Presentation on theme: "Professor Ruslan Smelianskiy 4. How can levels of Cyber Conflict and Cooperation be measured and compared across technical changes?"— Presentation transcript:
professor Ruslan Smelianskiy 4. How can levels of Cyber Conflict and Cooperation be measured and compared across technical changes?
professor Ruslan Smelianskiy On Information Security, Karl Popper and a peasant Information Security: What Are We Dealing With?
professor Ruslan Smelianskiy Outline Information Security - is it a science or is it an art? If it is a science, is it a natural one or is it a social science? If it is not an art, then even if it is engineering or applied science then should it be treated as a science? What does it mean to be treated as a science? What is the state of the art in Information security as some sort of the science? What we have to do to treat the Information security as a science? What lessons from this?
professor Ruslan Smelianskiy Basic classification Art is the product or process of deliberately arranging items (often with symbolic significance) in a way that influences and affects one or more of the senses, emotions, and intellect. Science (from the Latin scientia, meaning "knowledge") is an enterprise that builds and organizes knowledge in the form of testable explanations and testable predictions about the world.
professor Ruslan Smelianskiy Basic classification
professor Ruslan Smelianskiy Scientific method Observation is quantitative or qualitative descriptions/measurement of facts and phenomenon. The abstractions have to be used in such sort descriptions. Analysis of observations is systematic differentiation of significant ones against minor ones. Synthesis is generalization of analysis results as theory or hypothesis. Prediction is consequences deriving from a proposed theory or hypothesis by deduction, induction or by some other logical methods. Falsifying the predictions by experiment. All data and the results should be treated critically on every level of consideration.
professor Ruslan Smelianskiy Certainty vs Science The science differs from other kind of knowledge making activities (certainty) is necessity to prove, to justify every theoretical consequence by experimental, empirical data. Karl Popper writes that scientific knowledge "consists in the search for truth", but it "is not the search for certainty... Popper proposed falsifiability (the ability of theories to come in conflict with observation) as the landmark of empirical theories, and falsification (the search for observations that conflict with the theory) as the empirical method to replace verifiability and induction by purely deductive notions. Belief in the omnipotence of science and the certainty about the continuity of the process of accumulation of scientific knowledge, the unknown remains so only temporarily, is a continuous stimulus to productive activity constantly updated scientific society. (F.Karpa)
professor Ruslan Smelianskiy Information Security – Art or Science? IS = Social Science + IT (Computer Science) –Art ( K.Mitnik The Art of Deception) Information Security in that part of it which relate to the Computer and Network Security This area of knowledge includes more than 40 years of development (Multix project, F.Corbato, MIT 1963) Security Kernel 70 Develop Criteria And Make Available Commercial Evaluations 80 TCB for System Composition Formal Model for Access Polices 90 Internet Explosion
professor Ruslan Smelianskiy Some statistics on Attack and Malware datasets Dataset nameNumber of citations Year of initial publication Average citations per year KDD Cup 99 dataset2,8501999237 Vx heavens9,5301999794 Anubis115200728 CWSandbox243200648 Wepawet2520088 Datasets citation rates according to Google Scholar
professor Ruslan Smelianskiy Monitoring with Intrusion Detection Systems State of the art in network security monitoring –Over 200 research projects in intrusion detection since 1980 –Major hardware vendors have IDS solutions – Cisco, IBM, Intel, etc Over 30 specialized vendors like SourceFire, Arbor, Narus, etc. –http://www-rnks.informatik.tu-cottbus.de/en/node/209http://www-rnks.informatik.tu-cottbus.de/en/node/209 No common methods for IDS evaluation and comparison –Commercial testing available like NSS Labs: http://www.nsslabs.com/research/network-security/network-ips/ http://www.nsslabs.com/research/network-security/network-ips/
professor Ruslan Smelianskiy Monitoring standardization No currently available standarts –NIST recommendations on intrusion detection give too general answers to those questions - where IDS should be placed? How do we choose appropriate type of IDS according to our needs? How do we tune it to gain optimal efficiency? http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf How can we trust the results of monitoring network security with such tools in the situation like we have now? Two elephants
professor Ruslan Smelianskiy Moores law vs Gilders law
professor Ruslan Smelianskiy Global Infrastructure Impact Regional Networks Multiple Networks Individual Networks Individual Computer Target and Scope of Damage 1st Gen Boot viruses Weeks 2nd Gen Macro viruses Email DoS Limited hacking Days 3rd Gen Network DoS Blended threat (worm + virus+ trojan) Turbo worms Widespread system hacking Minutes Next Gen Infrastructure hacking Flash threats Massive worm driven DDoS Damaging payload worms Seconds 1980s1990sTodayFuture
professor Ruslan Smelianskiy Sophistication of hacker tools 19901980 Low 2000 Packet forging/ spoofing Password guessing Self-replicating code Password cracking Back doors Hijacking sessions Scanners Sniffers Stealth diagnostics High Exploiting known vulnerabilities Disabling audits
professor Ruslan Smelianskiy Resume It seems reasonable for information security community and national governments to support developing open and public collections of up-to-date malware along with results of its preliminary analysis. And what seems to be most important – it is necessary to recover the practice of publishing raw experimental data, on which the research results rely. The overall experience of the information security field and other natural sciences demonstrates that publicity of this kind always greatly encourage both quality and quantity of research projects.
professor Ruslan Smelianskiy A parable Once there was a peasant, who had a horse that was considered a rich man in his village. He was envied. But when his horse went into the forest and never came back, his neighbours ceased to be jealous of him, and some even felt sorry for him. When his horse returned and brought with it one more horse, some again became jealous of him. And then his son fell from the horse and broke his leg. Many have ceased to envy him. But here's the war began, all the young guys drafted into the army and were killed in the war, and his lame son was not taken, and some again became jealous of him. Only the peasant never grieved, and never was joyous about that. He could not do it because he could not foresee the future and did not see any good in sadness and joy.
professor Ruslan Smelianskiy Conclusion In our reality, the lack of pictures of the future can lead to irreversible consequences.