Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presenter: Jen-Hua Chi Advisor: Frank, Yeong-Sung Lin

Published byImogen Butler Modified over 9 years ago

Similar presentations

Presentation on theme: "Presenter: Jen-Hua Chi Advisor: Frank, Yeong-Sung Lin"— Presentation transcript:

1 Presenter: Jen-Hua Chi Advisor: Frank, Yeong-Sung Lin
Modeling and Security Analysis of Enterprise Network Using Attack-defense Stochastic Game Petri Nets Presenter: Jen-Hua Chi Advisor: Frank, Yeong-Sung Lin

2 Agenda Part I Introduction (Game Theory, Petri Net) Part II Model Part III Enterprise Network Part IV Analysis and Conclusion

3 Introduction Journal: Security and Communication Networks
Security Comm. Networks 2013 Impact Factor: 0.414 Author: Yuanzhuo Wang(王卓元)

4 Introduction Enterprise network
firewall, VPN, IDS/IPS, antivirus software, content monitoring prevent or to counteract attacks more effective

5 Introduction - ADSGN Stochastic Game Net Stochastic Petri Net ADSGN

6 Introduction - SGN Game Theory: Nash Equilibrium(NE) Limitations:
do not have enough modeling abilities to describe interaction relations existing modeling methods are nearly impossible to model the dynamic behaviors because of the complexity of state transitions the full state space can be extremely large

7 Introduction- SGN Stochastic Game Nets:
- use of the NE as part of the transition probabilities in SGN models - build player models => combine - backwards: attack and defense actions that are interrelated with one another

8 Introduction- Stochastic Petri Net
Mathematical modeling languages directed bipartite graph nodes: transitions and places  transitions : events that may occur places: conditions The directed arcs describe which places are pre- and/or post conditions for which transitions occur.

9 Introduction- Stochastic Petri Net
P is a set of states, called places. P = {P1,P2,P3,P4} T is a set of transitions. T = {T1,T2} M represents the number of tokens m0 ={1,0,2,1} Transition firing rates

10 Introduction - ADSGN According to the characteristics of the network attack and defense actions suitable to investigate the complex and dynamic game-related issues in network attack

11 Agenda Part I Introduction Part II Model Part III Enterprise Network Part IV Analysis and Conclusion

12 Definition - Stochastic Game Nets
Nine-tuple vector SGN: is the action set of player k

13 Definition1 - Stochastic Game Nets
Nine-tuple vector SGN:

14 Definition - Stochastic Game Nets
Nine-tuple vector SGN:

15 Definition - Stochastic Game Nets
Each token S is assigned a reward vector h(s) = (h1(s), h2(s),. . .,hn(s)),where hk(s) is the reward of player k in token s Transition firing rates: consists of removing tokens from a subset of places and adding them to another subset

16 Definition - Stochastic Game Nets
a strategy for player k is described as a vector

17 Definition2 - Stochastic Game Nets
(p denotes the initial state of player k) An n-players game Player k’s utility is defined as:

18 Definition3 - Stochastic Game Nets
NE is a vector such that

19 Definition3 - ADSGN Players: n => 2 administrator, attacker
exist some transitions ti such that ti is no action

20 Theorem 1 - ADSGN For an ADSGN, if the two sets P and T contain finite elements, then there exists an NE under the setting of mixed strategies. P : places describe the states of the system

21 Modeling and analysis Reward values R
represent the reward gained by the player when an action is completed

22 Construction First:) Players model => combine the models
combining the places p that denote the same meanings in SGN models of different players: - case1 - case2

23 Construction – case1 Inhibition type

24 Construction – case2 Termination type

25 Utilities of players each players objective is to maximize the expected return k = 1, 2 is the initial place of strategy is the discount index of place

26 Utilities of players player k chooses an action using the probability distribution at place In order to determine the optimal defense strategy, we must find the NE

27 Calculation of the Nash Equilibrium
Continuous ACO(CACO) For each place pi, the behavior is modeled as a matrix game Gi action sets of the attacker action sets of the administrator if an attack action is chosen in place pi , the intrusion is successful and undetected the system may transfer to another place pj where the game can continue

28 Calculation of the Nash equilibrium
U(pi) to denote the expected utility at place pi

29 Calculation of the Nash equilibrium

30 Calculation of the Nash equilibrium
objective function

31 Evaluation and analysis
divide the place set into four parts, namely MTFSB: mean time to first security breach MTTSB: mean time to security breach

32 Agenda Part I Introduction Part II Model Part III Enterprise Network Part IV Analysis and Conclusion

33 Enterprise network security process control structure

34 security process control structure
Scan the weak ports (attacker) IDS detects the attack (administrator) Administrator server orders the firewall and trap node(administrator) The attacker enters the trap node(attacker) The trap node returns the false information to the attacker (administrator) obtain the evidence of the attacker (administrator)

35 security process control structure
(7) cracks a common user’s user name and password (attacker) (8) The attacker gets the competence of root by handling the database (attacker) (9) The attacker installs the sniffer (attacker) (10) The administrator server orders the firewall and antivirus server to blockade the IP of the attacker and remove the sniffer (administrator)

