Research Direction Introduction Advisor: Professor Frank, Y.S. Lin Presented by Chi-Hsiang Chan 2011/10/111.

Slides:



Advertisements
Similar presentations
1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.
Advertisements

Computer and Network Security Mini Lecture by Milica Barjaktarovic.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing.
Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu.
1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Chapter 12 Network Security.
MSIT 458: Information Security & Assurance By Curtis Pethley.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
m 1 University of Palestine Student / Mahmoud Elqedra Assistant Professor / Dr. Sana’a Wafa Al-Sayegh.
Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.
Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.
Lecture 11 Intrusion Detection (cont)
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.
Intrusion Detection System Marmagna Desai [ 520 Presentation]
A Survey on Interfaces to Network Security
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Supervised By: Mohammad F. Tolba Mohammad S. Abdel-Wahab.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Intrusion Detection Systems Present by Ali Fanian In the Name of Allah.
MIGRATING INTO A CLOUD P. Sai Kiran. 2 Cloud Computing Definition “It is a techno-business disruptive model of using distributed large-scale data centers.
Chirag N. Modi and Prof. Dhiren R. Patel NIT Surat, India Ph. D Colloquium, CSI-2011 Signature Apriori based Network.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
Chapter 9: Cooperation in Intrusion Detection Networks Authors: Carol Fung and Raouf Boutaba Editors: M. S. Obaidat and S. Misra Jon Wiley & Sons publishing.
Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partners only. Do not distribute. C
FORESEC Academy FORESEC Academy Security Essentials (III)
An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński
Virtual Private Ad Hoc Networking Jeroen Hoebeke, Gerry Holderbeke, Ingrid Moerman, Bard Dhoedt and Piet Demeester 2006 July 15, 2009.
Advanced Computer Networks Topic 2: Characterization of Distributed Systems.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Survival by Defense- Enabling Partha Pal, Franklin Webber, Richard Schantz BBN Technologies LLC Proceedings of the Foundations of Intrusion Tolerant Systems(2003)
Security Requirements of NVO3 draft-hartman-nvo3-security-requirements-01 S. Hartman M. Wasserman D. Zhang 1.
Resilient Overlay Networks Robert Morris Frans Kaashoek and Hari Balakrishnan MIT LCS
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Research Direction Advisor: Frank,Yeong-Sung Lin Presented by Jia-Ling Pan 2010/10/211NTUIM OPLAB.
Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.
Computer Security By Duncan Hall.
SRS Architecture Study Partha Pal Franklin Webber.
E FFECTIVE N ETWORK P LANNING AND D EFENDING S TRATEGIES TO M INIMIZE S ERVICE C OMPROMISED P ROBABILITY UNDER M ALICIOUS C OLLABORATIVE A TTACKS Advisor:
MITRE 7 April 2009 CS 5214 Presenter: Phu-Gui Feng Performance Analysis of Distributed IDS Protocols for Mobile GCS Dr. Jin-Hee Cho, Dr. Ing-Ray Chen MITRE.
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
Research Direction Introduction
Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu.
The Utilization of Artificial Intelligence in a Hybrid Intrusion Detection System Authors : Martin Botha, Rossouw von Solms, Kent Perry, Edwin Loubser.
Research Direction Introduction Advisor: Frank, Yeong-Sung Lin Presented by Hui-Yu, Chung 2011/11/22.
COSC513 Final Project Firewall in Internet Security Student Name: Jinqi Zhang Student ID: Instructor Name: Dr.Anvari.
Internet of Things. Creating Our Future Together.
Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.
DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.
CS457 Introduction to Information Security Systems
Chapter 6: Securing the Cloud
Research Progress Report
By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.
Intrusion Detection system
By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.
Research Direction Introduction
Advisor: Frank,Yeong-Sung Lin Presented by Jia-Ling Pan
Presentation transcript:

