Presentation is loading. Please wait.

Presentation is loading. Please wait.

Texas A&M University Page 1 10/10/2014 5:19:49 PM Real-Time Traffic Modeling and its Application in Network Camouflaging W ei Zhao, Riccardo Bettati, Nitin.

Similar presentations


Presentation on theme: "Texas A&M University Page 1 10/10/2014 5:19:49 PM Real-Time Traffic Modeling and its Application in Network Camouflaging W ei Zhao, Riccardo Bettati, Nitin."— Presentation transcript:

1 Texas A&M University Page 1 10/10/2014 5:19:49 PM Real-Time Traffic Modeling and its Application in Network Camouflaging W ei Zhao, Riccardo Bettati, Nitin Vaidya Department of Computer Science Texas A&M University College Station, TX

2 Texas A&M University Page 2 10/10/2014 5:19:49 PM Outline 1. Project Overview 2. Real-Time Traffic Modeling 3. Design and Implementation of NetCamo 4. Camouflaging Other Network Entities 5. Summary

3 Texas A&M University Page 3 10/10/2014 5:19:49 PM 1. Project Overview Objectives Characteristics Major Results

4 Texas A&M University Page 4 10/10/2014 5:19:49 PM Project Objectives Development of countermeasures for generalized traffic analysis Development of countermeasures for denial of services

5 Texas A&M University Page 5 10/10/2014 5:19:49 PM Characteristics of our Work Based on real-time traffic modeling Countermeasures for generalized traffic analysis: Camouflaging the network activities while guaranteeing end-to-end delays Countermeasures for denial of services: Detecting DoS attacks in real-time Our solutions intended for wired and wireless networks Our solutions are upward and downward compatible

6 Texas A&M University Page 6 10/10/2014 5:19:49 PM Major Results Developed a prototype of NetCamo/M A middle-ware solution for dealing with traffic analysis + No change to current network architecture + Efficient Developed a prototype of NetCamo/N Using independent “mini routers” for camouflaging + No disturbance to application hosts + To be used by Navy HiPer-D 2000

7 Texas A&M University Page 7 10/10/2014 5:19:49 PM TeamTeam Faculty Members Wei Zhao, Riccardo Bettati, and Nitin Vaidya Previous Results Our bandwidth allocation method has been officially adopted by DoD SAFENET Two releases of NetEx tool kit: NetEx/Basic and NetEx/Adaptation Two best paper awards Two U.S. patents Support from DoD and industry: Nortel, Networks, Cisco, Myricom, Packet Engine, and XYLAN. The Team

8 Texas A&M University Page 8 10/10/2014 5:19:49 PM TeamTeam The Collaborators Government Navy Surface Warfare Center HiPer-D Project (Dave Marlow and Mike Masters) Navy SPAWAR Distributed real-time combat systems (Russell Johnston) West Point Camouflaging technology (Daniel Ragsdale)

9 Texas A&M University Page 9 10/10/2014 5:19:49 PM Industry Alcatel (Packet Engines and XYLAN) High speed routers (Kim Stearns and Dennis Majeski) Intrusion.Com Real-time intrusion and camouflaging devices (Joe Head) 3INet Real-time intrusion and camouflaging devices (Mike Wang) The Collaborators

10 Texas A&M University Page 10 10/10/2014 5:19:49 PM TAMU Internal Texas Transportation Institute ALERT Project (Cedric J. Sims) Texas Center for Applied Technology University XXI Project (James Wall) The Collaborators

11 Texas A&M University Page 11 10/10/2014 5:19:49 PM 2. Real-Time Traffic Modeling Motivations To gain information on payload traffic in order to predict the behavior of the applications and systems * Predict the worst-case delay * Provide profile information of payload - on-line verification - on-line masking

12 Texas A&M University Page 12 10/10/2014 5:19:49 PM Traffic Modeling 1. Peak rate method pessimistic; over-estimating delay 2. Average rate method optimistic; under-estimating delay 3. Timing history method impractical, too much information 4. Our method: the maximum rate function:  (I) can also be randomized to deal with statistical rate bounds

