Presentation on theme: "Texas A&M University Page 1 10/10/2014 5:19:49 PM Real-Time Traffic Modeling and its Application in Network Camouflaging W ei Zhao, Riccardo Bettati, Nitin."— Presentation transcript:
Texas A&M University Page 1 10/10/2014 5:19:49 PM Real-Time Traffic Modeling and its Application in Network Camouflaging W ei Zhao, Riccardo Bettati, Nitin Vaidya Department of Computer Science Texas A&M University College Station, TX
Texas A&M University Page 2 10/10/2014 5:19:49 PM Outline 1. Project Overview 2. Real-Time Traffic Modeling 3. Design and Implementation of NetCamo 4. Camouflaging Other Network Entities 5. Summary
Texas A&M University Page 3 10/10/2014 5:19:49 PM 1. Project Overview Objectives Characteristics Major Results
Texas A&M University Page 4 10/10/2014 5:19:49 PM Project Objectives Development of countermeasures for generalized traffic analysis Development of countermeasures for denial of services
Texas A&M University Page 5 10/10/2014 5:19:49 PM Characteristics of our Work Based on real-time traffic modeling Countermeasures for generalized traffic analysis: Camouflaging the network activities while guaranteeing end-to-end delays Countermeasures for denial of services: Detecting DoS attacks in real-time Our solutions intended for wired and wireless networks Our solutions are upward and downward compatible
Texas A&M University Page 6 10/10/2014 5:19:49 PM Major Results Developed a prototype of NetCamo/M A middle-ware solution for dealing with traffic analysis + No change to current network architecture + Efficient Developed a prototype of NetCamo/N Using independent “mini routers” for camouflaging + No disturbance to application hosts + To be used by Navy HiPer-D 2000
Texas A&M University Page 7 10/10/2014 5:19:49 PM TeamTeam Faculty Members Wei Zhao, Riccardo Bettati, and Nitin Vaidya Previous Results Our bandwidth allocation method has been officially adopted by DoD SAFENET Two releases of NetEx tool kit: NetEx/Basic and NetEx/Adaptation Two best paper awards Two U.S. patents Support from DoD and industry: Nortel, Networks, Cisco, Myricom, Packet Engine, and XYLAN. The Team
Texas A&M University Page 8 10/10/2014 5:19:49 PM TeamTeam The Collaborators Government Navy Surface Warfare Center HiPer-D Project (Dave Marlow and Mike Masters) Navy SPAWAR Distributed real-time combat systems (Russell Johnston) West Point Camouflaging technology (Daniel Ragsdale)
Texas A&M University Page 9 10/10/2014 5:19:49 PM Industry Alcatel (Packet Engines and XYLAN) High speed routers (Kim Stearns and Dennis Majeski) Intrusion.Com Real-time intrusion and camouflaging devices (Joe Head) 3INet Real-time intrusion and camouflaging devices (Mike Wang) The Collaborators
Texas A&M University Page 10 10/10/2014 5:19:49 PM TAMU Internal Texas Transportation Institute ALERT Project (Cedric J. Sims) Texas Center for Applied Technology University XXI Project (James Wall) The Collaborators
Texas A&M University Page 11 10/10/2014 5:19:49 PM 2. Real-Time Traffic Modeling Motivations To gain information on payload traffic in order to predict the behavior of the applications and systems * Predict the worst-case delay * Provide profile information of payload - on-line verification - on-line masking
Texas A&M University Page 12 10/10/2014 5:19:49 PM Traffic Modeling 1. Peak rate method pessimistic; over-estimating delay 2. Average rate method optimistic; under-estimating delay 3. Timing history method impractical, too much information 4. Our method: the maximum rate function: (I) can also be randomized to deal with statistical rate bounds
Texas A&M University Page 13 10/10/2014 5:19:49 PM Traffic Modeling Features of (I): * It covers a wide range of applications * It is mathematically analyzable * It is enforceable * It is holographic
Texas A&M University Page 14 10/10/2014 5:19:49 PM (I) is Mathematically Analyzable (I) (I) = ? F*(I) = Output between t and t + I < Input between t - d and t+I = F(I+d) = (I+d) * (I+d) (I) = F*(I)/I = (I+d) * (I+d)/I
Texas A&M University Page 15 10/10/2014 5:19:49 PM (I) is Enforceable (I) = ( + I)/I Leaky Bucket Any traffic I Size of token bucket Line rate F*(I)
Texas A&M University Page 16 10/10/2014 5:19:49 PM (I) is Holographic (I) can be approximated by any number of points. Assume that (I 1 ) = then (I) is approximated by + min(I 1, I - I Formula can be used recursively if more points are known.
