Presented by Yu-Shun Wang Advisor: Frank, Yeong-Sung Lin Near Optimal Defense Strategies to Minimize Attackers’ Success Probabilities for networks of Honeypots.

Slides:



Advertisements
Similar presentations
Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu.
Advertisements

Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/10/25 1 Research Direction Introduction.
Planning under Uncertainty
Content Based Image Clustering and Image Retrieval Using Multiple Instance Learning Using Multiple Instance Learning Xin Chen Advisor: Chengcui Zhang Department.
Date:2011/06/08 吳昕澧 BOA: The Bayesian Optimization Algorithm.
A Trust Based Assess Control Framework for P2P File-Sharing System Speaker : Jia-Hui Huang Adviser : Kai-Wei Ke Date : 2004 / 3 / 15.
Chapter 18 Testing Conventional Applications
CS401 presentation1 Effective Replica Allocation in Ad Hoc Networks for Improving Data Accessibility Takahiro Hara Presented by Mingsheng Peng (Proc. IEEE.
Developing Analytical Framework to Measure Robustness of Peer-to-Peer Networks Niloy Ganguly.
Trust-based Multi-Objective Optimization for Node-to-Task Assignment in Coalition Networks 1 Jin-Hee Cho, Ing-Ray Chen, Yating Wang, and Kevin S. Chan.
1 11 Subcarrier Allocation and Bit Loading Algorithms for OFDMA-Based Wireless Networks Gautam Kulkarni, Sachin Adlakha, Mani Srivastava UCLA IEEE Transactions.
Source-End Defense System against DDoS attacks Fu-Yuan Lee, Shiuhpyng Shieh, Jui-Ting Shieh and Sheng Hsuan Wang Distributed System and Network Security.
Introduction to Job Shop Scheduling Problem Qianjun Xu Oct. 30, 2001.
Agenda Introduction Overview of White-box testing Basis path testing
Maximization of Network Survivability against Intelligent and Malicious Attacks (Cont’d) Presented by Erion Lin.
A Graph-based Friend Recommendation System Using Genetic Algorithm
Energy Efficient Phone-to-Phone Communication Based on WiFi Hotspots in PSN En Wang 1,2, Yongjian Yang 1, and Jie Wu 2 1 Dept. of Computer Science and.
Protection vs. false targets in series systems Reliability Engineering and System Safety(2009) Kjell Hausken, Gregory Levitin Advisor: Frank,Yeong-Sung.
ERCOT Planning WMS 10/20/2010 Target Reserve Margin and Effective Load Carrying Capability of Installed Wind Capacity for the ERCOT System – Methodology.
Expert Systems with Applications 34 (2008) 459–468 Multi-level fuzzy mining with multiple minimum supports Yeong-Chyi Lee, Tzung-Pei Hong, Tien-Chin Wang.
Optimal Placement of Femto Base Stations in Enterprise Femtocell Networks Adviser: Frank, Yeong - Sung Lin Present by Li Wen Fang.
Robustness of complex networks with the local protection strategy against cascading failures Jianwei Wang Adviser: Frank,Yeong-Sung Lin Present by Wayne.
Secure and Energy-Efficient Disjoint Multi-Path Routing for WSNs Presented by Zhongming Zheng.
Analyzing the Vulnerability of Superpeer Networks Against Attack Niloy Ganguly Department of Computer Science & Engineering Indian Institute of Technology,
Chapter 11 Statistical Techniques. Data Warehouse and Data Mining Chapter 11 2 Chapter Objectives  Understand when linear regression is an appropriate.
Research Direction Introduction Advisor: Professor Frank Y.S. Lin Present by Hubert J.W. Wang.
Optimal Resource Allocation for Protecting System Availability against Random Cyber Attack International Conference Computer Research and Development(ICCRD),
Mitigation strategies on scale-free networks against cascading failures Jianwei Wang Adviser: Frank,Yeong-Sung Lin Present by Chris Chang.
