Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented by Yu-Shun Wang Advisor: Frank, Yeong-Sung Lin Near Optimal Defense Strategies to Minimize Attackers’ Success Probabilities for networks of Honeypots.

Published byBethanie Walters Modified over 8 years ago

Similar presentations

Presentation on theme: "Presented by Yu-Shun Wang Advisor: Frank, Yeong-Sung Lin Near Optimal Defense Strategies to Minimize Attackers’ Success Probabilities for networks of Honeypots."— Presentation transcript:

1 Presented by Yu-Shun Wang Advisor: Frank, Yeong-Sung Lin Near Optimal Defense Strategies to Minimize Attackers’ Success Probabilities for networks of Honeypots

2 Agenda Introduction Solution Approach Evaluation Process Policy enhancement Initial parameter configuration Experiment on M Summary 2016/3/11 2 OP Lab @ IM, NTU

3 Agenda Introduction Solution Approach Evaluation Process Policy enhancement Initial parameter configuration Experiment on M Summary 2016/3/11 3 OP Lab @ IM, NTU

4 Introduction In order to make attack and defense behavior close to the real world, we add some new perspectives in this work. For instance, due to the advent of new technology, defenders have different kind of solutions to deal with malicious attackers. Therefore, in this work, we not only consider general defense resource but also another kind of defensive technology, honeypot, as a deceptive tool to distract attackers. 2016/3/11 4 OP Lab @ IM, NTU

5 Introduction For defense resource, we have two different types: honeypot, and non-honeypot. Honeypot The main objective of this kind of defense resource is to cheat attackers. Once attackers compromise these systems, they wasted their finite budget. Learning attack tactic and wasting attack resource False target Non-honeypot This kind of defense resource is allocated to nodes in the network. The purpose of this resource is to increase defense capability on nodes. 2016/3/11 OP Lab @ IM, NTU 5

6 Introduction For attackers, we also made a classification. The classifying criteria are : Budget level High, medium, and low Capability High, medium, and low Next hop selecting criteria Highest link utilization Lowest link utilization Lowest defense level Random attack 2016/3/11 OP Lab @ IM, NTU 6

7 Agenda Introduction Solution Approach Evaluation Process Policy enhancement Initial parameter configuration Experiment on M Summary 2016/3/11 7 OP Lab @ IM, NTU

8 Solution Approach Evaluation Process Since our scenario and environment are very dynamic, it is hard to solve the problem purely by mathematical programming. For each attacker category, although attackers in it belong to the same type, there is still some randomness between each other. This is caused by honeypots. if an attacker compromises a false target honeypot, there is a probability that he will believe the core node is compromised and terminate this attack. Therefore, we can never guarantee the result of an attack is successful or failed until at the end of the evaluation. 2016/3/11 8 OP Lab @ IM, NTU

9 Solution Approach Evaluation Process Initial state Run evaluation with the 36 kinds of different attackers for M times and get the core node compromise frequency. Let the frequency divided by M to gather average core node compromised probability. Adjust defense parameters by policy enhancement Run another evaluation M times using adjusted defense parameters and get the corresponding probability N times Compare result with the initial one No Yes 2016/3/11 9 OP Lab @ IM, NTU

10 Solution Approach Evaluation Process Parameter generation M (Total evaluation frequency for one round) First, we make an initial value, for example, 10 million. Then, we let 10 thousands as a chunk to summary the result and draw a diagram depicting the relationship between compromised frequency and number of chunks. If the diagram shows a converging trend, it implies the value of M is an ideal one. N (Total rounds for policy enhancement) We set this value by resource constrained approach. 2016/3/11 10 OP Lab @ IM, NTU

11 Agenda Introduction Solution Approach Evaluation Process Policy enhancement Initial parameter configuration Experiment on M Summary 2016/3/11 11 OP Lab @ IM, NTU

12 Solution Approach Policy enhancement The main concept of Policy enhancement can be summarized into the following parts. Popularity Based Strategy This strategy is focuses on those nodes are frequently attacked. Therefore, we let the total cost attackers spent on each node as the metric in the Policy enhancement. Derivative This concept is using to measure the marginal effectiveness of each defense resource allocation. 2016/3/11 12 OP Lab @ IM, NTU

13 Solution Approach Policy enhancement By the attack cost spent on each node, we chose first three of the highest (and lowest) nodes as two groups. Is it a honeypot Calculate derivative of defense resource with one virtual positive unit resource Calculate derivative of defense resource and link utilization with one virtual positive unit resource Calculate derivative of defense resource and link utilization with one virtual negative unit resource Calculate derivative of defense resource with one virtual negative unit resource Select the highest derivative from the two groups respectively and remove one unit resource from the lowest group to the highest group Yes No Highest group Lowest group 2016/3/11 13 OP Lab @ IM, NTU

