Presentation is loading. Please wait.

Presentation is loading. Please wait.

Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu.

Published byKimberly Strickland Modified over 9 years ago

Similar presentations

Presentation on theme: "Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu."— Presentation transcript:

1 Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu

2 Agenda Problem Description Mathematical Formulation

3 Agenda Problem Description Mathematical Formulation

4 Problem Description Collaborative Attack Special Defense Resources “Fake Traffic”, “False Target” or “Dual Function” Honeypots Virtualization Dynamic Topology Reconfiguration To minimize maximized attackers’ success probability by adjusting the defense parameters of planning and defending phase.

5 Special Defense Resources Honeypots Fake Traffic function False Target function Dual function Virtualization Dynamic Topology Reconfiguration

6 Attack Strategies & Risk Acceptance Attack Strategies Compromise Pretend to attack Test reaction Take opportunity Risk Acceptance Risk Avoidance Risk Tolerance

7

8 Stage & Selection Criteria Stage Early stage Late stage Selection Criteria Defense resource Traffic

9 Time Issue Attackers Compromise time Recovery time Defenders Reconfiguration impact QoS time Reconfiguration QoS recovery time

10 Pros and Cons of Collaborative Attack Advantage Decrease budget cost of each attackers Less compromise time Less recovery time Disadvantage Probability of detected

11 Agenda Problem Description Mathematical Formulation

12 Objective To minimize maximized attackers’ success probability Given Total Defense Budget Each Cost of Constructing a Defense Mechanism Virtualization Cost Service Priority To be determined Attack and Defense Configurations Budget Spent on Constructing Node or Link General and Special Defense Resource

13 Given Parameters NotationDescription N The index set of all nodes. C The index set of all core nodes. L The index set of all links. S The index set of all types of services. M The index set of all level of virtual machine monitors (VMMs). H The index set of all types of honeypots. P The index set of candidate nodes equipped with false target function. Q The index set of candidate nodes equipped with fake traffic generating function. R The index set of candidate nodes equipped with false target and fake traffic generating function.

14 Given Parameters NotationDescription B The defender’s total budget. w The cost of constructing one intermediate node. o The cost of constructing one core node. p The cost of each virtual machine (VM). r The cost of constructing a reconfiguration function to one node.

15 Given Parameters NotationDescription kiki The maximum number of virtual machines on VMM level i, where i ∈ M aiai The weight of i th service, where i ∈ S. E All possible defense configurations, including defense resources allocation and defending strategies. Z All possible attack configurations, including attacker’s attributes, commander’s strategies and transition rules. FiFi The number of commanders targeting on i th service, where i ∈ S.

16 Decision Variables NotationDescription D A instance of defense configuration, including defense resources allocation and defending strategies on i th service, where i ∈ S. A A instance of attack configuration, including attacker’s attributes, commander’s strategies and transition rules of the commander launches j th attack on i th service, where i ∈ S, 1≤ j ≤ F i. T(D,A) 1 if the commander achieve his goal successfully, and 0 otherwise, where i ∈ S, 1≤ j ≤ F i.

17 Decision Variables NotationDescription B nodelink The budget spent on constructing nodes and links. B general The budget spent on allocating general defense resource. B special The budget spent on deploying special defense resource. B virtualization The budget of virtualization. B honeypot The budget of honeypots. B reconfiguration The budget of reconfiguration functions.

18 Decision Variables NotationDescription eThe total number of intermediate nodes. nini The general defense resources allocated to node i, where i ∈ N. q ij The capacity of direct link between node i and j, where i ∈ N, j ∈ N. g(q ij ) The cost of constructing a link from node i to node j with capacity q ij, where i ∈ N, j ∈ N. lili The number of VMM level i purchased, where i ∈ M. δiδi The number of services that honeypot i can simulate, where i ∈ H. εiεi The interactive capability of false target honeypot i, where i ∈ P. θiθi The maximum throughput of fake traffic that fake traffic generator honeypot i can achieve, where i ∈ Q.

