Presentation is loading. Please wait.

Presentation is loading. Please wait.

Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu.

Published byBasil Webb Modified over 8 years ago

Similar presentations

Presentation on theme: "Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu."— Presentation transcript:

1 Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu

2 Agenda Problem Description Attack Decision Mathematical Formulation

3 Agenda Problem Description Attack Decision Mathematical Formulation

4 Problem Description Collaborative Attack Special Defense Resources “Fake Traffic”, “False Target” or “Dual Function” Honeypots Virtualization Dynamic Topology Reconfiguration To minimize maximized service compromised probability by adjusting the defense parameters of planning and defending phase.

5 Agenda Problem Description Attack Decision Mathematical Formulation

6 Attacker Objectives Attacker Objective Service Disruption Steal Confidential Information

7 3 45 Attacker Group Attack Attack events 3 attack events 1 attack Commander & Attacker Commander Attackers L M O

8 Attacker Attributes Budget Capability Initial Location External Attackers Malicious Insides Risk Preference Risk Avoidance – compromise Risk Tolerance – pretend to attack

9 Selection Criteria High Defense Resource core node, confidential information Low Defense Resource easily to be compromised High Traffic might have connection with core node might have connection with more nodes Fred Cohen, “Managing Network Security: Attack and Defense Strategies,” Network Security, Volume 1999, Issue 7, pp. 7–11, July 1999.

10 6 xy 4 x 3 x 2 y A9 8534 A C D E F G H I J K L M N O 9 9 5 7 9 B

11 6 4 x 3 x 2 y A9 8534 A C D E F G H I J K L M N O 9 9 5 7 9 B

12 6 4 x 3 x 2 y A9 8534 A C D E F G H I J K L M N O 9 9 5 7 9 B

13 Period in attack Early StageLate Stage Low Defense Resource High Traffic Low Defense High Defense No. of attacker for each attack event Choose ideal attacker(s) for each attack event Budget No. of attack event Capability Risk Preference

14 3 x 3 9 A 9 Core Node with Local Defense Defense ResourceMalicious Insider 3 xy 3 y Honeypot X:False Target Y:Fake Traffic Compromised Scenario

15 6 xy 4 x 3 x 2 y A9 8534 A C D E F G H I J K L M N O 9 9 5 7 9 B

16 6 4 x 3 x 2 y A9 8534 A C D E F G H I J K L M N O 9 9 5 7 9 B

17 6 4 x 3 x 2 y A9 8534 A C D E F G H I J K L M N O 9 9+2 5 7 B

18 6 xy 4 x 3 x 2 y A9 8534 A C D E F G H I J K L M N O 9 9+2 5 7 B

19 6 xy 4 x 3 x 2 y A9 8534 A C D E F G H I J K L M N O 9 9+2 5 7 B

20 6 xy 4 x 3 x 2 y A9 8534 A C D E F G H I J K L M N O 9 9+2 5 7 B

21 6 xy 4 x 3 x 2 y A9 8534 A C D E F G H I J K L M N O 9 9+2 5 7 B

22 6 xy 4 x 3 x 2 y A7 8534 A C E D F G H I J K L M N O 9 9+2 5 9 B

23 6 xy 4 x 3 x 2 y A7 8534 A C E D F G H I J K L M N O 9 9+2 5 9 B

24 6 xy 4 x 3 x 2 y A7 8534 A C E D F G H I J K L M N O 9 9+2 5 9 B

25 6 xy 4 x 3 x 2 y A7 8534 A C E D F G H I J K L M N O 9 9+2 5 9 B

26 6 xy 4 x 3 x 2 y A7 8534 A C E D F G H I J K L M N O 9 9+2 5 9 B

27 Agenda Problem Description Attack Decision Mathematical Formulation

28 Assumptions 1.The defender has complete information about the network, for example, topology, defense resource allocation, node attribute. 2.Both commanders and attackers have incomplete information about the network. 3.There are multiple core nodes providing a service in the network. 4.Each service has different weight determined by the defender. 5.One virtual machine only provides one service. 6.Only malicious nodal attacks are considered. 7.Evaluate whether the attack is success or not is determined by the Contest Success Function (CSF).