14 Solution Approach The relationship between evaluation process and policy enhancement. By the attack cost spent on each node, we chose first three of the highest (and lowest) nodes as two groups. Is it a honeypot Calculate derivative of defense resource with one virtual positive unit resource Calculate derivative of defense resource and link utilization with one virtual positive unit resource Calculate derivative of defense resource and link utilization with one virtual negative unit resource Calculate derivative of defense resource with one virtual negative unit resource Select the highest derivative from the two groups respectively and remove one unit resource from the lowest group to the highest group Yes No Highest group Lowest group Initial state Run evaluation with the 36 kinds of different attackers for M times and get the core node compromise frequency. Let the frequency divided by M to gather average core node compromised probability. Adjust defense parameters by improving procedure Run another evaluation M times using adjusted defense parameters and get the corresponding probability N times Compare result with the initial one No Yes 2016/3/11 14 OP Lab @ IM, NTU

15 Agenda Introduction Solution Approach Evaluation Process Policy enhancement Initial parameter configuration Experiment on M Summary 2016/3/11 15 OP Lab @ IM, NTU

16 Initial parameter configuration Defender Defense resource allocation We allocate resource according to two major metrics: Hop count to the core node oThe larger hop count the lower defense level is Number of out links of each node oThe higher number of out links the higher defense level is. Honeypot link utilization Initial value is set to be 0.5. 2016/3/11 OP Lab @ IM, NTU 16 t F W W S F

17 Initial parameter configuration Attacker Budget level Multiple of Minimum attack cost Low level: 1~3 times of minimum attack cost Medium level: 3~5 times of minimum attack cost High level: over 5 times Capability High level: 30% deceived probability Medium level: 50% deceived probability High level: 70% deceived probability 2016/3/11 OP Lab @ IM, NTU 17

18 Agenda Introduction Solution Approach Evaluation Process Policy enhancement Initial parameter configuration Experiment on M Summary 2016/3/11 18 OP Lab @ IM, NTU

19 Experiment on M We run different number of chunks to discover which one is an ideal value for M. 10 chunks 100 chunks 1,000 chunks 10,000 chunks Each chunk represents result of 10 thousand times evaluation, i.e., attacking. 2016/3/11 OP Lab @ IM, NTU 19

20 Experiment on M Result of 10 chunks 2016/3/11 OP Lab @ IM, NTU 20 chunkNo.ComFreq. 13261 23481 32832 43446 53242 62855 73316 83660 93309 103015

21 Experiment on M Result of 100 chunks 2016/3/11 OP Lab @ IM, NTU 21 chunkNo.ComFreq. 12828 22818 33539 43203 53360 63393 73189 83083 93182 102799 113125 123090 132568 143494 153059 ‧‧ ‧‧

22 Experiment on M Result of 1,000 chunks 2016/3/11 OP Lab @ IM, NTU 22

23 Experiment on M Result of 10,000 chunks 2016/3/11 OP Lab @ IM, NTU 23

24 Agenda Introduction Solution Approach Evaluation Process Policy enhancement Initial parameter configuration Experiment on M Summary 2016/3/11 24 OP Lab @ IM, NTU

25 Summary According to the experiment result, we can discover the core node compromised frequency in 10 thousand (one chunk) attacks is only 3~4 thousand times. Many attackers with high budget level is deceived by honeypots. 2016/3/11 OP Lab @ IM, NTU 25

26 2016/3/11 26 OP Lab @ IM, NTU

27 Experiment data Information of attacker 3 is as follows: Budget level is: 415.092896 Capability is 0.500000 Next hop selecting criteria is 4 Round time is: 14 compromising path is: Path: 10 7 4 2 5 8 6 0 0 0 Information of attacker 30 is as follows: Budget level is: 364.396271 Capability is 0.500000 Next hop selecting criteria is 3 Round time is: 58 compromising path is: Path: 10 9 6 0 0 0 0 0 0 0 2016/3/11 OP Lab @ IM, NTU 27 Information of attacker 6 is as follows: Budget level is: 316.021667 Capability is 0.700000(High level) Next hop selecting criteria is 3 Round time is: 7 compromising path is: Path: 10 9 6 0 0 0 0 0 0 0 Information of attacker 18 is as follows: Budget level is: 286.996918 Capability is 0.300000(Low level) Next hop selecting criteria is 3 Round time is: 8 compromising path is: Path: 10 9 6 8 5 7 4 2 3 1 Total defense budget is set to be 100

Download ppt "Presented by Yu-Shun Wang Advisor: Frank, Yeong-Sung Lin Near Optimal Defense Strategies to Minimize Attackers’ Success Probabilities for networks of Honeypots."

Similar presentations

Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu.

Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu.
Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/10/25 1 Research Direction Introduction.

Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/10/25 1 Research Direction Introduction.
Planning under Uncertainty

Planning under Uncertainty
Content Based Image Clustering and Image Retrieval Using Multiple Instance Learning Using Multiple Instance Learning Xin Chen Advisor: Chengcui Zhang Department.