13 Texas A&M University Page 13 10/10/2014 5:19:49 PM Traffic Modeling Features of  (I): * It covers a wide range of applications * It is mathematically analyzable * It is enforceable * It is holographic

14 Texas A&M University Page 14 10/10/2014 5:19:49 PM  (I) is Mathematically Analyzable  (I)   (I) = ? F*(I) = Output between t and t + I < Input between t - d and t+I = F(I+d) =  (I+d) * (I+d)   (I) = F*(I)/I =  (I+d) * (I+d)/I

15 Texas A&M University Page 15 10/10/2014 5:19:49 PM  (I) is Enforceable   (I) = (  +  I)/I Leaky Bucket  Any traffic I Size of token bucket Line rate  F*(I)

16 Texas A&M University Page 16 10/10/2014 5:19:49 PM  (I) is Holographic   (I) can be approximated by any number of points. Assume that   (I 1 ) =   then  (I) is approximated by     + min(I 1, I -    I   Formula can be used recursively if more points are known.

17 Texas A&M University Page 17 10/10/2014 5:19:49 PM Traffic Modeling An experiment: A workstation (H 1 ) sends 16Mbit data per second.

18 Texas A&M University Page 18 10/10/2014 5:19:49 PM Traffic Modeling Peak Rate Average Rate Derived by our method Observed

19 Texas A&M University Page 19 10/10/2014 5:19:49 PM Applications of Real-Time Traffic Modeling * NetEx: Providing Delay-Guaranteed Communications A Quorum project Integrated with Honeywell RTARM system * Countermeasure for Traffic Analysis * Countermeasure for Denial Services

20 Texas A&M University Page 20 10/10/2014 5:19:49 PM Preventing Traffic Analysis by RTTM Traffic Analysis: Obtain the mission status by observing network traffic Our objectives: »Camouflaging the traffic density »Camouflaging the connectivity

21 Texas A&M University Page 21 10/10/2014 5:19:49 PM Countermeasure for Traffic Analysis Approaches »Network flooding »Traffic rerouting

22 Texas A&M University Page 22 10/10/2014 5:19:49 PM Network Flooding Flooding the network at right place and right time to make it appear to be constant rate network Challenge: How much? For link j,  i F i,j ( I ) + S j ( I ) =  I ? ? ?

23 Texas A&M University Page 23 10/10/2014 5:19:49 PM Traffic Rerouting Indirect delivery of packets Challenge: Can we still guarantee real-time delay bound? For for connection j,  i d i,,j, < D j

24 Texas A&M University Page 24 10/10/2014 5:19:49 PM ObjectivesObjectives Objectives Camouflage network activities Provide QoS-guaranteed communication services Be upward and downward compatible with existing operating systems, applications, and network technologies Be scalable and evolvable 3. Design and Implementation of NetCamo

25 Texas A&M University Page 25 10/10/2014 5:19:49 PM Traffic camouflaging: rerouting and traffic padding based on real-time traffic modeling theory. Real-time communication: providing delay guaranteed services to applications while having traffic camouflaged NetCamo/M: A middle-ware solution » No change to current network architecture » Efficient NetCamo/N: Using independent “routers” for camouflaging » No disturbance to application hosts » To be used by Navy HiPer-D 2000 NetCamo Approaches

26 Texas A&M University Page 26 10/10/2014 5:19:49 PM NetCamo/M Payload Host Payload Host Payload Host Payload Host Network Middle-Ware

27 Texas A&M University Page 27 10/10/2014 5:19:49 PM NetCamo/M Workflow Client Applications NetCamo Network Controller Client Applications NetCamo Host Controller Network NetCamo Host Controller

28 Texas A&M University Page 28 10/10/2014 5:19:49 PM NetCamo/M Architecture NetCamo Network Controller Host Agent Router Agent NetCamo Traffic Manager Router API API Host Manager Client Applications Traffic Controller H323H323 NetCamo Host Controller API API Host Manager Traffic Controller H323H323 NetCamo Host Controller Host Network Client Applications