36 security process control structure
we have two action sets

37 security process control structure
ADSGN model is based on the following three assumptions (1) the administrator does not know whether there is an attacker or not (2) the attacker may have several objectives and strategies that the defender does not know (3) not all of the attacker’s actions can be observe by the defender

38 ADSGN Model of Enterprise Network
在此model中有六個places {p(normal), p(web server with vulnerability), p(get general permission), p(get root permission), p(sniffer installing), p(information stolen)} = {p1, p2, p3, p4, p5, p6}

39 ADSGN Model of Enterprise Network
p2: web server with vulnerability P3: get general permission a1:Scanvulnerability ; a2:CrackPassword a3:Attackdatabase ; a7:empty d1: IDSscan ; d2: Cheatattacker ; d3:Getevidence d6: empty

40 ADSGN Model of Enterprise Network
p4: get root permission P5:sniffer installing a4: Enhance permission ;a5:Installsniffer a7:empty d1:IDSscan ; d4: Blockade IP d5:Removesniffer ; d6:empty

41 ADSGN Model of Enterprise Network
p6:information stolen a6:Installsniffer ; a7:empty d1:IDSscan; d4:BlockadeIP d5: Remove sniffer ; d6: empty

42 Model-attacker

43 Model - administrator

44 Model - combine

45 Agenda Part I Introduction Part II Model Part III Enterprise Network Part IV Analysis and Conclusion (MTTSB, MTTFB, attack rate)

46 Experimental Security Analysis

47 Experimental Security Analysis

48 Experimental Security Analysis

49 Experimental Security Analysis

50 Experimental Security Analysis

51 Conclusion Inherit the advantages of Petri nets and SGN
investigate key factors of the attack and defense models, trying to find the inherent rules and patterns

52 Thanks for your attention

Download ppt "Presenter: Jen-Hua Chi Advisor: Frank, Yeong-Sung Lin"

Similar presentations

Risk Models and Controlled Mitigation of IT Security R. Ann Miura-Ko Stanford University February 27, 2009.

Risk Models and Controlled Mitigation of IT Security R. Ann Miura-Ko Stanford University February 27, 2009.
Introduction to Game Theory

Introduction to Game Theory
Based on: Petri Nets and Industrial Applications: A Tutorial

Based on: Petri Nets and Industrial Applications: A Tutorial
EKONOMSKA ANALIZA PRAVA. Game Theory Outline of the lecture: I. What is game theory? II. Elements of a game III. Normal (matrix) and Extensive (tree)

EKONOMSKA ANALIZA PRAVA. Game Theory Outline of the lecture: I. What is game theory? II. Elements of a game III. Normal (matrix) and Extensive (tree)
Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/3/07 Defending simple series and parallel systems with imperfect false targets R. Peng, G. Levitin,

Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/3/07 Defending simple series and parallel systems with imperfect false targets R. Peng, G. Levitin,
Cryptography and Network Security Chapter 20 Intruders

Cryptography and Network Security Chapter 20 Intruders
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Rational Learning Leads to Nash Equilibrium Ehud Kalai and Ehud Lehrer Econometrica, Vol. 61 No. 5 (Sep 1993), 1019-1045 Presented by Vincent Mak

Rational Learning Leads to Nash Equilibrium Ehud Kalai and Ehud Lehrer Econometrica, Vol. 61 No. 5 (Sep 1993), Presented by Vincent Mak
QR 38, 2/13/07 Rationality and Expected Utility I. Rationality II. Expected utility III. Sets and probabilities.

QR 38, 2/13/07 Rationality and Expected Utility I. Rationality II. Expected utility III. Sets and probabilities.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Selfish Caching in Distributed Systems: A Game-Theoretic Analysis By Byung-Gon Chun et al. UC Berkeley PODC’04.

Selfish Caching in Distributed Systems: A Game-Theoretic Analysis By Byung-Gon Chun et al. UC Berkeley PODC’04.
Design of an Intrusion Response System using Evolutionary Computation Rohit Parti.

Design of an Intrusion Response System using Evolutionary Computation Rohit Parti.
Game Strategies in Network Security Kong-wei Lye and Jeannette M. Wing Carnegie Mellon University Pittsburgh, Pennsylvania, U.S.A.

Game Strategies in Network Security Kong-wei Lye and Jeannette M. Wing Carnegie Mellon University Pittsburgh, Pennsylvania, U.S.A.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Budhaditya Pyne BEE-IV Roll No: 000910801081 Jadavpur University.

Budhaditya Pyne BEE-IV Roll No: Jadavpur University.
1. Introduction Generally Intrusion Detection Systems (IDSs), as special-purpose devices to detect network anomalies and attacks, are using two approaches.

1. Introduction Generally Intrusion Detection Systems (IDSs), as special-purpose devices to detect network anomalies and attacks, are using two approaches.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
APA of Isfahan University of Technology In the name of God.

APA of Isfahan University of Technology In the name of God.
Chapter 2: The Research Enterprise in Psychology

Chapter 2: The Research Enterprise in Psychology
Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.

Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.

Similar presentations

Ads by Google