29 Assumptions 8.There are many attack events in an attack. 9.Each attack group launches one attack. 10.Every attacker subordinates in only one attack group. 11.The fake traffic honeypot must be equipped with fake traffic generating function. 12.The throughput of fake traffic delivered by one fake traffic generating honeypot should not greater than the maximum achievable throughput. 13.The reconfiguration initial point and the reconfigured node must be equipped with reconfiguration function. 14.Only virtualized nodes and virtual machine monitors (VMMs) can activate local defense mechanism.

30 Mathematical Formulation Objective To minimize maximized service compromised probability Given Total Defense Budget Each Cost of Constructing a Defense Mechanism Virtualization Cost Service Priority To be determined Attack and Defense Configurations Budget Spent on Constructing Node or Link General and Special Defense Resource

31 Given Parameters NotationDescription NThe index set of all nodes CThe index set of all core nodes LThe index set of all links SThe index set of all types of services MThe index set of all level of virtual machine monitors (VMMs) HThe index set of all types of honeypots PThe index set of candidate nodes equipped with false target function Q The index set of candidate nodes equipped with fake traffic generating function R The index set of candidate nodes equipped with false target and fake traffic generating function

32 Given Parameters NotationDescription BThe defender’s total budget wThe cost of constructing one intermediate node oThe cost of constructing one core node pThe cost of each virtual machine (VM) rThe cost of constructing a reconfiguration function to one node

33 Given Parameters NotationDescription k The maximum number of virtual machines on VMM level l, where k ∈ M αiαi The weight of i th service, where i ∈ S t fail Maximum time threshold to compromise one node. E All possible defense configurations, including defense resources allocation and defending strategies Z All possible attack configurations, including attacker’s attributes, corresponding strategies and transition rules FiFi The total attacking times on i th service for all attackers, where i ∈ S u ij The number of attackers subordinates in the attack group launching j th attack on service i, where 1≤ j ≤ F i, i ∈ S v ij The degree of collaboration of attack group j, which affects the effectiveness of synergy

34 Number of attackers in an attack group Service 1Service 2Service 3 Attack Group 1VV Attack Group 2V Attack Group 3VVV Attack Group 4VV Attack Group 5VV GroupNo. of Attackers 16 25 37 44 56

35 3 Number of attackers in an attack group Cost aspect AttackerBudget A100 B200 C300 D400 AttackerBudget A90 B180 C270 D360 -100 -10 -20 -30 -40 O

36 The degree of collaboration Time

37 The degree of collaboration

38 NotationDescription A defense configuration, including defense resource allocation and defending strategies on i th service, where i ∈ S A instance of attack configuration, including attacker’s attributers, commander’s strategies and transition rules of the commander launches j th attack on i th service, where i ∈ S, 1 ≤ j ≤ F i 1 if the commander achieves his goal successfully, and 0 otherwise, where i ∈ S, 1 ≤ j ≤ F i Decision Variables

39 NotationDescription B nodelink The budget spent on constructing nodes and links. B general The budget spent on allocating general defense resource B special The budget spent on deploying special defense resource B virtualization The budget of virtualization B honeypot The budget of honeypots B reconfiguration The budget of reconfiguration functions

40 Decision Variables NotationDescription eThe total number of intermediate nodes NkNk The general defense resources allocated to node k, where k ∈ N q mn The capacity of direct link between node m and n, where m ∈ N, n ∈ N g(q mn ) The cost of constructing a link from node i to node j with capacity q mn, where m ∈ N, n ∈ N lklk The number of VMM level k purchased, where k ∈ M δnδn The number of services that honeypot i can simulate, where n ∈ H εnεn The interactive capability of false target honeypot i, where n ∈ P θnθn The maximum throughput of fake traffic that fake traffic generator honeypot i can achieve, where n ∈ Q

41 Decision Variables NotationDescription v( l p ) The cost of VMM level p with l p VMMs, where p ∈ M h( δ l, ε l ) The cost of constructing a false target honeypot with the number of simulating services and the interactive capability, where l ∈ P f( δ l, θ l ) The cost of constructing a fake traffic generator honeypot with the number of simulating services and the maximum achievable throughput of fake traffic, where l ∈ Q t( δ l, ε l, θ l ) The cost of constructing a honeypot equipped with false target and fake traffic generating functions with the number of simulating services, the interactive capability and the maximum achievable throughput of fake traffic, where l ∈ R xkxk 1 if node i is equipped with false target function, and 0 otherwise, where k ∈ N ykyk 1 if node i is equipped with fake traffic generating function, and 0 otherwise, where k ∈ N zkzk 1 if node i is equipped with reconfiguration function, and 0 otherwise, where k ∈ N