Research Direction Introduction Advisor: Professor Frank, Y.S. Lin Presented by Chi-Hsiang Chan 2011/10/111

Agenda  Introduction  Collaborative Attack  Virtualization  Problem description  Scenario 2011/10/112

Agenda  Introduction  Collaborative Attack  Virtualization  Problem description  Scenario 2011/10/113

Collaborative Attack  Collaborative attacks are characterized by the prevalence of coordination before and during attacks. [1]  Collaborative attacks in general would involve multiple human attackers or criminal organizations that have respective adversarial expertise but may not fully trust each other.  Collaborative attacks are more powerful than the sum of the underlying individual attacks that can be launched by the individual attackers independently. 2011/10/114

Collaborative Attack 2011/10/115

Collaborative Attack  Time-aspect of Collaborative Attack C&C  Off-line coordination  During the attack, there are no communications between the attackers, nor communications between the commander and attackers.  On-line coordination  The commander and attackers may have communications and adjustments during a attack.  Real-time coordination  In this case, both attackers and commanders are always updated with the current global system state information.  Powerful: off-line < on-line < real-time 2011/10/116

Collaborative Attack  Space-aspect of Collaborative Attack C&C  Centralized C&C  A single attacker that is coordinating the collaborative attacks.  Distributed C&C  There are multiple attackers for commanding the adversarial computers to launch attacks. May be a hierarchical structure inside.  Peer-to-peer C&C  The multiple attackers play equal roles.  Sophisticated: centralized < distributed < peer-to-peer 2011/10/117

Collaborative Attack  Effect of Collaborative Attacks  Spatially collaborative attacks  The set of adversarial compeers, which are located in different geographic or network places, ate coordinated to launch attacks against a target at the same time.  Temporally collaborative attacks  The attack may proceed in a well orchestrated fashion. Each step of the attack process may be launch by different attackers, which may reside at different geographic or network places.  Hybrid collaborative attacks 2011/10/118

Collaborative Attack  Information Exchange during Collaborative Attacks  One-way  Information may only e sent from on participant to another, but not other direction. May decrease the chance that attackers are detected.  Two-way  This case allow the sharing of situational awareness, which may be needed in order to launch sophisticated attacks. 2011/10/119

Collaborative Attack  Privacy Aspect of Collaborative Attacks  Exploiting anonymous channels  Enforcing content privacy  Exploiting anonymous channels and enforcing content privacy 2011/10/1110

Collaborative Attack  Advantages of Collaborative Attack [2]  Coordinated attacks could be designed to avoid detection.  It is difficult to differentiate between decoy and actual attacks.  There is a large variety of coordinated attacks. 2011/10/1111

Virtualization  Definition  Virtualization refers to technologies designed to provide a layer of abstraction between computer hardware systems and the software running on them.[3] Source: vmware 2011/10/1112

Virtualization  Benefit  cost down  efficiency  scalability  easy to have multiple operating system environment  increase the space utilization efficiency in your data center by server consolidation  Virtualization is the key to cloud computing 2011/10/1113

IDS  an Intrusion detection system (IDS) is a security system that monitors computer systems and network traffic and analyzes that traffic for possible hostile attacks originating from outside the organization and also for system misuse or attacks originating from inside the organization.[4]  Do more protect than firewall which filter incoming traffic from the Internet. 2011/10/1114

IDS  Two types of IDS  Host IDS(HIDS)  Network IDS(NIDS)  The trade-off is evident when comparing HIDS and NIDS  NIDS offers high attack resistance at the cost of visibility.  HIDS offers high visibility but sacrifice attack resistance. 2011/10/1115

Agenda  Introduction  Collaborative Attack  Virtualization  Problem description  Scenario 2011/10/1116

Problem Description 2011/10/1117

Attacker View  Commander  Attackers  Initial location  Budget  Capability  Objective  Steal confidential information  Service disruption 2011/10/1118

