Presentation is loading. Please wait.

Presentation is loading. Please wait.

S ecurity T hreat A ssessment across L arge N etwork I nfrastructures Grigorios Fragkos Research Student – Information Security Research Group School of.

Published byRobert Trujillo Modified over 10 years ago

Similar presentations

Presentation on theme: "S ecurity T hreat A ssessment across L arge N etwork I nfrastructures Grigorios Fragkos Research Student – Information Security Research Group School of."— Presentation transcript:

1 S ecurity T hreat A ssessment across L arge N etwork I nfrastructures Grigorios Fragkos Research Student – Information Security Research Group School of Computing, University of Glamorgan, UK gfragkos@glam.ac.uk Copyright 2005 © Fragkos Grigorios, Blyth Andrew. Security Threat Assessment across Large Network Infrastructures, Safeguarding National Infrastructures: Integrated Approaches to Failure in Complex Networks, University of Glasgow, UK, August 2005

2 The Wired & Wireless Gaia The worldwide internet population is already at 934 million in 2004 and projected to reach 1.21 billion in 2006 [ClickZ Stats Staff 2005] The reported security incidents have evolved from 6 in 1988 to 21,756 in 2000 and consequently to 137,529 in 2003 [CERT 2005]

3 Security… Safeguarding Large Network Infrastructures Why is still a problem? a) why do network infrastructures still suffer from attacks and why do we still wondering why we cannot deal efficiently with the security related issues by taking active countermeasures against them. b) Should todays security, still be considered as a technology problem? c) How and what kind of system, built with security in mind, could protect large network infrastructures efficiently by performing threat assessment?

4 What is Security? –The Cambridge Dictionary describes security as:The ability to avoid being harmed by any risk, danger or threat –Also, the Oxford English Dictionary describes security as:The state of being or feeling secure …where secure is described as protected against attack or other criminal activity Do we need a definition that describes in a more realistic and practical way achievable goals?

5 Defining Security The state of being or feeling secure, by having the ability to avoid being harmed at an irrecoverable level, by any risk, danger or threat, when/for protecting a specific asset. (Authors definition, where secure is defined according to the Oxfords dictionary definition)

6 NISCC, CNI and Smart Procurement –National Infrastructure Security Co-ordination Centre (NISCC) –National Infrastructure Security Co-ordination Centre (NISCC) (To ensure the continuity of society in time of crisis) [NISCC 2005] –Critical National Infrastructure (CNI) –Critical National Infrastructure (CNI) (Known in the UK as the essential services and systems protected by NISCC) –Smart Procurement (The financial issues arising when we have to deal with large projects. In a similar way the MoD is applying Smart Procurement in order to calculate if the amount of available resources needed for purchasing military equipment, is equivalent to the amount of equipment they need to purchase) [MoD 2001]

7 Approaching a solution University A University A University B University B University C University C University D University D Corporation A Corporation A University E (Glam) University E (Glam) Intelligent Engine Threat Assessment Corporation B Corporation B Non-Governmental Organization Expand existed computer and network-defensive technologies by combining them with the information and services provided by the NISCC in order to design a prototype architecture that could be easily applied in large infrastructures

8 Threat Assessment & Threat Response Real-Time Threat Assessment has two very important goals. –The first goal is to minimize the time from the moment an attack actually started until the moment our defense system is able to identify it as an actual attack. –The second goal which we are trying to achieve, is to minimize the amount of time that is essential by our system to take any required actions or deploy a set of countermeasures, before the actual attack has finished.

9 Threat Assessments Timeframes time δ a1a2 a1 - Attack Started a2 - Attack Finished d1 - Detected Attack d2 - Deploy Countermeasures attackers data generated that exposed him/her.. δ(x) d1d2 δ(y) Δ δ - Lasting time of an attack Δ - Timeframe for the moment an attack detected until the moment the attack was blocked.