29 Texas A&M University Page 29 10/10/2014 5:19:49 PM

30 Texas A&M University Page 30 10/10/2014 5:19:49 PM

31 Texas A&M University Page 31 10/10/2014 5:19:49 PM NetCamo/M Host Implementation

32 Texas A&M University Page 32 10/10/2014 5:19:49 PM NetCamo/M Host Traffic Controller

33 Texas A&M University Page 33 10/10/2014 5:19:49 PM NetCamo TestbedNetCamo Testbed NetCamo/M Testbed

34 Texas A&M University Page 34 10/10/2014 5:19:49 PM NetCamo/M Testbed

35 Texas A&M University Page 35 10/10/2014 5:19:49 PM NetCamo/M Results Station 1  Station 2: CBR 250 pps (200 Direct + 50 Re-route via Station 4) Station 1  Station 4: VBR 40pps (Direct) Station 4  Station 1: VBR 20pps (Direct) Station 4  Station 2: VBR 20pps (Direct)

36 Texas A&M University Page 36 10/10/2014 5:19:49 PM NetCamo/N Payload Host Payload Host Payload Host Payload Host Network Mini Router

37 Texas A&M University Page 37 10/10/2014 5:19:49 PM NetCamo Mini Router

38 Texas A&M University Page 38 10/10/2014 5:19:49 PM Use of NetCamo/N in HiPer-D 2000 Navy SD Base NSWC Mini Router

39 Texas A&M University Page 39 10/10/2014 5:19:49 PM NetCamo/N Testbed

40 Texas A&M University Page 40 10/10/2014 5:19:49 PM NetCamo/N Results Cover ModePayloadDummy

41 Texas A&M University Page 41 10/10/2014 5:19:49 PM 4. Camouflaging Other Entities Camouflaging the topology So that distributed denial of service attacks can be prevented or avoided Camouflaging servers No one can attack them anymore Camouflaging wireless networks Be power aware.

42 Texas A&M University Page 42 10/10/2014 5:19:49 PM Motivation Reducing the damage of organized and distributed DoS attacks Topology Camouflaging

43 Texas A&M University Page 43 10/10/2014 5:19:49 PM Topology Camouflaging Approaches Preventive Camouflaging Purposely let a group of routers misunderstand the topology Reactive Camouflaging Dynamically change routing strategy

44 Texas A&M University Page 44 10/10/2014 5:19:49 PM Topology Camouflaging: Challenges Consistency: An altered topology should still make sense Efficiency: Minimizing the network management effort to let an altered topology be perceived for a given effectiveness measure Effectiveness: Minimizing the potential damage of DoN attacks for a given attack power

45 Texas A&M University Page 45 10/10/2014 5:19:49 PM Topology Camouflaging: Realization Methods Preventive Camouflaging (PC) Change Internet Control Message Protocol at some routers Reactive Camouflaging (RC) Adaptively and autonomously adjust routing tables at some routers

46 Texas A&M University Page 46 10/10/2014 5:19:49 PM 5. Summary Cyber space camouflaging (CSC) is an important strategy to realize tolerant networks Traditional encryption is a special case of CSC: i.e., camouflaging the content of payload While some concepts can be borrowed from physical camouflaging techniques, much more challenges are ahead.

47 Texas A&M University Page 47 10/10/2014 5:19:49 PM Camouflaging, Concealment, and Decoy in Cyber Space Means Packet Conn. Traffic Server Topology Op Mode Hide Blend Encryption Flooding Disguising Anycasting Neutral mode Disrupting Re-routing RC Decoy PC Multiple cover modes


Download ppt "Texas A&M University Page 1 10/10/2014 5:19:49 PM Real-Time Traffic Modeling and its Application in Network Camouflaging W ei Zhao, Riccardo Bettati, Nitin."

Similar presentations


Ads by Google