Defender View  Special Defense Resource  Cost budget  VM IDS (Signature) [5]  Cloud security service  Costless(Decrease QoS)  VM local defense  Dynamic topology reconfiguration [6] 2011/10/1119

Per Hop Decision  Period decision  Early stage  Late stage  Strategy decision by criteria  compromise → risk avoidance  pretend to attack → risk tolerance  No. of Attackers  Choose ideal attackers  Aggressiveness  Attack Energy  Budget  Capability 2011/10/1120

Time Issue  Attackers  Compromise time  Recovery time  Defender  Signature generate  Reconfiguration impact QoS 2011/10/1121

Synergy  Pros  Decrease Budget cost of each attacker  Less recovery time  Less compromise time  Cons  Probability of detected 2011/10/1122

Early Period, Risk Avoidance  Purpose  Try to compromise nodes as fast as they can  Keep the stronger attackers for compromise core nodes 2011/10/1123

Agenda  Introduction  Collaborative Attack  Virtualization  Problem description  Scenario 2011/10/1124

Scenario General nodeCore nodeCloud security agent VMM environment Third party’s defense center Cloud security provider 2011/10/1125

Scenario A B C D E F G H I J 2011/10/1126

Early Stage Attack Strategy A B C D E F G H I J 2011/10/1127

Local Defense A B C D E F G H I J 2011/10/1128

IPDS request signature A B C D E F G H I J Signature generating… 2011/10/1129

Late Stage Attack Strategy Signature generating… A B C D E F G H I J 2011/10/1130

Attack VMM Signature generating… A B C D E F G H I J 2011/10/1131

Risk Level 、 Reconfiguration Signature generating… A B C D E F G H I J 2011/10/1132

Cloud Security Service Signature generating… A B C D E F G H I J 2011/10/1133

Transfer Signature A B C D E F G H I J 2011/10/1134

Failure of Attacker A B C D E F G H I J 2011/10/1135

Failure of Defender A B C D E F G H I J 2011/10/1136

Thanks for your listening!! 2011/10/1137

Reference  [1] S. Xu, “Collaborative Attack vs. Collaborative Defense”, Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, Volume 10, Part 2, pp , 2009  [2] S. Braynov and M. Jadliwala, “Representation and Analysis of Coordinated Attacks”, FMSE'03, 2003  [3] J. K. Waters, “Virtualization Definition and Solutions”, 2008, utions utions  [4] SANS Institute InfoSec Reading Room, "Intrusion Detection Systems: Definition, Need and Challenges,"  [5] T. Garfinkel and M. Rosenblum, “A Virtual Machine Introspection Based Architecture for Intrusion Detection”, Proc. Network and Distributed Systems Security Symposium, /10/1138

Reference  [6] M. Atighetchi, P. Pal, F. Webber and C. Jones, “Adaptive Use of Network-Centric Mechanisms in Cyber-Defense”, BBN Technologies LLC 2011/10/1139

Appendix 2011/10/1140

Host-based IDS  HIDS obtains information by watching local activity on a host :  processes, system calls, logs, etc.  Advantages :  Detailed information about system activities.  Greater accuracy and fewer false positives.  Weakness :  Highly dependent on host systems.  Can be deactivated or tampered by a successful intruder. 2011/10/1141

Network-based IDS  NIDS obtains data by monitoring the traffic in the network.  Advantages :  Operating System-independent.  Can detect attack attempts outside the firewall.  Difficult for attackers to displace their evidences.  Weakness :  In high-traffic networks, a network monitor could potentially miss packets, or become a bottleneck.  Hard to get detailed information of hosts. 2011/10/1142

Period  N : The total numbers of nodes in the Defense Networks.  F : The total numbers of node which is compromised in the Defense Networks. 2011/10/1143

Selection Criteria 2011/10/1144

No. of Attackers  M : Number of selected candidates  Success Rate (SR) = Risk Avoidance Compromised / Risk Avoidance Attacks 2011/10/1145

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.