Presentation on theme: "Tanmoy Sarkar, Johnny Wong, Samik Basu Response to Collaborative Attacks Against Network Vulnerability Iowa State University, Department Of Computer Science."— Presentation transcript:
Tanmoy Sarkar, Johnny Wong, Samik Basu Response to Collaborative Attacks Against Network Vulnerability Iowa State University, Department Of Computer Science 11/19/2008
Motivation A large network usually has multiple hosts, diverse software packages and supports several modes of connectivity. Must take into account the exploitation in such a network. Current research on vulnerability analysis (Logical) Attack Graph Based. Model based Vulnerability Analysis.
Correlation Analysis Current research mainly focuses on sequential attacks, little attention was paid to coordinated attacks. It is often the case the effect of an action is modified concurrently by another action in a distributed environment. Correlation analysis is required to detect coordinated attack.
Broader Problem Scenario FirewallRouter Correlating Atomic Actions to Analyze Global Vulnerability RR Attacker Notations Global Attack Atomic Attack R Preemptive Response for Single Host
Preemptive Intrusion Response Host Based – System behavior is represented by set of all possible sequences observed. Extended Action Graph (EXACT) - Represents normal and anomalous behavioral patterns of a system. Currently deals with single host, monitoring system behavior in terms of system calls. Need to capture Network behavior Deploy in distributed environment
Example EXACT Generated by three sequences S1, S2, S3, S2 and S2, S4, S5, S1, S3, S6 and S1, S3, S6
Example Problem File1 File2 File3 Open File1 Open File2 Open File3 User 1: Legitimate User of File 2 User 2: Legitimate User of File 3 File Sharing System Create Symbolic Link File 1 pointing to File2 Create Symbolic Link File 1 pointing to File3
Our Approach S1 S2 S3 User1 creates Symbolic link File1 to File2 Symbolic Link created between File1 & File2 User1 opens File 1 User1 is able to access File 2 User 1 T1 T2 User2 creates Symbolic link File1 to File3 Symbolic Link created between File1 & File3 User 2
Tasks Task 1 Survey and investigate current intrusion response solutions (e.g. preemption based, tracing based, attack graph based) for attack planning and vulnerability analysis of a network of hosts. Study and evaluate how well the existing and new response solutions can be applied to the above distributed environment. Task 2 Design a new automated response solution for the distributed environments by extending preemptive response solution for a single host. The mechanism will provide to respond against global vulnerability due to sequential and concurrent atomic attacks in a network. Testing the response mechanism using simulation/prototype implementation in a distributed environment. Testing the response mechanism using simulation/prototype implementation in a distributed environment.
Publications Taxonomy of Intrusion Response Systems. International Journal of Information and Computer Security. Vol. 1. No. 1/2, pp , N. Stakhanova, S. Basu and J. Wong Specification Synthesis for Monitoring and Analysis of MANET Protocols. The International Symposium on Frontiers in Networking with Applications, FINA 2007 N. Stakhanova, S. Basu, W. Zhang, X.Wang and J.Wong A Cost-Sensitive Model for Preemptive Intrusion Response Systems. Nokia Best Student Paper Award The International Conference on Advanced Information Networking and Applications, AINA 2007 N. Stakhanova, S. Basu and J.Wong Automated caching of behavioral patterns for efficient run-time monitoring. IEEE International Symposium on Dependable, Autonomic and Secure Computing, DASC 2006 N. Stakhanova, S. Basu, R. Lutz and J.Wong