19 Decision Variables NotationDescription v( l i ) The cost of VMM level i with l i VMMs, where i ∈ M. h( δ i, ε i )The cost of constructing a false target honeypot with the number of simulating services and the interactive capability, where i ∈ P. f( δ i, θ i )The cost of constructing a fake traffic generator honeypot with the number of simulating services and the maximum achievable throughput of fake traffic, where i ∈ Q. t( δ i, ε i, θ i )The cost of constructing a honeypot equipped with false target and fake traffic generating functions with the number of simulating services, the interactive capability and the maximum achievable throughput of fake traffic, where i ∈ R. xixi 1 if node i is equipped with false target function, and 0 otherwise, where i ∈ N. yiyi 1 if node i is equipped with fake traffic generating function, and 0 otherwise, where i ∈ N. zizi 1 if node i is equipped with reconfiguration function, and 0 otherwise, where i ∈ N.

20 Verbal Notations NotationDescription G core i Loading of each core node i, where i ∈ C. U link i Link utilization of each link i, where i ∈ L. K effect Negative effect caused by applying fake traffic adjustment. I effect Negative effect caused by applying dynamic topology reconfiguration. J effect Negative effect caused by applying local defense. O tocore The number of hops legitimate users experienced from one boundary node to destination. Y The total compromise events. W threshold The predefined threshold regarding quality of service. W final The level of quality of service at the end of an attack. W(  ) The value of quality of service is determined by several factors.

21 Verbal Notations NotationDescription ρ defense The defense resource of the shortest path from detected compromised nodes to core node i divided by total defense resource, where i ∈ C. τ hops The minimum number of hops from detected compromised nodes to core node i divided by the maximum number of hops from attacker’s starting position to one core node, where i ∈ C. ω degree The link degree of core node i divided by the maximum link degree among all nodes in the topology, where i ∈ C. S priority i The priority of service i provided by core nodes divided by the maximum service priority among core nodes in the topology, where i ∈ C and j ∈ S. β threshlod The risk threshold of core nodes. β()β() The risk status of each core node which is the aggregation of defense resource, number of hops, link degree and service priority

22 Objective Function (IP 1)

23 Mathematical Constraints 1 2 Direct Link Capacity Constraints : q ij ≥ 0 Honeypot Types Constraints : x i + y i ≥ 1 (IP 1.1) (IP 1.2) (IP 1.3) (IP 1.4)

24 Mathematical Constraints Budget Constraints : B nodelink ≥ 0 B general ≥ 0 B special ≥ 0 Constructing Topology Constraints : n i ≥ 0 w × e ≥ 0 g (q ij ) ≥ 0 (IP 1.5) (IP 1.6) (IP 1.7) (IP 1.8) (IP 1.9) (IP 1.10)

25 Mathematical Constraints Budget Constraints : B nodelink ≥ 0 B special ≥ 0 123 (IP 1.11) (IP 1.12) (IP 1.13) (IP 1.14) (IP 1.15)

26 Mathematical Constraints Budget Constraints : 1 (IP 1.16) (IP 1.17)

27 Mathematical Constraints Special defense resource cost constraints : 1 (IP 1.18) (IP 1.19) (IP 1.20) (IP 1.21) (IP 1.22) (IP 1.23) (IP 1.24)

28 Verbal Constraints QoS constraints: (IP 1.25) The performance reduction cause by compromised core nodes should not violate IP1.26. (IP 1.26) The performance reduction caused by link utilization should not violate IP1.26.(IP 1.27) The performance reduction caused by fake traffic should not violate IP1.26.(IP 1.28) The performance reduction caused by dynamic topology reconfiguration should not violate IP1.26. (IP 1.29) The performance reduction cause by local defense should not violate IP1.26.(IP 1.30) Legitimate users’ QoS satisfaction with the maximum number of hops from attacking initial point to core node should not violate IP1.26. (IP 1.31) W final should not lower than W threshold at the end of attack.(IP 1.32) The defender has to guarantee at least one core node is not compromised at any time. (IP 1.33)