November 19, 2008 CSC 682 Use of Virtualization to Thwart Malware Written by: Ryan Lehan Presented by: Ryan Lehan Directed By: Ryan Lehan Produced By:
1 Iterative Integer Programming Formulation for Robust Resource Allocation in Dynamic Real-Time Systems Sethavidh Gertphol and Viktor K. Prasanna University.
Redundancy and Defense Resource Allocation Algorithms to Assure Service Continuity against Natural Disasters and Intelligent Attackers Advisor: Professor.
Author: Tadeusz Sawik Decision Support Systems Volume 55, Issue 1, April 2013, Pages 156–164 Adviser: Frank, Yeong-Sung Lin Presenter: Yi-Cin Lin.
SybilGuard: Defending Against Sybil Attacks via Social Networks.
Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/11/29 1 Defender Message Strategies to Maximize Network Survivability for Multi-Stage Defense Resource.
Statistics 1: Introduction to Probability and Statistics Section 3-2.
Project Presentation By: Dean Morrison 12/6/2006 Dynamically Adaptive Prepaging for Effective Virtual Memory Management.
Research Direction Advisor: Frank,Yeong-Sung Lin Presented by Jia-Ling Pan 2010/10/211NTUIM OPLAB.
Xiao Liu 1, Yun Yang 1, Jinjun Chen 1, Qing Wang 2, and Mingshu Li 2 1 Centre for Complex Software Systems and Services Swinburne University of Technology.
Simulation in Healthcare Ozcan: Chapter 15 ISE 491 Fall 2009 Dr. Burtner.
E FFECTIVE N ETWORK P LANNING AND D EFENDING S TRATEGIES TO M INIMIZE S ERVICE C OMPROMISED P ROBABILITY UNDER M ALICIOUS C OLLABORATIVE A TTACKS Advisor:
論文進度報告 Advisor: Professor Frank Y.S. Lin Presented by G.W. Chen 陳冠瑋.
Sporadic model building for efficiency enhancement of the hierarchical BOA Genetic Programming and Evolvable Machines (2008) 9: Martin Pelikan, Kumara.
Research Direction Introduction
Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu.
Research Direction Introduction Advisor: Frank, Yeong-Sung Lin Presented by Hui-Yu, Chung 2011/11/22.
Optimal Defense Against Jamming Attacks in Cognitive Radio Networks Using the Markov Decision Process Approach Presenter: Wayne Hsiao Advisor: Frank, Yeong-Sung.
CS4445 Data Mining B term WPI Solutions HW4: Classification Rules using RIPPER By Chiying Wang 1.
Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/11/29 1 Research Direction Introduction.
Chapter 4 CPU Scheduling. 2 Basic Concepts Scheduling Criteria Scheduling Algorithms Multiple-Processor Scheduling Real-Time Scheduling Algorithm Evaluation.
O PTIMAL R EPLACEMENT AND P ROTECTION S TRATEGY FOR P ARALLEL S YSTEMS R UI P ENG, G REGORY L EVITIN, M IN X IE AND S ZU H UI N G Adviser: Frank, Yeong-Sung.
Task: It is necessary to choose the most suitable variant from some set of objects by those or other criteria.
Cloud-Assisted VR.
Process Scheduling B.Ramamurthy 9/16/2018.
A Framework for Automatic Resource and Accuracy Management in A Cloud Environment Smita Vijayakumar.
Process Scheduling B.Ramamurthy 11/18/2018.
Network Optimization Research Laboratory
Process Scheduling B.Ramamurthy 12/5/2018.
Advisor: Frank,Yeong-Sung Lin
Process Scheduling B.Ramamurthy 2/23/2019.
Process Scheduling B.Ramamurthy 2/23/2019.
Process Scheduling B.Ramamurthy 4/11/2019.
Process Scheduling B.Ramamurthy 4/7/2019.
Presented by Yu-Shun Wang
Process Scheduling B.Ramamurthy 4/19/2019.
Process Scheduling B.Ramamurthy 4/24/2019.
Advisor: Yeong-Sung, Lin, Ph.D. Presented by Yu-Ren, Hsieh
Process Scheduling B.Ramamurthy 5/7/2019.
Advisor: Frank,Yeong-Sung Lin Presented by Jia-Ling Pan
Presentation transcript:

Presented by Yu-Shun Wang Advisor: Frank, Yeong-Sung Lin Near Optimal Defense Strategies to Minimize Attackers’ Success Probabilities for networks of Honeypots

Agenda Introduction Solution Approach Evaluation Process Policy enhancement Initial parameter configuration Experiment on M Summary 2016/3/11 2 OP IM, NTU

Agenda Introduction Solution Approach Evaluation Process Policy enhancement Initial parameter configuration Experiment on M Summary 2016/3/11 3 OP IM, NTU

Introduction In order to make attack and defense behavior close to the real world, we add some new perspectives in this work. For instance, due to the advent of new technology, defenders have different kind of solutions to deal with malicious attackers. Therefore, in this work, we not only consider general defense resource but also another kind of defensive technology, honeypot, as a deceptive tool to distract attackers. 2016/3/11 4 OP IM, NTU

Introduction For defense resource, we have two different types: honeypot, and non-honeypot. Honeypot The main objective of this kind of defense resource is to cheat attackers. Once attackers compromise these systems, they wasted their finite budget. Learning attack tactic and wasting attack resource False target Non-honeypot This kind of defense resource is allocated to nodes in the network. The purpose of this resource is to increase defense capability on nodes. 2016/3/11 OP IM, NTU 5

Introduction For attackers, we also made a classification. The classifying criteria are : Budget level High, medium, and low Capability High, medium, and low Next hop selecting criteria Highest link utilization Lowest link utilization Lowest defense level Random attack 2016/3/11 OP IM, NTU 6

Agenda Introduction Solution Approach Evaluation Process Policy enhancement Initial parameter configuration Experiment on M Summary 2016/3/11 7 OP IM, NTU

Solution Approach Evaluation Process Since our scenario and environment are very dynamic, it is hard to solve the problem purely by mathematical programming. For each attacker category, although attackers in it belong to the same type, there is still some randomness between each other. This is caused by honeypots. if an attacker compromises a false target honeypot, there is a probability that he will believe the core node is compromised and terminate this attack. Therefore, we can never guarantee the result of an attack is successful or failed until at the end of the evaluation. 2016/3/11 8 OP IM, NTU

Solution Approach Evaluation Process Initial state Run evaluation with the 36 kinds of different attackers for M times and get the core node compromise frequency. Let the frequency divided by M to gather average core node compromised probability. Adjust defense parameters by policy enhancement Run another evaluation M times using adjusted defense parameters and get the corresponding probability N times Compare result with the initial one No Yes 2016/3/11 9 OP IM, NTU

Solution Approach Evaluation Process Parameter generation M (Total evaluation frequency for one round) First, we make an initial value, for example, 10 million. Then, we let 10 thousands as a chunk to summary the result and draw a diagram depicting the relationship between compromised frequency and number of chunks. If the diagram shows a converging trend, it implies the value of M is an ideal one. N (Total rounds for policy enhancement) We set this value by resource constrained approach. 2016/3/11 10 OP IM, NTU

Agenda Introduction Solution Approach Evaluation Process Policy enhancement Initial parameter configuration Experiment on M Summary 2016/3/11 11 OP IM, NTU

Solution Approach Policy enhancement The main concept of Policy enhancement can be summarized into the following parts. Popularity Based Strategy This strategy is focuses on those nodes are frequently attacked. Therefore, we let the total cost attackers spent on each node as the metric in the Policy enhancement. Derivative This concept is using to measure the marginal effectiveness of each defense resource allocation. 2016/3/11 12 OP IM, NTU