42 Verbal Notation NotationDescription G core k Loading of each core node k, where k ∈ C U link k Link utilization of each link k, where k ∈ L K effect Negative effect caused by applying fake traffic adjustment I effect Negative effect caused by applying dynamic topology reconfiguration J effect Negative effect caused by applying local defense O tocore The number of hops legitimate users experienced from one boundary node to destination YThe total compromise events W threshold The predefined threshold regarding quality of service W final The level of quality of service at the end of an attack W(  ) The value of quality of service is determined by several factors

43 Verbal Notation NotationDescription ρ defense The defense resource of the shortest path from detected compromised nodes to one core node divided by total defense resource τ hops The minimum number of hops from detected compromised nodes to one core node divided by the maximum number of hops from attacker’s starting position to one core node ω degree The link degree of one core node divided by the maximum link degree among all nodes in the topology S priority i The priority of service i provided by core nodes divided by the maximum service priority among core nodes in the topology, where i ∈ S β threshold The risk threshold of core nodes β()β() The risk status of each core node which is the aggregation of ρ defense, τ hops, ω degree and S priority i

44 Objective Function

45 Mathematical Constraints 1 2 Direct Link Capacity Constraints : q ij ≥ 0 Honeypot Types Constraints : x i + y i ≥ 1 (IP 1.1) (IP 1.2) (IP 1.3) (IP 1.4)

46 Mathematical Constraints Budget Constraints : B nodelink ≥ 0 B general ≥ 0 B special ≥ 0 Constructing Topology Constraints : n i ≥ 0 w × e ≥ 0 g (q ij ) ≥ 0 (IP 1.5) (IP 1.6) (IP 1.7) (IP 1.8) (IP 1.9) (IP 1.10)

47 Mathematical Constraints Budget Constraints : B nodelink ≥ 0 B special ≥ 0 123 (IP 1.11) (IP 1.12) (IP 1.13) (IP 1.14) (IP 1.15)

48 Mathematical Constraints Budget Constraints : 1 (IP 1.16) (IP 1.17)

49 Mathematical Constraints Special defense resource cost constraints : 1 (IP 1.18) (IP 1.19) (IP 1.20) (IP 1.21) (IP 1.22) (IP 1.23) (IP 1.24)

50 Verbal Constraints QoS constraints: (IP 1.25) The performance reduction cause by compromised core nodes, activating Honeypot, Reconfiguration and Virtualization during defending phase should not make legitimate users’ QoS satisfaction violate IP 1.25. (IP 1.26) At the end of an attack, W final ≧ W threshold. (IP 1.27)

51 For each core node, when the attack event has been detected, the mechanism is activated. (IP 1.33) The capacity of all the VMs’ links connect with the VMM will decrease certain ratio.(IP 1.34) Verbal Constraints Activation of defense mechanisms constraints: Reconfiguration constraints: Local defense constraints: The reconfiguration initial point must be the neighbor of core node detected risky. (IP 1.29) The defense resource of reconfiguration initial point should be the minimum one among all neighbors of core node detected risky. (IP 1.30) The reconfigured node must be the neighbor of reconfiguration initial point and not be the neighbor of core node detected risky. (IP 1.31) The defense resource of the reconfigured node should be the maximum one among all neighbors of reconfiguration initial node. (IP 1.32) (IP 1.28)

52 THANKS FOR YOUR ATTENTION

Download ppt "Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu."

Similar presentations

Ch. 12 Routing in Switched Networks

Ch. 12 Routing in Switched Networks
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China Smartening the Environment using Wireless Sensor Networks in a Developing Country Presented By Al-Sakib.

21-23 November, 2012, 5th IDCS, Wu Yi Shan, China Smartening the Environment using Wireless Sensor Networks in a Developing Country Presented By Al-Sakib.
1 Traffic Engineering (TE). 2 Network Congestion Causes of congestion –Lack of network resources –Uneven distribution of traffic caused by current dynamic.

