Zero-day security threat

Existing Anomaly-based IDS Semantic Gap Access Control Policies Uncover novel security threats Obscure outcome

Machine Learning Model Explanation Outcome CAT DOG Input Predictor

Explanation Mechanisms Whitebox Blackbox Black Box x y x1 xn y1 yn … Global Explanation xi yi Local Explanation

Local & Blackbox Explanation Local Approximation Explanation Logic 𝒑𝒓𝒆𝒅𝒊𝒄𝒕𝒐𝒓 e𝒍 e 𝒍 𝒙 Why 𝒙 is predicted as circle?

Approach Overview Anomaly-based IDS Outcome Explanator Policy SDN Controller SDN Flow Rule Access Control Policy Anomaly-based IDS Mirrored Traffic Outcome Explanator AIDS Outcome Policy Generator Outcome Explanation SDN Switch

AIDS Outcome Explanation Local Approximation Explanation Logic F(x) x Linear Regression 𝒙: (duration, proto_type, service, flag, src_byte, dst_byte, … ) FI: (97, 96, 99, 100, 95, 98, … ) Feature Importance

Access Control Policy Generation <filers, actions> Selects network entities Defines action to take Networks; Hosts; Connections; Flows; Packets; Combination of above; Allow; Deny; Redirect; Quarantine; Mirror; … 𝒙: (duration, proto_type, service, flag, src_byte, dst_byte, … ) FI: (97, 96, 99, 100, 95, 94, … ) Explanation

Case Study: AIDS Recurrent Neural Network (RNN) NSL-KDD dataset Detect across multiple records NSL-KDD dataset 41 raw feature Keras + TensorFlow for implementation

Case Study: Outcome Explanation Choose Neptune attack in dataset Extensive SYN error or SYN rejection Two records labeled as Neptune attack Explanation (Feature Importance) Record1: (0, tcp, private, S0, …, 255, 20, 0.08, 0.07, 0, 0, 1, 1, 0, 0) Record2: (0, tcp, imap4, REJ, …, 255, 17, 0.07, 0.07, 0, 0, 0, 0, 1, 1) Percentage of SYN Error Percentage of Rejection Error

Case Study: Policy Generation Outcome Explanation <filters=(ip_proto=tcp, tcp_flags=syn, sip=192.168.1.2, dip=192.168.1.3), actions=(drop)> Access Control Policy

Conclusion and Future Work Explained the outcome of anomaly-based IDS Generated network access control policy according to the explanation Future work Better explanation that handles decency among records Policy generation process formalization More evaluation on realistic traffic and attacks

Hongda Li (hongdal@clemson.edu) Q & A Hongda Li (hongdal@clemson.edu) Thank you!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.