Texas A&M University Page 17 10/10/2014 5:19:49 PM Traffic Modeling An experiment: A workstation (H 1 ) sends 16Mbit data per second.
Texas A&M University Page 18 10/10/2014 5:19:49 PM Traffic Modeling Peak Rate Average Rate Derived by our method Observed
Texas A&M University Page 19 10/10/2014 5:19:49 PM Applications of Real-Time Traffic Modeling * NetEx: Providing Delay-Guaranteed Communications A Quorum project Integrated with Honeywell RTARM system * Countermeasure for Traffic Analysis * Countermeasure for Denial Services
Texas A&M University Page 20 10/10/2014 5:19:49 PM Preventing Traffic Analysis by RTTM Traffic Analysis: Obtain the mission status by observing network traffic Our objectives: »Camouflaging the traffic density »Camouflaging the connectivity
Texas A&M University Page 21 10/10/2014 5:19:49 PM Countermeasure for Traffic Analysis Approaches »Network flooding »Traffic rerouting
Texas A&M University Page 22 10/10/2014 5:19:49 PM Network Flooding Flooding the network at right place and right time to make it appear to be constant rate network Challenge: How much? For link j, i F i,j ( I ) + S j ( I ) = I ? ? ?
Texas A&M University Page 23 10/10/2014 5:19:49 PM Traffic Rerouting Indirect delivery of packets Challenge: Can we still guarantee real-time delay bound? For for connection j, i d i,,j, < D j
Texas A&M University Page 24 10/10/2014 5:19:49 PM ObjectivesObjectives Objectives Camouflage network activities Provide QoS-guaranteed communication services Be upward and downward compatible with existing operating systems, applications, and network technologies Be scalable and evolvable 3. Design and Implementation of NetCamo
Texas A&M University Page 25 10/10/2014 5:19:49 PM Traffic camouflaging: rerouting and traffic padding based on real-time traffic modeling theory. Real-time communication: providing delay guaranteed services to applications while having traffic camouflaged NetCamo/M: A middle-ware solution » No change to current network architecture » Efficient NetCamo/N: Using independent “routers” for camouflaging » No disturbance to application hosts » To be used by Navy HiPer-D 2000 NetCamo Approaches
Texas A&M University Page 35 10/10/2014 5:19:49 PM NetCamo/M Results Station 1 Station 2: CBR 250 pps (200 Direct + 50 Re-route via Station 4) Station 1 Station 4: VBR 40pps (Direct) Station 4 Station 1: VBR 20pps (Direct) Station 4 Station 2: VBR 20pps (Direct)
Texas A&M University Page 41 10/10/2014 5:19:49 PM 4. Camouflaging Other Entities Camouflaging the topology So that distributed denial of service attacks can be prevented or avoided Camouflaging servers No one can attack them anymore Camouflaging wireless networks Be power aware.
Texas A&M University Page 42 10/10/2014 5:19:49 PM Motivation Reducing the damage of organized and distributed DoS attacks Topology Camouflaging
Texas A&M University Page 43 10/10/2014 5:19:49 PM Topology Camouflaging Approaches Preventive Camouflaging Purposely let a group of routers misunderstand the topology Reactive Camouflaging Dynamically change routing strategy
Texas A&M University Page 44 10/10/2014 5:19:49 PM Topology Camouflaging: Challenges Consistency: An altered topology should still make sense Efficiency: Minimizing the network management effort to let an altered topology be perceived for a given effectiveness measure Effectiveness: Minimizing the potential damage of DoN attacks for a given attack power
Texas A&M University Page 45 10/10/2014 5:19:49 PM Topology Camouflaging: Realization Methods Preventive Camouflaging (PC) Change Internet Control Message Protocol at some routers Reactive Camouflaging (RC) Adaptively and autonomously adjust routing tables at some routers
Texas A&M University Page 46 10/10/2014 5:19:49 PM 5. Summary Cyber space camouflaging (CSC) is an important strategy to realize tolerant networks Traditional encryption is a special case of CSC: i.e., camouflaging the content of payload While some concepts can be borrowed from physical camouflaging techniques, much more challenges are ahead.
Texas A&M University Page 47 10/10/2014 5:19:49 PM Camouflaging, Concealment, and Decoy in Cyber Space Means Packet Conn. Traffic Server Topology Op Mode Hide Blend Encryption Flooding Disguising Anycasting Neutral mode Disrupting Re-routing RC Decoy PC Multiple cover modes