29

30 Verbal Constraints QoS constraints: (IP 1.25) The performance reduction cause by compromised core nodes should not violate IP1.25. (IP 1.26) The performance reduction caused by link utilization should not violate IP1.25.(IP 1.27) The performance reduction caused by fake traffic should not violate IP1.25.(IP 1.28) The performance reduction caused by dynamic topology reconfiguration should not violate IP1.25. (IP 1.29) The performance reduction cause by local defense should not violate IP1.25.(IP 1.30) Legitimate users’ QoS satisfaction with the maximum number of hops from attacking initial point to core node should not violate IP1.25. (IP 1.31) W final should not lower than W threshold at the end of attack.(IP 1.32) The defender has to guarantee at least one core node is not compromised at any time. (IP 1.33)

31 Verbal Constraints Reconfiguration constraints: The reconfiguration initial point and the reconfigured node must be equipped with reconfiguration function. (IP 1.35) The reconfiguration initial point must be the neighbor of core node detected risky.(IP 1.36) The defense resource of reconfiguration initial point should be the minimum one among all neighbors of core node detected risky. (IP 1.37) The reconfigured node must be the neighbor of reconfiguration initial point.(IP 1.38) The reconfigured node must not be the neighbor of core node detected risky.(IP 1.39) The defense resource of the reconfigured node should be the maximum one among all neighbors of reconfiguration initial node. (IP 1.40) (IP 1.34)

32 Verbal Constraints Traffic adjustment constraints: The honeypot must be equipped with fake traffic generating function.(IP 1.42) The throughput of fake traffic delivered by one fake traffic generating honeypot should not greater than the maximum achievable throughput. (IP 1.43) (IP 1.41)

33 Verbal Constraints Local defense constraints: For each core node, when the attack event has been detected, the mechanism is activated. (IP 1.44) Only virtualized nodes and virtual machine monitors (VMMs) can activate this mechanism. (IP 1.45) The capacity of all the VMs’ links connect with the VMM will decrease certain ratio. (IP 1.46)

34 THANKS FOR YOUR ATTENTION

Download ppt "Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu."

Similar presentations

Ch. 12 Routing in Switched Networks

Ch. 12 Routing in Switched Networks
APNOMS2003Fujitsu Laboratories Ltd.1 A QoS Control Method Cooperating with a Dynamic Load Balancing Mechanism Akiko Okamura, Koji Nakamichi, Hitoshi Yamada.

APNOMS2003Fujitsu Laboratories Ltd.1 A QoS Control Method Cooperating with a Dynamic Load Balancing Mechanism Akiko Okamura, Koji Nakamichi, Hitoshi Yamada.
Ch. 12 Routing in Switched Networks. 12.1 Routing in Packet Switched Networks Routing Algorithm Requirements –Correctness –Simplicity –Robustness--the.

Ch. 12 Routing in Switched Networks Routing in Packet Switched Networks Routing Algorithm Requirements –Correctness –Simplicity –Robustness--the.
William Stallings Data and Computer Communications 7 th Edition Chapter 13 Congestion in Data Networks.

William Stallings Data and Computer Communications 7 th Edition Chapter 13 Congestion in Data Networks.
1 Traffic Engineering (TE). 2 Network Congestion Causes of congestion –Lack of network resources –Uneven distribution of traffic caused by current dynamic.

1 Traffic Engineering (TE). 2 Network Congestion Causes of congestion –Lack of network resources –Uneven distribution of traffic caused by current dynamic.
Optical Networks BM-UC Davis122 Part III Wide-Area (Wavelength-Routed) Optical Networks – 1.Virtual Topology Design 2.Wavelength Conversion 3.Control and.