10 The Idea An efficient structure of intrusion detection data into Object-Oriented hierarchy trees, will provide to the system a similar understanding of the events as the human brain can understand the relativity of species or objects. Make a system aware of what it sees, and as become conscious of the various types of attacks that exist in the wild, along with their various subtypes. In other words the system will not just detect an already known or novel attack but it will have a notional understanding of the network traffic and will be able to identify novel attacks and categorize them based on what it knows up to that moment

11 Combination of Technologies –Multi-CPU systems –Beowulf Clusters –Grid Computing –A.I. languages –SSH, SOAP, XML, Python –Object-Oriented Classification of Network Events –Footprints Repository –State of the art Intrusion Detection Systems

12 Need for Real-Time Threat Assessment

13 Real-Time Threat Assessment Present an architecture that can be used to perform Real-Time Threat Assessment using IDS data –Provide a holistic picture of an attack and thus facilitate the decision making process associated with Computer Network Defence –Analyse and index data from a variety of distributed heterogeneous sources via a taxonomy of object-based attack classifications –Perform threat assessment based on the progression of an attack using principles derived from A.I.

14 Summary –Automate the Threat Assessment process through vast amount of information –Identify new attacks based on patterns of behaviour using anomaly detection. –Prevent ongoing attacks by interchanging information in a non- centralized manner –Protect in Real-Time Critical-Importance Infrastructures

15 Q & A Thank you for your attention Grigorios Fragkos Information Security Research Group (ISRG) University of Glamorgan, Wales, UK

16 References Biermann, E., Cloete, E. and Venter, L. (2001). A Comparison of Intrusion Detection Systems. Computers & SecurityBiermann, E., Cloete, E. and Venter, L. (2001). A Comparison of Intrusion Detection Systems. Computers & Security ClickZ Stats Staff, Population Explosion, (2005), Available at: http://www.clickz.com/stats/sectors/geographics/article.php/5911_151151ClickZ Stats Staff, Population Explosion, (2005), Available at: http://www.clickz.com/stats/sectors/geographics/article.php/5911_151151 CERT® Coordination Center, (2005) CERT Coordination Center Statistics 1988-2003, Available at: http://www.cert.org/stats/cert_stats.htmlCERT® Coordination Center, (2005) CERT Coordination Center Statistics 1988-2003, Available at: http://www.cert.org/stats/cert_stats.html Debar H., Dacier M., Wespi A., (1999) Towards a taxonomy of intrusion detection systems, Computer NetworksDebar H., Dacier M., Wespi A., (1999) Towards a taxonomy of intrusion detection systems, Computer Networks Lippmann R.,et al., (1998) Evaluating Intrusion Detection Systems, The 1998 DARPA Off-line Intrusion Detection Evaluation. First International Workshop on Recent Advances in Intrusion Detection (RAID), Louvain-la-Neuve, BelgiumLippmann R.,et al., (1998) Evaluating Intrusion Detection Systems, The 1998 DARPA Off-line Intrusion Detection Evaluation. First International Workshop on Recent Advances in Intrusion Detection (RAID), Louvain-la-Neuve, Belgium Lunt, T. (1993) A survey of intrusion detection techniques, Computers and SecurityLunt, T. (1993) A survey of intrusion detection techniques, Computers and Security Morakis, E., Vidalis, A., Blyth, A. J.C. (2003a). Measuring Vulnerabilities and their Exploitation Cycle, Elsevier Information Security Technical Report, Vol. 8, No. 4Morakis, E., Vidalis, A., Blyth, A. J.C. (2003a). Measuring Vulnerabilities and their Exploitation Cycle, Elsevier Information Security Technical Report, Vol. 8, No. 4 Morakis, E., Vidalis, S., Blyth, A.J.C. (2003b). A Framework for Representing and Analysing Cyber Attacks Using Object Oriented Hierarchy Trees. Second European Conference in Information Warfare, UK, pp235-246Morakis, E., Vidalis, S., Blyth, A.J.C. (2003b). A Framework for Representing and Analysing Cyber Attacks Using Object Oriented Hierarchy Trees. Second European Conference in Information Warfare, UK, pp235-246

