Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cooperative Response Strategies for Large Scale Attack Mitigation D. Nojiri, J. Rowe, K. Levitt Univ of California Davis DARPA Info Survivability Conference.

Published byAmie Owens Modified over 9 years ago

Similar presentations

Presentation on theme: "Cooperative Response Strategies for Large Scale Attack Mitigation D. Nojiri, J. Rowe, K. Levitt Univ of California Davis DARPA Info Survivability Conference."— Presentation transcript:

1 Cooperative Response Strategies for Large Scale Attack Mitigation D. Nojiri, J. Rowe, K. Levitt Univ of California Davis DARPA Info Survivability Conference and Exposition 2003 Presented by Hao Cheng, 2006.01

2 Contribution Build a mathematical model for the cooperation defense model. Simulation results sound reasonable and confirm some meaningful understandings.

3 alerted Architecture Internet block P2P Cooperative Structure malicious friend protocol

4 Why Cooperation & P2P? Large-scale Internet worm attack attack- overwhelming, distributed local knowledge- useless hierarchical control- localized region

5 What Problems? Propagation of information- slow Security issues Responses- expensive False alarms -A formal study on automated mitigation control mechanism is necessary. -Mathematical model + Simulation

6 Assumption Direct cooperation- limited number of friend organizations Two States. if (detect/alerted suspicious attacks) –follow local policy –blocking and sharing info with its own set of friends. Rate of propagation R(mitigating response) > R(worm attacks)

7 Modeling Staniford’s Virus Propagation Model [2] # of hosts to be compromised in this time slot # of hosts already compromised ratio of vulnerable hosts which each infected host can attack

8 Cont Kephart’s Virus Infection Model [3] # of infested hosts which recovered during this time slot.

9 Mitigation Response # of friends which are not alerted. cumulative severity of messages sent to its friends. # of response members which are alerted. Cumulative severity of messages in the entire system

10 short comments: not all hosts are controlled in cooperation network. Infection Rate Attacks from Inside/Outside Local Infection Rate: Global Infection Rate: probability of remote attack probability of local attack

11 Numerical Solution Differential Equation, solve in numerical way.

12 Plots time step propagation rate Analysis: need to have enough number of cooperating members or friends.

13 Simulation base on Swarm simulation package. –http://www.swarm.org/wiki/Main_Pagehttp://www.swarm.org/wiki/Main_Page Biological science- population dynamics.

14 Experimental Settings Internet Topology – flat network. 5832 vulnerable hosts, 729 cooperating members (controlling 8 hosts). Responce device keeps an alert level and will become “alerted” if receiving enough alert messages. Alerted: block + informs friends.

15 Plots time step propagation ratevaried number of friends

16 Analysis Results Greater number of friends, Greater suppression of the worm, Shorter the time to recover, More false alarms. Higher severity threshold, Lower false alarms. Optimal friend lists.- graph theory problem, reduce the diameter of a directed graph with limited number of edges.

17 Weakness The mitigation response cost. Unclear in Presentation. Not very realistic in Math modeling. –already pointed during presentation. –A peer can go into alerted, not only by receiving the warning information. Modeling results not totally convincing. Security problem.

18 Improvement study pointed problems. Optimal friend list need to be considered more seriously.

19 Reference 1.D. Nojiri, J. Rowe, K. Levitt. Cooperative Response Strategies for Large Scale Attack Mitigation. DARPA Info Survivability Conference and Exposition, 2003. 2.Jeffrey O. Kephart, Steve R. White. Directed Graph Epidemiological Models of Computer Viruses. IEEE Computer Society Symposium on Research in Security and Privacy. 1991. 3.Stuart Staniford, V. Paxon, N. Weaver. How to Own the Internet in Your Spare Time. Usenix Security Symposium 2002. 4.http://www.swarm.org/wiki/Main_Page

20 Questions?

Download ppt "Cooperative Response Strategies for Large Scale Attack Mitigation D. Nojiri, J. Rowe, K. Levitt Univ of California Davis DARPA Info Survivability Conference."

Similar presentations

P4P: ISPs and P2P Laird Popkin, Pando Networks Doug Pasko, Verizon.

P4P: ISPs and P2P Laird Popkin, Pando Networks Doug Pasko, Verizon.
SP 5: Biologically Inspired Techniques for “Organic IT” Final Year Report Participants UniBO, UPF, Telenor, RAL Lead partner: Bologna (UniBO)

SP 5: Biologically Inspired Techniques for “Organic IT” Final Year Report Participants UniBO, UPF, Telenor, RAL Lead partner: Bologna (UniBO)
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks Mingyan Li, Iordanis Koutsopoulos, Radha Poovendran (InfoComm ’07) Presented.

Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks Mingyan Li, Iordanis Koutsopoulos, Radha Poovendran (InfoComm ’07) Presented.
Modeling Malware Spreading Dynamics Michele Garetto (Politecnico di Torino – Italy) Weibo Gong (University of Massachusetts – Amherst – MA) Don Towsley.

Modeling Malware Spreading Dynamics Michele Garetto (Politecnico di Torino – Italy) Weibo Gong (University of Massachusetts – Amherst – MA) Don Towsley.
Source-Location Privacy Protection in Wireless Sensor Network Presented by: Yufei Xu Xin Wu Da Teng.

Source-Location Privacy Protection in Wireless Sensor Network Presented by: Yufei Xu Xin Wu Da Teng.
Worm Origin Identification Using Random Moonwalks Yinglian Xie, V. Sekar, D. A. Maltz, M. K. Reiter, Hui Zhang 2005 IEEE Symposium on Security and Privacy.

Worm Origin Identification Using Random Moonwalks Yinglian Xie, V. Sekar, D. A. Maltz, M. K. Reiter, Hui Zhang 2005 IEEE Symposium on Security and Privacy.
Lapsy Garg. P2P Networks Gnutella Protocol Topological Scan Worms Passive Scan Worms Solutions.

Lapsy Garg. P2P Networks Gnutella Protocol Topological Scan Worms Passive Scan Worms Solutions.
A Game-theoretic Approach to the Design of Self-Protection and Self-Healing Mechanisms in Autonomic Computing Systems Birendra Mishra Anderson School of.

A Game-theoretic Approach to the Design of Self-Protection and Self-Healing Mechanisms in Autonomic Computing Systems Birendra Mishra Anderson School of.
MIDDLEWARE SYSTEMS RESEARCH GROUP A Taxonomy for Denial of Service Attacks in Content-based Publish/Subscribe Systems Alex Wun, Alex Cheung, Hans-Arno.

MIDDLEWARE SYSTEMS RESEARCH GROUP A Taxonomy for Denial of Service Attacks in Content-based Publish/Subscribe Systems Alex Wun, Alex Cheung, Hans-Arno.
 Well-publicized worms  Worm propagation curve  Scanning strategies (uniform, permutation, hitlist, subnet) 1.

 Well-publicized worms  Worm propagation curve  Scanning strategies (uniform, permutation, hitlist, subnet) 1.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
1 Epidemic Spreading in Real Networks: an Eigenvalue Viewpoint Yang Wang Deepayan Chakrabarti Chenxi Wang Christos Faloutsos.

1 Epidemic Spreading in Real Networks: an Eigenvalue Viewpoint Yang Wang Deepayan Chakrabarti Chenxi Wang Christos Faloutsos.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Research Problems in Information Assurance Talk for the second year DPS students Li-Chiou Chen Information Systems Seidenberg School of Computer Science.

Research Problems in Information Assurance Talk for the second year DPS students Li-Chiou Chen Information Systems Seidenberg School of Computer Science.
Worm Defenses Zach Lovelady and Nick Oliver cs239 – Network Security – Spr2003.

Worm Defenses Zach Lovelady and Nick Oliver cs239 – Network Security – Spr2003.
Building Low-Diameter P2P Networks Eli Upfal Department of Computer Science Brown University Joint work with Gopal Pandurangan and Prabhakar Raghavan.

Building Low-Diameter P2P Networks Eli Upfal Department of Computer Science Brown University Joint work with Gopal Pandurangan and Prabhakar Raghavan.
Virus Propagation Modeling Chenxi Wang, Christos Faloutsos Yang Wang, Deepayan Chakrabarti Carnegie Mellon University Center for Computer.

Virus Propagation Modeling Chenxi Wang, Christos Faloutsos Yang Wang, Deepayan Chakrabarti Carnegie Mellon University Center for Computer.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Analyzing Cooperative Containment Of Fast Scanning Worms Jayanthkumar Kannan Joint work with Lakshminarayanan Subramanian, Ion Stoica, Randy Katz.

Analyzing Cooperative Containment Of Fast Scanning Worms Jayanthkumar Kannan Joint work with Lakshminarayanan Subramanian, Ion Stoica, Randy Katz.

Similar presentations

Ads by Google