This work was supported by the TRUST Center (NSF award number CCF-0424422) 1. Setting up experiment on DETER testbed a)Created twelve pc backbone nodes.

Slides:

Advertisements

Similar presentations

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.

Advertisements

1 Denial of Service in Sensor Networks Authors: Anthony D. Wood, John A. Stankovic Presented by: Aiyaz Amin Paniwala.

This work was supported by the TRUST Center (NSF award number CCF ) Introduction With recent advances in technology comes an increase in the quantity.

The Challenges of Repeatable Experiment Archiving – Lessons from DETER Stephen Schwab SPARTA, Inc. d.b.a. Cobham Analytic Solutions May 25, 2010.

Design Deployment and Use of the DETER Testbed Terry Benzel, Robert Braden, Dongho Kim, Clifford Informatino Sciences Institute

A Sensor-cyber Network Testbed for Plume Detection, Identification, and Tracking Yong Yang, I-Hong Hou, and Jennifer C. Hou Illinois Center for Wireless.

Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.

Extensible Networking Platform IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood

A Study of Multiple IP Link Failure Fang Yu

Probabilistic Aggregation in Distributed Networks Ling Huang, Ben Zhao, Anthony Joseph and John Kubiatowicz {hling, ravenben, adj,

1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson

Traffic Engineering With Traditional IP Routing Protocols

1 Experiments and Tools for DDoS Attacks Roman Chertov, Sonia Fahmy, Rupak Sanjel, Ness Shroff Center for Education and Research in Information Assurance.

مقدمة في تقنية المعلومات د. محمد البرواني. مقدمة عن الشبكات مقدمة عن الشبكات.

1 GENI: Global Environment for Network Innovations Jennifer Rexford Princeton University

Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.

Multi-Scale Analysis for Network Traffic Prediction and Anomaly Detection Ling Huang Joint work with Anthony Joseph and Nina Taft January, 2005.

Incrementally Deployable Security for Interdomain Routing (TTA-4, Type-I) Jennifer Rexford, Princeton University Joan Feigenbaum, Yale University July.

Cumulative Violation For any window size  t  Communication-Efficient Tracking for Distributed Cumulative Triggers Ling Huang* Minos Garofalakis.

John Kristoff DePaul Security Forum Network Defenses to Denial of Service Attacks John Kristoff

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

1 Sonia Fahmy Ness Shroff Students: Roman Chertov Rupak Sanjel Center for Education and Research in Information Assurance and Security (CERIAS) Purdue.

TOSSIM: Visualizing the Real World Philip Levis, Nelson Lee, Dennis Chi and David Culler UC Berkeley NEST Retreat, January 2003.

Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.

Bandwidth DoS Attacks and Defenses Robert Morris Frans Kaashoek, Hari Balakrishnan, Students MIT LCS.

SECURING NETWORKS USING SDN AND MACHINE LEARNING DRAGOS COMANECI –

Multiresolution Semantic Visualization of Network Traffic Alefiya Hussain, Arun Viswanathan USC/Information Sciences Institute Discover PatternsCreate.

This work was supported by the TRUST Center (NSF award number CCF ) Emulation of Abilene Network using DETER John Mela 1, Blaine Nelson 2, Saurabh.

This work was supported by the TRUST Center (NSF award number CCF ) Methods Data Collection: 1. Start Sever on the host OS: This creates a sanitized.

Survey – IDS Testing Marmagna Desai [ 592 Presentation]

A Vehicular Ad Hoc Networks Intrusion Detection System Based on BUSNet.

TRUST, Autumn 2010 Conference, November 10-11, 2010 Simulation of Network Attacks on SCADA Systems Rohan Chabukswar, Bruno Sinopoli, Gabor Karsai, Annarita.

Redes Inalámbricas Máster Ingeniería de Computadores 2008/2009 Tema 7.- CASTADIVA PROJECT Performance Evaluation of a MANET architecture.

1 Unveiling Anomalies in Large-scale Networks via Sparsity and Low Rank Morteza Mardani, Gonzalo Mateos and Georgios Giannakis ECE Department, University.

This work was supported by the TRUST Center (NSF award number CCF ) Background Assurance of system stability is of paramount importance in every.

Pushing the Security Boundaries of Ubiquitous Computing ACSF 2006 —————— 13 th July 2006 —————— David Llewellyn-Jones, Madjid Merabti, Qi Shi, Bob Askwith.

This work was supported by the TRUST Center (NSF award number CCF ) Introduction Since public utilities must rely on the internet, they are vulnerable.

Resisting Denial-of-Service Attacks Using Overlay Networks Ju Wang Advisor: Andrew A. Chien Department of Computer Science and Engineering, University.

1 What is the history of the Internet? ARPANET (Advanced Research Projects Agency Network) TCP/IP (Transmission Control Protocol/Internet Protocol) NSFNET.

