Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tanmoy Sarkar, Johnny Wong, Samik Basu Response to Collaborative Attacks Against Network Vulnerability Iowa State University, Department Of Computer Science.

Published byHaven Offield Modified over 10 years ago

Similar presentations

Presentation on theme: "Tanmoy Sarkar, Johnny Wong, Samik Basu Response to Collaborative Attacks Against Network Vulnerability Iowa State University, Department Of Computer Science."— Presentation transcript:

1 Tanmoy Sarkar, Johnny Wong, Samik Basu Response to Collaborative Attacks Against Network Vulnerability Iowa State University, Department Of Computer Science 11/19/2008

2 Motivation A large network usually has multiple hosts, diverse software packages and supports several modes of connectivity. Must take into account the exploitation in such a network. Current research on vulnerability analysis (Logical) Attack Graph Based. Model based Vulnerability Analysis.

3 Correlation Analysis Current research mainly focuses on sequential attacks, little attention was paid to coordinated attacks. It is often the case the effect of an action is modified concurrently by another action in a distributed environment. Correlation analysis is required to detect coordinated attack.

4 Broader Problem Scenario FirewallRouter Correlating Atomic Actions to Analyze Global Vulnerability RR Attacker Notations Global Attack Atomic Attack R Preemptive Response for Single Host

5 Preemptive Intrusion Response Host Based – System behavior is represented by set of all possible sequences observed. Extended Action Graph (EXACT) - Represents normal and anomalous behavioral patterns of a system. Currently deals with single host, monitoring system behavior in terms of system calls. Need to capture Network behavior Deploy in distributed environment

6 Example EXACT Generated by three sequences S1, S2, S3, S2 and S2, S4, S5, S1, S3, S6 and S1, S3, S6

7 Example Problem File1 File2 File3 Open File1 Open File2 Open File3 User 1: Legitimate User of File 2 User 2: Legitimate User of File 3 File Sharing System Create Symbolic Link File 1 pointing to File2 Create Symbolic Link File 1 pointing to File3

8 Our Approach S1 S2 S3 User1 creates Symbolic link File1 to File2 Symbolic Link created between File1 & File2 User1 opens File 1 User1 is able to access File 2 User 1 T1 T2 User2 creates Symbolic link File1 to File3 Symbolic Link created between File1 & File3 User 2

9 Tasks Task 1 Survey and investigate current intrusion response solutions (e.g. preemption based, tracing based, attack graph based) for attack planning and vulnerability analysis of a network of hosts. Study and evaluate how well the existing and new response solutions can be applied to the above distributed environment. Task 2 Design a new automated response solution for the distributed environments by extending preemptive response solution for a single host. The mechanism will provide to respond against global vulnerability due to sequential and concurrent atomic attacks in a network. Testing the response mechanism using simulation/prototype implementation in a distributed environment. Testing the response mechanism using simulation/prototype implementation in a distributed environment.

10 Publications Taxonomy of Intrusion Response Systems. International Journal of Information and Computer Security. Vol. 1. No. 1/2, pp.169-184, 2007. N. Stakhanova, S. Basu and J. Wong Specification Synthesis for Monitoring and Analysis of MANET Protocols. The International Symposium on Frontiers in Networking with Applications, FINA 2007 N. Stakhanova, S. Basu, W. Zhang, X.Wang and J.Wong A Cost-Sensitive Model for Preemptive Intrusion Response Systems. Nokia Best Student Paper Award The International Conference on Advanced Information Networking and Applications, AINA 2007 N. Stakhanova, S. Basu and J.Wong Automated caching of behavioral patterns for efficient run-time monitoring. IEEE International Symposium on Dependable, Autonomic and Secure Computing, DASC 2006 N. Stakhanova, S. Basu, R. Lutz and J.Wong

11 Thank You

Download ppt "Tanmoy Sarkar, Johnny Wong, Samik Basu Response to Collaborative Attacks Against Network Vulnerability Iowa State University, Department Of Computer Science."

Similar presentations

1 Instituto de Sistemas e Robótica 10th IEEE MEDITERRANEAN CONFERENCE ON CONTROL AND AUTOMATION Instituto Superior Técnico – Instituto de Sistemas e Robótica.

