Paul Beraud, Alen Cruz, Suzanne Hassell, Juan Sandoval, Jeffrey J Wiley November 15 th, 2010 CRW’10 2010: NETWORK MANEUVER COMMANDER – Resilient Cyber.

Slides:



Advertisements
Similar presentations
Using MapuSoft Instead of OS Vendor’s Simulators.
Advertisements

Our View Points for Effective Approach to Unify the Diverse Networks on WIS Session 2.3 Industry, 7 November 2006 Oriental Electronics, Inc. Kyoto, Japan.
ETHICAL HACKING.
4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
Peer-to-peer archival data trading Brian Cooper Joint work with Hector Garcia-Molina (and others) Stanford University.
Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin.
Managing Agent Platforms with the Simple Network Management Protocol Brian Remick Thesis Defense June 26, 2015.
V1.00 © 2009 Research In Motion Limited Introduction to Mobile Device Web Development Trainer name Date.
Copyright © 2008 SAS Institute Inc. All rights reserved. SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks.
Network Simulation Internet Technologies and Applications.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
C OLUMBIA U NIVERSITY Lightwave Research Laboratory Embedding Real-Time Substrate Measurements for Cross-Layer Communications Caroline Lai, Franz Fidler,
Extreme Networks Confidential and Proprietary. © 2010 Extreme Networks Inc. All rights reserved.
4.x Performance Technology drivers – Exascale systems will consist of complex configurations with a huge number of potentially heterogeneous components.
NICE :Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems.
Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
STRATEGIC INTELLIGENCE MANAGEMENT Chapter by Paul de Souza Chapter 18 - National Cyber Defense Strategy, Pg. 224.
Page 1 Designing for Health; A Methodology for Integrated Diagnostics/Prognostics Raymond Beshears Raytheon 2501 W. University McKinney, TX
A performance evaluation approach openModeller: A Framework for species distribution Modelling.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Business Plug-In B17 Organizational Architecture Trends.
An Analysis of Location-Hiding Using Overlay Networks Ju Wang and Andrew A. Chien Department of Computer Science and Engineering, University of California.
AASSA Conference 2012 Quito, Ecuador March 16 th 2012 All the rights reserved.Instructor: Francisco Bolaños, Ing. InterAmerican Academy Ethical Hacking.
Client: The Boeing Company Contact: Mr. Nick Multari Adviser: Dr. Thomas Daniels Group 6 Steven BromleyJacob Gionet Jon McKeeBrandon Reher.
Tool Integration with Data and Computation Grid GWE - “Grid Wizard Enterprise”
Net-Centric Software and Systems I/UCRC A Framework for QoS and Power Management for Mobile Devices in Service Clouds Project Lead: I-Ling Yen, Farokh.
Zibin Zheng DR 2 : Dynamic Request Routing for Tolerating Latency Variability in Cloud Applications CLOUD 2013 Jieming Zhu, Zibin.
NGMAST 2008 A Proactive and Distributed QoS Negotiation Approach for Heterogeneous environments Anis Zouari, Lucian Suciu, Jean Marie Bonnin, and Karine.
© 2006, The MITRE Corporation Toward a Standard Rule Language for Semantic Enterprise Integration Ms. Suzette Stoutenburg
LegendCorp What is System Center Virtual Machine Manager (SCVMM)? SCVMM at a glance Features and Benefits Components / Topology /
Security Codesign Steve Dawson and Victoria Stavridou Bruno Dutertre, Josh Levy, Bob Riemenschneider, Hassen Saidi, Tomas Uribe System Design Laboratory.
VMware vSphere Configuration and Management v6
2015 Security Conference Dave Gill Intel Security.
© 2006, National Research Council Canada © 2006, IBM Corporation Solving performance issues in OTS-based systems Erik Putrycz Software Engineering Group.
Chapter 9: Implementing the Cisco Adaptive Security Appliance
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Performance of Adaptive Beam Nulling in Multihop Ad Hoc Networks Under Jamming Suman Bhunia, Vahid Behzadan, Paulo Alexandre Regis, Shamik Sengupta.
Modeling Virtualized Environments in Simalytic ® Models by Computing Missing Service Demand Parameters CMG2009 Paper 9103, December 11, 2009 Dr. Tim R.
Authors: Soamsiri Chantaraskul, Klaus Moessner Source: IET Commun., Vol.4, No.5, 2010, pp Presenter: Ya-Ping Hu Date: 2011/12/23 Implementation.
1 ETL Framework Definition - For a leading Financial Service Company - Name: Designation: Date: February, 2004 Copyright Wipro Technologies 2004 Consultancy.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Security and Resilience Pat Looney Brookhaven National Laboratory April 2016.
Michael Mast Senior Architect Applications Technology Oracle Corporation.
LetItFlow Architecture Specification Project Meeting Vienna, – Victor Carmocanu SIVECO Romania.
An Introduction to Deception Based Technology Asif Yaqub Nick Palmer February 5, 2016.
Metadata Driven Clinical Data Integration – Integral to Clinical Analytics April 11, 2016 Kalyan Gopalakrishnan, Priya Shetty Intelent Inc. Sudeep Pattnaik,
Risk Assessments in Many Flavors George J. Dolicker, CISA, CISSP.
Enterprise Security Management Franklin Tinsley COSC 481.
Introduction to Machine Learning, its potential usage in network area,
11/03/2016.
Agenda Enterprise Situational Awareness Active Defense
Recent Cyber Security Events and Future Research Directions
Using Ontologies to Quantify Attack Surfaces
Accenture Proprietary, All Rights Reserved, Not for Distribution
Research Task / Overview Overview1 Goals & Objectives
Overview – SOE PatchTT November 2015.
Rootkit Detection and Mitigation
Overview – SOE PatchTT December 2013.
Introduction to a Security Intelligence Maturity Model
Multi-Step Attack Defense Operating Point Estimation via Bayesian Modeling under Parameter Uncertainty Peng Liu, Jun Dai, Xiaoyan Sun, Robert Cole Penn.
The University of Adelaide, School of Computer Science
Shifting from “Incident” to “Continuous” Response
Provision of Multimedia Services in based Networks
Networking Specialization Overview
Realizing Closed-loop, Online Tuning and Control for Configurable-Cache Embedded Systems: Progress and Challenges Islam S. Badreldin*, Ann Gordon-Ross*,
Gagandeep Singh, Juan Gomez-Luna, Giovanni Mariani, Geraldo F
Process Wind Tunnel for Improving Business Processes
Presentation transcript:

Paul Beraud, Alen Cruz, Suzanne Hassell, Juan Sandoval, Jeffrey J Wiley November 15 th, 2010 CRW’ : NETWORK MANEUVER COMMANDER – Resilient Cyber Defense Copyright © 2010 Raytheon Company. All rights reserved. Customer Success Is Our Mission is a registered trademark of Raytheon Company.

Page 23/3/2016 Agenda Introduction – Overview on the project and topic Discussion – Hacking process, cyber defense goals, and decision framework – Analysis framework, NMC architecture, and network collection points Metrics – Development and collection of cyber dynamic defense metrics Results – Research results from demonstration of Network Maneuver Commander Conclusion – Recommendations, conclusions, and future work Questions

Page 3 Introduction Goals of Resilient Active Cyber Defense Increase cost to the attacker Increase the uncertainty that the attack was successful Increase chance of detection and attribution Minimize the magnitude of the attacker’s effect, survive Network Maneuver Commander supports these goals through artificial diversity, randomization, non-persistence and deception.

Page 43/3/2016 Research History Network Maneuver Commander (NMC) – Internal research project funded by Raytheon Company started in March 2009 – Goals: Develop a prototype cyber command and control (C2) system that maneuvers network-based elements preemptively Develop performance metrics to evaluate cyber dynamic defense solutions Cyber Defense – Conventionally cyber defense employs defense in depth Concentrated on perimeter protection and patching known attack vectors at each layer – NMC’s maneuvering capability enhances each of the defense layers by introducing artificial diversity of components (hardware, operating systems, etc…) Project Provides Cyber Dynamic Defense and Metrics to Evaluate this Class of Techniques

Page 5 Network Maneuver Commander 3/3/2016

Page 6 6 Characterizing Cyber Attacks The Hacking Process – Footprint: identify network addresses – Scan: identify hosts, operating systems, services – Enumerate: identify accounts and shares – Gain Access: attempt access to host – Escalate Privileges: gain control of host – Pilfer: sea rch and retrieve data

Page 73/3/2016 Randomized Decision Framework Decision Framework Enables the NMC to maneuver elements Parameters: – Diversity – Move interval – Geographic destination

Page 83/3/2016 Discussion Analysis Framework – Force-on-force simulation – Each attack is treated independently – Statistics on attacks and defenses are aggregated for resulting metrics NMC Architecture – Collection of loosely coupled services – Orchestrated via Enterprise Service Bus – Generic plug-in framework to support new applications Network Collection Points – Capture of metrics through: Extension of existing tools Mining data already collected

Page 93/3/2016 Metrics Basis for many metrics is time – Used to measure an attack’s progress – Used to quantify the cost to the attacker Metric calculations defined include – Percent of successful attacks – Percent of partially successful attacks – Mean number of attack disruptions – Time spent per phase – Duration of successful attack – Defensive efficiency – Defense factor Metrics collection in the network – Defined possible methods and tools Metrics Evaluate Pro-Active Dynamic Defense Methods

Page 103/3/2016 Results Demonstration included – Movement of resources across: Platforms Virtual partitions Physical locations Hypervisor vendors – Deployment and maneuvering of: Data Applications Network addresses Results captured on a variety of simulated scenarios Varying network sizes, defense factor, threat profile, etc… Displayed the Effectiveness of NMC Using the Newly Defined Metrics

Page 113/3/2016 Conclusion Based on simulations and testing with real applications – Maneuvering, artificial diversity and cleansing provide: Improved intrusion tolerance - lower percentage of attacks were successful Increased cost to attackers - more resources expended Optimal maneuver frequency 2X time of attack on static network Metrics allow for characterization of NMC and other cyber defense systems – Can be used to find optimal configuration of defenses for given threats Raytheon Continues Research in Area, Exploring Candidate Algorithms and Technologies

Page 12 Technologies not designed to support resiliency Coordination difficult (interfaces) Visualization/Operational Metrics Vendor Licensing Models Challenges

Page 133/3/2016 Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.