Heterogeneous Network Topology Generators Amer Zaheer 1.

An Analysis of Location-Hiding Using Overlay Networks Ju Wang and Andrew A. Chien Department of Computer Science and Engineering, University of California.

Measurement and Modeling of Packet Loss in the Internet Maya Yajnik.

Sponsored by the National Science Foundation GENI Security Architecture What’s Up Next? GENI Engineering Conference 7 Durham, NC Stephen Schwab SPARTA/Cobham.

Sample Presentation Headline REPRESENTATIVE SUBHEAD TO SUPPORT SUBJECT Presenter’s Name Presenter’s Title Presentation Date DeterLab A Tool for Cybersecurity.

Supervisor: Antoine Bagula Students: Mthokozisi Moyo Luis Sa Wireless Sensor Network Repairing.

GRID Overview Internet2 Member Meeting Spring 2003 Sandra Redman Information Technology and Systems Center and Information Technology Research Center National.

A Trust Based Distributed Kalman Filtering Approach for Mode Estimation in Power Systems Tao Jiang, Ion Matei and John S. Baras Institute for Systems Research.

02/01/2006USC/ISI1 Updates on Routing Experiments Cyber DEfense Technology Experimental Research (DETER) Network Evaluation Methods for Internet Security.

A Software Framework for Distributed Services Michael M. McKerns and Michael A.G. Aivazis California Institute of Technology, Pasadena, CA Introduction.

Cybersecurity: Expanding the Front Lines of Defense Dr. George K. Kostopoulos Professor Electrical and Computer Engineering Cybersecurity New York Institute.

Introduction to Computer Networks Dr. Sanjay P. Ahuja, Ph.D FIS Distinguished Professor of Computer Science School of Computing, UNF.

1. Introduction REU 2006-Packet Loss Distributions of TCP using Web100 Zoriel M. Salado, Mentors: Dr. Miguel A. Labrador and Cesar D. Guerrero 2. Methodology.

Network Computing Services, Inc. Real-Time Visualization of IP Streams over Switched WANs Real-Time Visualization of IP Streams Over Switched WANs Timothy.

Sample Presentation Headline REPRESENTATIVE SUBHEAD TO SUPPORT SUBJECT Presenter’s Name Presenter’s Title Presentation Date DeterLab A Tool for Cybersecurity.

This work was supported by the TRUST Center (NSF award number CCF ) Many internet users blindly trust websites that actually misuse their information.

Department of Computer Science & Engineering 5. Acknowledgments 4. Conclusions 3. Evaluation2. Contribution 1. Introduction REU 2008-Packet Sniffer Jose.

Virtualized Execution Realizing Network Infrastructures Enhancing Reliability Application Communities PI Meeting Arlington, VA July 10, 2007.

Use Network Simulator (NS) to setup test topologies on DETER testbed. Run experiments varying the gain and stability to determine control signal effectiveness.

June All Hands Meeting Security in Sensor Networks Tanya Roosta Chris Karlof Professor S. Sastry.

1 Chapter 4: Internetworking (IP Routing) Dr. Rocky K. C. Chang 16 March 2004.

Company LOGO Network Architecture By Dr. Shadi Masadeh 1.

UNDER THE GUIDENCE OF: Mr.M.JAYANTHI RAO,M.Tech HOD OF IT. BY: I.ADITHYA(09511A1212) HONEYPOTS.

Integrated Simulation and Emulation Platform for Cyber-Physical System Security Experimentation Wei Yan, Yuan Xue, Xiaowei Li, Jiannian Weng, Timothy Busch,

INTERNET SIMULATOR Jelena Mirkovic USC Information Sciences Institute

Distributed Network Monitoring in the Wisconsin Advanced Internet Lab Paul Barford Computer Science Department University of Wisconsin – Madison Spring,

Interaction and Animation on Geolocalization Based Network Topology by Engin Arslan.

QianZhu, Liang Chen and Gagan Agrawal

TRUST:Team for Research in Ubiquitous Secure Technologies

(How the routers’ tables are filled in)

Network Architecture By Dr. Shadi Masadeh 1.

Presentation transcript:

This work was supported by the TRUST Center (NSF award number CCF ) 1. Setting up experiment on DETER testbed a)Created twelve pc backbone nodes and external (ingress/egress) nodes to the backbone nodes. Figure 2 is a typical topology with three backbone nodes and a Lan b)Set up the routing matrix by linking all the backbone nodes and putting a start command on the nodes with two for loops c)Swap in experiment and launch experiment to SEER using a Java script. d)Ping all the nodes to check for broken routes using an already made bash script. 2. Detection and monitoring the Abilene network topology. As a DETER user absolute control off all the Router nodes and the plant/controller machines has to secured, monitored for traffic anomalies fro the DETER simulated attacker as seen in Figure Differentiation of anomalous traffic using trend analysis I The primary research objective is to study the interaction and strategies for attack and defense of control systems and detection systems in the emulated environment provided by the cyber-Defense Technology Experimental Research (DETER) testbed using Security Experimentation EnviRonment (SEER). This objective can be achieved with DTrigger. DTrigger is a monitoring software written by Ling Huang of Intel Corp. It is designed with the focus on data collection for anomaly detection. And it connects together the best technique from continuously data streaming, online machine learning and distributed signal processing. Moreover, on DETER testbed we hope to: 1) Construct an emulation of a real internet backbone i.e. Abilene Network Topology and the communication control system behavior. 2) Implement realistic attacks on that emulated environment which causes the control system to fail, thereby ultimately leading to plant and controller failures across the system. 3) Use DTrigger to deploy and monitor based on Denial of Service (DoS) detection algorithm and successfully train it to attack anomaly in the emulated framework. 4) Explore defense that make the control and learning systems more resilient to these attacks. This research focuses on detection and differentiation of traffic anomalies on Abilene network topology using DETER. Detection and Isolation of Traffic Anomalies on Abilene Network topology using DETER 1 Howells Ihekweme, 2 Blaine Nelson, 2 Saurabh Amin, 2 Suzanna Shmeelk EdD, 3 Ted Faber PhD, 3 Jelena Mirkovic PhD, 2 Shankar Sastry PhD 1 University of Maryland at College Park, 2 University of California at Berkeley, 3 University of Southern California Introduction Result-in progress Acknowledgements Thanks to the Team for Ubiquitous Secure Technology (TRUST) at the University of California, Berkeley and National Science Foundation (NSF) for supporting and funding this Program. Special thanks to the my teammates : John Mela, Jennifer Li, Efrain Plascencia, Mentors: Blaine Nelson, Saurabh Amin, Suzanna Shmeelk EdD, Dr. Ted Faber PhD, Dr. Jelena Mirkovic PhD, Dr. Kristen Gates EdD and Dean of Engineering Dr. Shankar Sastry, PhD Acknowledgements Thanks to the Team for Ubiquitous Secure Technology (TRUST) at the University of California, Berkeley and National Science Foundation (NSF) for supporting and funding this Program. Special thanks to the my teammates : John Mela, Jennifer Li, Efrain Plascencia, Mentors: Blaine Nelson, Saurabh Amin, Suzanna Shmeelk EdD, Dr. Ted Faber PhD, Dr. Jelena Mirkovic PhD, Dr. Kristen Gates EdD and Dean of Engineering Dr. Shankar Sastry, PhD Method Future work More research can be performed on this project. The detection and differentiation of traffic anomalies on the Abilene network topology using DETER is a work -in progress. The future goals are:  Collect generated traffic on the network and compare with normal traffic for anomalies;  Develop, update DTrigger on the emulated Abilene network and;  Deploy defense strategies on Abilene network topology as shown in Figure 6. Future work More research can be performed on this project. The detection and differentiation of traffic anomalies on the Abilene network topology using DETER is a work -in progress. The future goals are:  Collect generated traffic on the network and compare with normal traffic for anomalies;  Develop, update DTrigger on the emulated Abilene network and;  Deploy defense strategies on Abilene network topology as shown in Figure 6. Figure 3: Traffic Detection and monitoring on DETER Motivation The increase of intrusion and extrusion of confidential information is a motivation for this project on CyberSecurity, defense and trustworthy systems by realistically emulating the Internet2 Abilene network topology on DETER testbed. Abilene is a high performance backbone network that is managed by Internet2. Moreover, Abilene is predominantly used by Universities, corporate and affiliate institutions. This research can help solve the problem by detecting and differentiating of traffic anomalies on network topology using DETER. Also, develop and deploy defense strategies on the network topology. Figure 1 is an illustration of a typical Abilene Network topology. Motivation The increase of intrusion and extrusion of confidential information is a motivation for this project on CyberSecurity, defense and trustworthy systems by realistically emulating the Internet2 Abilene network topology on DETER testbed. Abilene is a high performance backbone network that is managed by Internet2. Moreover, Abilene is predominantly used by Universities, corporate and affiliate institutions. This research can help solve the problem by detecting and differentiating of traffic anomalies on network topology using DETER. Also, develop and deploy defense strategies on the network topology. Figure 1 is an illustration of a typical Abilene Network topology. Figure 1: The Abilene Network Figure 2: DETER Testbed Topology Figure 4(L ) and Figure 5(R): Graphical representation of traffics on DETER Figure 6: Backbone routers, traffic generators and detectors on DETER Using the GUI interface on DETER testbed with SEER this is a visual presentation of how normal traffic is expected to look as compared to an attack traffic as shown on Figure 4 (left) and Figure 5 (right) respectively.  Green is regular traffic  Red is attack traffic  Cyan is regular traffic not forwarded  Black is attack traffic not forward