17 Appendices

18 Systems Overview

19 Systems Brain

20 Threat QuestionQuestion What do we mean by threat when talking about security? AnswerAnswer A threat to a system can be defined as: –A possible danger to the system (Michel E. Kabay, Enterprise Security: Protecting Information Assets, McGraw-Hill, 1996) –A circumstance that has the potential to cause loss or harm (Charles P. Pfleeger, Security in Computing, Addison Wesley, 1997) –A circumstance or event that could cause harm by violating security (Rita C. Summers, Secure Computing: Threats and Safeguards, McGraw-Hill, 1997)

21 Threat Assessment QuestionQuestion What is Threat Assessment? What is Threat Assessment? AnswerAnswer There are two goals in the model of Threat Assessment: –Identify threats based on feasibility (enablers) and indicators of potential exploitation. These threats are further categorized by the potential likelihood they will be exploited. –Provide an intelligence-based method of predicting, detecting, and monitoring potential large-scale threats to business and national security. [Global Technology Research, Inc].

22 Intrusion Detection Systems (IDS) TechnologiesTechnologies –Host Based –Network Based –Application Based –Stack Based Defence MechanismsDefence Mechanisms –Passive –Reactive Detection ModeDetection Mode –Misuse Detection –Anomaly Detection –Specification Based

23 State of the Art & its limitations Intrusion Detection Systems and security auditing systems have developed to the point where large quantities of information relating to security incidents can be captured, stored, indexed and classified. Probabilistic MethodsProbabilistic Methods Multi-pattern Search AlgorithmsMulti-pattern Search Algorithms Hybrid neural networksHybrid neural networks Learning program behaviourLearning program behaviour Correlation of Intrusion alertsCorrelation of Intrusion alerts All mentioned systems fall under a basic characteristic; They either follow the path to become misuse detection systems or anomaly detection systems

24 Real - Time Unification ProcessUnification Process A number of sensors running any type of IDS, as described earlier, are logging network events into a centralized repository. The collector (or the unification process) gathers all the information before they are sent to the repository in order to unify the data under a single database schema U S 1 …S 2 ……S n DB U: Unification Process S: Sensor Data Repository SOAP XML / RPC Execution Engine

25 Systems Architecture Data Repository Sensor 1 Sensor 2 Sensor n...... SOAP AGENT message XML / SOAP envelop SOAP Server Execution Engine Visualization Window Visualization Window Countermeasures Engine Classification Repository Footprint Repository checkTop level Classification Repository load balancing

Download ppt "S ecurity T hreat A ssessment across L arge N etwork I nfrastructures Grigorios Fragkos Research Student – Information Security Research Group School of."

Similar presentations

Module 1 Evaluation Overview © Crown Copyright (2000)

Module 1 Evaluation Overview © Crown Copyright (2000)
COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.

COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.
Department of Electronic Engineering Challenges & Proposals INFSO Information Day Research Networking Test-beds 26/27 May 2005,

Department of Electronic Engineering Challenges & Proposals INFSO Information Day Research Networking Test-beds 26/27 May 2005,
Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.

Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.
VSE Corporation Proprietary Information

VSE Corporation Proprietary Information
1www.skyboxsecurity.com Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage.

1www.skyboxsecurity.com Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
Information Security Policies and Standards

Information Security Policies and Standards
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
Brent Dingle Marco A. Morales Texas A&M University, Spring 2002

Brent Dingle Marco A. Morales Texas A&M University, Spring 2002
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
seminar on Intrusion detection system

seminar on Intrusion detection system
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Intrusion Detection System Marmagna Desai [ 520 Presentation]

Intrusion Detection System Marmagna Desai [ 520 Presentation]

Similar presentations

Ads by Google