Content Based Image Clustering and Image Retrieval Using Multiple Instance Learning Using Multiple Instance Learning Xin Chen Advisor: Chengcui Zhang Department.
Date:2011/06/08 吳昕澧 BOA: The Bayesian Optimization Algorithm.

Date:2011/06/08 吳昕澧 BOA: The Bayesian Optimization Algorithm.
A Trust Based Assess Control Framework for P2P File-Sharing System Speaker : Jia-Hui Huang Adviser : Kai-Wei Ke Date : 2004 / 3 / 15.

A Trust Based Assess Control Framework for P2P File-Sharing System Speaker : Jia-Hui Huang Adviser : Kai-Wei Ke Date : 2004 / 3 / 15.
Chapter 18 Testing Conventional Applications

Chapter 18 Testing Conventional Applications
CS401 presentation1 Effective Replica Allocation in Ad Hoc Networks for Improving Data Accessibility Takahiro Hara Presented by Mingsheng Peng (Proc. IEEE.

CS401 presentation1 Effective Replica Allocation in Ad Hoc Networks for Improving Data Accessibility Takahiro Hara Presented by Mingsheng Peng (Proc. IEEE.
Developing Analytical Framework to Measure Robustness of Peer-to-Peer Networks Niloy Ganguly.

Developing Analytical Framework to Measure Robustness of Peer-to-Peer Networks Niloy Ganguly.
Trust-based Multi-Objective Optimization for Node-to-Task Assignment in Coalition Networks 1 Jin-Hee Cho, Ing-Ray Chen, Yating Wang, and Kevin S. Chan.

Trust-based Multi-Objective Optimization for Node-to-Task Assignment in Coalition Networks 1 Jin-Hee Cho, Ing-Ray Chen, Yating Wang, and Kevin S. Chan.
1 11 Subcarrier Allocation and Bit Loading Algorithms for OFDMA-Based Wireless Networks Gautam Kulkarni, Sachin Adlakha, Mani Srivastava UCLA IEEE Transactions.

1 11 Subcarrier Allocation and Bit Loading Algorithms for OFDMA-Based Wireless Networks Gautam Kulkarni, Sachin Adlakha, Mani Srivastava UCLA IEEE Transactions.
Source-End Defense System against DDoS attacks Fu-Yuan Lee, Shiuhpyng Shieh, Jui-Ting Shieh and Sheng Hsuan Wang Distributed System and Network Security.

Source-End Defense System against DDoS attacks Fu-Yuan Lee, Shiuhpyng Shieh, Jui-Ting Shieh and Sheng Hsuan Wang Distributed System and Network Security.
Introduction to Job Shop Scheduling Problem Qianjun Xu Oct. 30, 2001.

Introduction to Job Shop Scheduling Problem Qianjun Xu Oct. 30, 2001.
Agenda Introduction Overview of White-box testing Basis path testing

Agenda Introduction Overview of White-box testing Basis path testing
Maximization of Network Survivability against Intelligent and Malicious Attacks (Cont’d) Presented by Erion Lin.

Maximization of Network Survivability against Intelligent and Malicious Attacks (Cont’d) Presented by Erion Lin.
A Graph-based Friend Recommendation System Using Genetic Algorithm

A Graph-based Friend Recommendation System Using Genetic Algorithm
Energy Efficient Phone-to-Phone Communication Based on WiFi Hotspots in PSN En Wang 1,2, Yongjian Yang 1, and Jie Wu 2 1 Dept. of Computer Science and.

Energy Efficient Phone-to-Phone Communication Based on WiFi Hotspots in PSN En Wang 1,2, Yongjian Yang 1, and Jie Wu 2 1 Dept. of Computer Science and.
Protection vs. false targets in series systems Reliability Engineering and System Safety(2009) Kjell Hausken, Gregory Levitin Advisor: Frank,Yeong-Sung.

Protection vs. false targets in series systems Reliability Engineering and System Safety(2009) Kjell Hausken, Gregory Levitin Advisor: Frank,Yeong-Sung.
ERCOT Planning WMS 10/20/2010 Target Reserve Margin and Effective Load Carrying Capability of Installed Wind Capacity for the ERCOT System – Methodology.

ERCOT Planning WMS 10/20/2010 Target Reserve Margin and Effective Load Carrying Capability of Installed Wind Capacity for the ERCOT System – Methodology.
Expert Systems with Applications 34 (2008) 459–468 Multi-level fuzzy mining with multiple minimum supports Yeong-Chyi Lee, Tzung-Pei Hong, Tien-Chin Wang.

Expert Systems with Applications 34 (2008) 459–468 Multi-level fuzzy mining with multiple minimum supports Yeong-Chyi Lee, Tzung-Pei Hong, Tien-Chin Wang.

Similar presentations

Ads by Google