1 Instituto de Sistemas e Robótica 10th IEEE MEDITERRANEAN CONFERENCE ON CONTROL AND AUTOMATION Instituto Superior Técnico – Instituto de Sistemas e Robótica.
Gfarm v2 and CSF4 Osamu Tatebe University of Tsukuba Xiaohui Wei Jilin University SC08 PRAGMA Presentation at NCHC booth Nov 19,

Gfarm v2 and CSF4 Osamu Tatebe University of Tsukuba Xiaohui Wei Jilin University SC08 PRAGMA Presentation at NCHC booth Nov 19,
International Technology Alliance In Network & Information Sciences International Technology Alliance In Network & Information Sciences 1 Interference.

International Technology Alliance In Network & Information Sciences International Technology Alliance In Network & Information Sciences 1 Interference.
Battalion Level Staff PERSONAL STAFF GROUP COORDINATING STAFF GROUP

Battalion Level Staff PERSONAL STAFF GROUP COORDINATING STAFF GROUP
A mobile single sign-on system Master thesis 2006 Mats Byfuglien.

A mobile single sign-on system Master thesis 2006 Mats Byfuglien.
Formal Methods for Intrusion Detection Presented by Brian Kellogg CSE 914: Formal Methods for Software Development Michigan State University December 11.

Formal Methods for Intrusion Detection Presented by Brian Kellogg CSE 914: Formal Methods for Software Development Michigan State University December 11.
Copyright © 2012, SAS Institute Inc. All rights reserved. Cyber Security threats to Open Government Data Vishal Marria April 2014.

Copyright © 2012, SAS Institute Inc. All rights reserved. Cyber Security threats to Open Government Data Vishal Marria April 2014.
Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.

Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.
Automated Analysis and Code Generation for Domain-Specific Models George Edwards Center for Systems and Software Engineering University of Southern California.

Automated Analysis and Code Generation for Domain-Specific Models George Edwards Center for Systems and Software Engineering University of Southern California.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.

Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.
1 Steve Chenoweth Tuesday, 10/18/11 Week 7, Day 2 Right – One view of the layers of ingredients to an enterprise security program. From www.451group.com/security/451_security.php.www.451group.com/security/451_security.php.

1 Steve Chenoweth Tuesday, 10/18/11 Week 7, Day 2 Right – One view of the layers of ingredients to an enterprise security program. From
Self-Stabilization An Introduction Aly Farahat Ph.D. Student Automatic Software Design Lab Computer Science Department Michigan Technological University.

Self-Stabilization An Introduction Aly Farahat Ph.D. Student Automatic Software Design Lab Computer Science Department Michigan Technological University.
A Virtual Environment for Investigating Counter Measures for MITM Attacks on Home Area Networks Lionel Morgan 1, Sindhuri Juturu 2, Justin Talavera 3,

A Virtual Environment for Investigating Counter Measures for MITM Attacks on Home Area Networks Lionel Morgan 1, Sindhuri Juturu 2, Justin Talavera 3,
March 24, 2003Upadhyaya – IWIA 20031 A Tamper-resistant Framework for Unambiguous Detection of Attacks in User Space Using Process Monitors R. Chinchani.

March 24, 2003Upadhyaya – IWIA A Tamper-resistant Framework for Unambiguous Detection of Attacks in User Space Using Process Monitors R. Chinchani.
Project Description The project basically consists of three main components-Attacker, Defender, and Observer. Our project scenario is the following: A.

Project Description The project basically consists of three main components-Attacker, Defender, and Observer. Our project scenario is the following: A.
Distributed System Concepts and Architectures Summary By Srujana Gorge.

Distributed System Concepts and Architectures Summary By Srujana Gorge.
Intrusion Detection System Marmagna Desai [ 520 Presentation]

Intrusion Detection System Marmagna Desai [ 520 Presentation]
Building Survivable Systems based on Intrusion Detection and Damage Containment Paper by: T. Bowen Presented by: Tiyseer Al Homaiyd 1.

Building Survivable Systems based on Intrusion Detection and Damage Containment Paper by: T. Bowen Presented by: Tiyseer Al Homaiyd 1.
WAC/ISSCI 20061 Automated Anomaly Detection Using Time-Variant Normal Profiling Jung-Yeop Kim, Utica College Rex E. Gantenbein, University of Wyoming.

WAC/ISSCI Automated Anomaly Detection Using Time-Variant Normal Profiling Jung-Yeop Kim, Utica College Rex E. Gantenbein, University of Wyoming.

Similar presentations

Ads by Google