1 Traffic Engineering (TE). 2 Network Congestion Causes of congestion –Lack of network resources –Uneven distribution of traffic caused by current dynamic.
Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu.

Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu.
CPSC 601.43 Topics in Multimedia Networking A Mechanism for Equitable Bandwidth Allocation under QoS and Budget Constraints D. Sivakumar IBM Almaden Research.

CPSC Topics in Multimedia Networking A Mechanism for Equitable Bandwidth Allocation under QoS and Budget Constraints D. Sivakumar IBM Almaden Research.
SLA-aware Virtual Resource Management for Cloud Infrastructures

SLA-aware Virtual Resource Management for Cloud Infrastructures
Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.

Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.
Design of an Intrusion Response System using Evolutionary Computation Rohit Parti.

Design of an Intrusion Response System using Evolutionary Computation Rohit Parti.
Authors: Thomas Ristenpart, et at.

Authors: Thomas Ristenpart, et at.
------ An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.

An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.
Reliability-Redundancy Allocation for Multi-State Series-Parallel Systems Zhigang Tian, Ming J. Zuo, and Hongzhong Huang IEEE Transactions on Reliability,

Reliability-Redundancy Allocation for Multi-State Series-Parallel Systems Zhigang Tian, Ming J. Zuo, and Hongzhong Huang IEEE Transactions on Reliability,
Distributed Quality-of-Service Routing of Best Constrained Shortest Paths. Abdelhamid MELLOUK, Said HOCEINI, Farid BAGUENINE, Mustapha CHEURFA Computers.

Distributed Quality-of-Service Routing of Best Constrained Shortest Paths. Abdelhamid MELLOUK, Said HOCEINI, Farid BAGUENINE, Mustapha CHEURFA Computers.
MAXIMIZING SPECTRUM UTILIZATION OF COGNITIVE RADIO NETWORKS USING CHANNEL ALLOCATION AND POWER CONTROL Anh Tuan Hoang and Ying-Chang Liang Vehicular Technology.

MAXIMIZING SPECTRUM UTILIZATION OF COGNITIVE RADIO NETWORKS USING CHANNEL ALLOCATION AND POWER CONTROL Anh Tuan Hoang and Ying-Chang Liang Vehicular Technology.
Network Aware Resource Allocation in Distributed Clouds.

Network Aware Resource Allocation in Distributed Clouds.
On QoS Guarantees with Reward Optimization for Servicing Multiple Priority Class in Wireless Networks YaoChing Peng Eunyoung Chang.

On QoS Guarantees with Reward Optimization for Servicing Multiple Priority Class in Wireless Networks YaoChing Peng Eunyoung Chang.
Source-End Defense System against DDoS attacks Fu-Yuan Lee, Shiuhpyng Shieh, Jui-Ting Shieh and Sheng Hsuan Wang Distributed System and Network Security.

Source-End Defense System against DDoS attacks Fu-Yuan Lee, Shiuhpyng Shieh, Jui-Ting Shieh and Sheng Hsuan Wang Distributed System and Network Security.
Introduction to Job Shop Scheduling Problem Qianjun Xu Oct. 30, 2001.

Introduction to Job Shop Scheduling Problem Qianjun Xu Oct. 30, 2001.
Improving Capacity and Flexibility of Wireless Mesh Networks by Interface Switching Yunxia Feng, Minglu Li and Min-You Wu Presented by: Yunxia Feng Dept.

Improving Capacity and Flexibility of Wireless Mesh Networks by Interface Switching Yunxia Feng, Minglu Li and Min-You Wu Presented by: Yunxia Feng Dept.
Research Direction Introduction Advisor: Professor Frank, Y.S. Lin Presented by Chi-Hsiang Chan 2011/10/111.

Research Direction Introduction Advisor: Professor Frank, Y.S. Lin Presented by Chi-Hsiang Chan 2011/10/111.
Quasi-static Channel Assignment Algorithms for Wireless Communications Networks Frank Yeong-Sung Lin Department of Information Management National Taiwan.

Quasi-static Channel Assignment Algorithms for Wireless Communications Networks Frank Yeong-Sung Lin Department of Information Management National Taiwan.

Similar presentations

Ads by Google