Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automating Cyber- Defense Management By: Zach Archer COSC 316.

Published byHarry Nelson Modified over 8 years ago

Similar presentations

Presentation on theme: "Automating Cyber- Defense Management By: Zach Archer COSC 316."— Presentation transcript:

1 Automating Cyber- Defense Management By: Zach Archer COSC 316

2 Road Map Introduction State the Problem Approach Key Components Current Achievements Related Work Conclusion Questions

3 Introduction BBN Technologies New step in security Survivability Architecture What do we mean to do  Automating Cyber-Defense Management is just taking the human experts out of the role of “intelligent control loop”.  Outermost control loop.

4 Stating the Problem Survivability architectures combine three basic types of defensive capability  Protection  Detection  Adaptive Reaction Lots of information Architecture allows for certain assumption  What needs fixed  Actions that may be applicable

5 Approach To encode knowledge to rules and constraints Create a process that uses the knowledge representation Then use the process to detect and resolve issues that may arise in a system.

6 Key Elements Knowledge Representation (KR) Event Interpretation (EI) Response Selection (RS) Claim Selection (CS)

7 Knowledge Representation (KR) Knowledge of human experts Four types of knowledge  What machine is of what OS, network it is on, what services it hosts, and what is connected to or depend upon any given host  Symptomatic knowledge States of the system Reports from the system Classification of possible vulnerabilities  What response options are available  Whether the response will be effective

8 Event Interpretation (EI) Constructs a constraint network from the alerts 4 types of hypotheses  Dead  Corrupt  Flooded  Known issues This hypotheses is known issues that can arise within the system

9 Response Selection (RS) Uses responses to maintain operational capabilities 6 Types of high level responses  Refresh  Reset  Ping  Quarantine  Isolate  Degrade Picks out the sequence of response execution  That will be most effective

10 Claims Selection (CS) Is responsible for selecting a subset of hypotheses  Looking at metadata as proof status  This also has two sections of hypotheses  Proven  Accepted set

11 Putting it all together

12 Main idea is to have the CS as a controller that monitors all the decisions that are being made by the other sections Using the checks that are in all the sections and the CS monitoring all work. We can now have the system create a plan of attack Then a plan of attack is then created and processed through checks within the RS to make sure the response to the attack will maintain a working system state

13 Current Achievements Implemented a simulation environment  50 hosts  60 NICS  Multiple routers and switches  12 application level protocols

14 Related Work Cisco's Self-Defending Network  One key difference is the focus of without user involvement.

15 Conclusion The paper concludes that work is currently ongoing Learning more from past successes and failures Success at this level will be a stepping stone

16 Why Do This Faster response time Expert managers for every system No corrupted humans Stronger more reliable system Less chance for spread

17 Why Not Do This No expert Machine can have bugs Some decisions may not be made Error reports may be corrupted

18 THANK YOU Any Questions????

19 References Partha Pal, Franklin Webber, Michael Atighetchi, Paul Rubel, Paul Benjamin. Automating Cyber Defense Management. Second International Workshop on Recent Advances in Intrusion Tolerant Systems at EuroSys 2008, Glasgow, UK, Mar 31- Apr 4, 2008.

Download ppt "Automating Cyber- Defense Management By: Zach Archer COSC 316."

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
LTMI Internet Management Technology Laboratory APNOM 2003 A Study on Survivability of Mobile Network Nodes in the Network Mobility Sang Young Lee, Jin.

LTMI Internet Management Technology Laboratory APNOM 2003 A Study on Survivability of Mobile Network Nodes in the Network Mobility Sang Young Lee, Jin.
Henry C. H. Chen and Patrick P. C. Lee

Henry C. H. Chen and Patrick P. C. Lee
Report on Common Intrusion Detection Framework By Ganesh Godavari.

Report on Common Intrusion Detection Framework By Ganesh Godavari.
Chapter 4 Quality Assurance in Context

Chapter 4 Quality Assurance in Context
A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,

A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
The Design Philosophy of the DARPA Internet Protocols [Clark 1988] Nick McKeown CS244 Lecture 2 Architecture and Principles.

The Design Philosophy of the DARPA Internet Protocols [Clark 1988] Nick McKeown CS244 Lecture 2 Architecture and Principles.
Nicholas Moore Bianca Curutan Pooya Samizadeh McMaster University March 30, 2012.

Nicholas Moore Bianca Curutan Pooya Samizadeh McMaster University March 30, 2012.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Chapter 4 DECISION SUPPORT AND ARTIFICIAL INTELLIGENCE

Chapter 4 DECISION SUPPORT AND ARTIFICIAL INTELLIGENCE
Chapter 12 Network Security.

Chapter 12 Network Security.
CS 582 / CMPE 481 Distributed Systems Fault Tolerance.

CS 582 / CMPE 481 Distributed Systems Fault Tolerance.
An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.

An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.
Chapter 1 Read (again) chapter 1.

Chapter 1 Read (again) chapter 1.
Software Engineering for Safety : A Roadmap Presentation by: Manu D Vij CS 599 Software Engineering for Embedded Systems.

Software Engineering for Safety : A Roadmap Presentation by: Manu D Vij CS 599 Software Engineering for Embedded Systems.
Marakas: Decision Support Systems, 2nd Edition © 2003, Prentice-Hall Chapter 7 - 1 Chapter 7: Expert Systems and Artificial Intelligence Decision Support.

Marakas: Decision Support Systems, 2nd Edition © 2003, Prentice-Hall Chapter Chapter 7: Expert Systems and Artificial Intelligence Decision Support.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Similar presentations

Ads by Google