Solution Approach Policy enhancement By the attack cost spent on each node, we chose first three of the highest (and lowest) nodes as two groups. Is it a honeypot Calculate derivative of defense resource with one virtual positive unit resource Calculate derivative of defense resource and link utilization with one virtual positive unit resource Calculate derivative of defense resource and link utilization with one virtual negative unit resource Calculate derivative of defense resource with one virtual negative unit resource Select the highest derivative from the two groups respectively and remove one unit resource from the lowest group to the highest group Yes No Highest group Lowest group 2016/3/11 13 OP IM, NTU

Solution Approach The relationship between evaluation process and policy enhancement. By the attack cost spent on each node, we chose first three of the highest (and lowest) nodes as two groups. Is it a honeypot Calculate derivative of defense resource with one virtual positive unit resource Calculate derivative of defense resource and link utilization with one virtual positive unit resource Calculate derivative of defense resource and link utilization with one virtual negative unit resource Calculate derivative of defense resource with one virtual negative unit resource Select the highest derivative from the two groups respectively and remove one unit resource from the lowest group to the highest group Yes No Highest group Lowest group Initial state Run evaluation with the 36 kinds of different attackers for M times and get the core node compromise frequency. Let the frequency divided by M to gather average core node compromised probability. Adjust defense parameters by improving procedure Run another evaluation M times using adjusted defense parameters and get the corresponding probability N times Compare result with the initial one No Yes 2016/3/11 14 OP IM, NTU

Agenda Introduction Solution Approach Evaluation Process Policy enhancement Initial parameter configuration Experiment on M Summary 2016/3/11 15 OP IM, NTU

Initial parameter configuration Defender Defense resource allocation We allocate resource according to two major metrics: Hop count to the core node oThe larger hop count the lower defense level is Number of out links of each node oThe higher number of out links the higher defense level is. Honeypot link utilization Initial value is set to be /3/11 OP IM, NTU 16 t F W W S F

Initial parameter configuration Attacker Budget level Multiple of Minimum attack cost Low level: 1~3 times of minimum attack cost Medium level: 3~5 times of minimum attack cost High level: over 5 times Capability High level: 30% deceived probability Medium level: 50% deceived probability High level: 70% deceived probability 2016/3/11 OP IM, NTU 17

Agenda Introduction Solution Approach Evaluation Process Policy enhancement Initial parameter configuration Experiment on M Summary 2016/3/11 18 OP IM, NTU

Experiment on M We run different number of chunks to discover which one is an ideal value for M. 10 chunks 100 chunks 1,000 chunks 10,000 chunks Each chunk represents result of 10 thousand times evaluation, i.e., attacking. 2016/3/11 OP IM, NTU 19

Experiment on M Result of 10 chunks 2016/3/11 OP IM, NTU 20 chunkNo.ComFreq

Experiment on M Result of 100 chunks 2016/3/11 OP IM, NTU 21 chunkNo.ComFreq ‧‧ ‧‧

Experiment on M Result of 1,000 chunks 2016/3/11 OP IM, NTU 22

Experiment on M Result of 10,000 chunks 2016/3/11 OP IM, NTU 23

Agenda Introduction Solution Approach Evaluation Process Policy enhancement Initial parameter configuration Experiment on M Summary 2016/3/11 24 OP IM, NTU

Summary According to the experiment result, we can discover the core node compromised frequency in 10 thousand (one chunk) attacks is only 3~4 thousand times. Many attackers with high budget level is deceived by honeypots. 2016/3/11 OP IM, NTU 25

2016/3/11 26 OP IM, NTU

Experiment data Information of attacker 3 is as follows: Budget level is: Capability is Next hop selecting criteria is 4 Round time is: 14 compromising path is: Path: Information of attacker 30 is as follows: Budget level is: Capability is Next hop selecting criteria is 3 Round time is: 58 compromising path is: Path: /3/11 OP IM, NTU 27 Information of attacker 6 is as follows: Budget level is: Capability is (High level) Next hop selecting criteria is 3 Round time is: 7 compromising path is: Path: Information of attacker 18 is as follows: Budget level is: Capability is (Low level) Next hop selecting criteria is 3 Round time is: 8 compromising path is: Path: Total defense budget is set to be 100

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.