Optical Networks BM-UC Davis122 Part III Wide-Area (Wavelength-Routed) Optical Networks – 1.Virtual Topology Design 2.Wavelength Conversion 3.Control and.
1 EL736 Communications Networks II: Design and Algorithms Class8: Networks with Shortest-Path Routing Yong Liu 10/31/2007.

1 EL736 Communications Networks II: Design and Algorithms Class8: Networks with Shortest-Path Routing Yong Liu 10/31/2007.
CPSC 601.43 Topics in Multimedia Networking A Mechanism for Equitable Bandwidth Allocation under QoS and Budget Constraints D. Sivakumar IBM Almaden Research.

CPSC Topics in Multimedia Networking A Mechanism for Equitable Bandwidth Allocation under QoS and Budget Constraints D. Sivakumar IBM Almaden Research.
SLA-aware Virtual Resource Management for Cloud Infrastructures

SLA-aware Virtual Resource Management for Cloud Infrastructures
Chapter 5 TCP/IP: Routing – Part 1 Dr. V.T. Raja Oregon State University.

Chapter 5 TCP/IP: Routing – Part 1 Dr. V.T. Raja Oregon State University.
MAXIMIZING SPECTRUM UTILIZATION OF COGNITIVE RADIO NETWORKS USING CHANNEL ALLOCATION AND POWER CONTROL Anh Tuan Hoang and Ying-Chang Liang Vehicular Technology.

MAXIMIZING SPECTRUM UTILIZATION OF COGNITIVE RADIO NETWORKS USING CHANNEL ALLOCATION AND POWER CONTROL Anh Tuan Hoang and Ying-Chang Liang Vehicular Technology.
Adviser: Frank,Yeong-Sung Lin Present by Limin Zheng Gunhak Lee, Alan T. Murray.

Adviser: Frank,Yeong-Sung Lin Present by Limin Zheng Gunhak Lee, Alan T. Murray.
Adaptive QoS Management for IEEE 802.11 Future Wireless ISPs 通訊所 693430028 鄭筱親 Wireless Networks 10, 413–421, 2004.

Adaptive QoS Management for IEEE Future Wireless ISPs 通訊所 鄭筱親 Wireless Networks 10, 413–421, 2004.
Network Aware Resource Allocation in Distributed Clouds.

Network Aware Resource Allocation in Distributed Clouds.
“Intra-Network Routing Scheme using Mobile Agents” by Ajay L. Thakur.

“Intra-Network Routing Scheme using Mobile Agents” by Ajay L. Thakur.
On QoS Guarantees with Reward Optimization for Servicing Multiple Priority Class in Wireless Networks YaoChing Peng Eunyoung Chang.

On QoS Guarantees with Reward Optimization for Servicing Multiple Priority Class in Wireless Networks YaoChing Peng Eunyoung Chang.
Source-End Defense System against DDoS attacks Fu-Yuan Lee, Shiuhpyng Shieh, Jui-Ting Shieh and Sheng Hsuan Wang Distributed System and Network Security.

Source-End Defense System against DDoS attacks Fu-Yuan Lee, Shiuhpyng Shieh, Jui-Ting Shieh and Sheng Hsuan Wang Distributed System and Network Security.
Introduction to Job Shop Scheduling Problem Qianjun Xu Oct. 30, 2001.

Introduction to Job Shop Scheduling Problem Qianjun Xu Oct. 30, 2001.
Improving Capacity and Flexibility of Wireless Mesh Networks by Interface Switching Yunxia Feng, Minglu Li and Min-You Wu Presented by: Yunxia Feng Dept.

Improving Capacity and Flexibility of Wireless Mesh Networks by Interface Switching Yunxia Feng, Minglu Li and Min-You Wu Presented by: Yunxia Feng Dept.
Research Direction Introduction Advisor: Professor Frank, Y.S. Lin Presented by Chi-Hsiang Chan 2011/10/111.

Research Direction Introduction Advisor: Professor Frank, Y.S. Lin Presented by Chi-Hsiang Chan 2011/10/111.

Similar presentations

Ads by Google