Presentation is loading. Please wait.

Presentation is loading. Please wait.

Paul Beraud, Alen Cruz, Suzanne Hassell, Juan Sandoval, Jeffrey J Wiley November 15 th, 2010 CRW’10 2010: NETWORK MANEUVER COMMANDER – Resilient Cyber.

Published byDenis Randall Modified over 8 years ago

Similar presentations

Presentation on theme: "Paul Beraud, Alen Cruz, Suzanne Hassell, Juan Sandoval, Jeffrey J Wiley November 15 th, 2010 CRW’10 2010: NETWORK MANEUVER COMMANDER – Resilient Cyber."— Presentation transcript:

1 Paul Beraud, Alen Cruz, Suzanne Hassell, Juan Sandoval, Jeffrey J Wiley November 15 th, 2010 CRW’10 2010: NETWORK MANEUVER COMMANDER – Resilient Cyber Defense Copyright © 2010 Raytheon Company. All rights reserved. Customer Success Is Our Mission is a registered trademark of Raytheon Company.

2 Page 23/3/2016 Agenda Introduction – Overview on the project and topic Discussion – Hacking process, cyber defense goals, and decision framework – Analysis framework, NMC architecture, and network collection points Metrics – Development and collection of cyber dynamic defense metrics Results – Research results from demonstration of Network Maneuver Commander Conclusion – Recommendations, conclusions, and future work Questions

3 Page 3 Introduction Goals of Resilient Active Cyber Defense Increase cost to the attacker Increase the uncertainty that the attack was successful Increase chance of detection and attribution Minimize the magnitude of the attacker’s effect, survive Network Maneuver Commander supports these goals through artificial diversity, randomization, non-persistence and deception.

4 Page 43/3/2016 Research History Network Maneuver Commander (NMC) – Internal research project funded by Raytheon Company started in March 2009 – Goals: Develop a prototype cyber command and control (C2) system that maneuvers network-based elements preemptively Develop performance metrics to evaluate cyber dynamic defense solutions Cyber Defense – Conventionally cyber defense employs defense in depth Concentrated on perimeter protection and patching known attack vectors at each layer – NMC’s maneuvering capability enhances each of the defense layers by introducing artificial diversity of components (hardware, operating systems, etc…) Project Provides Cyber Dynamic Defense and Metrics to Evaluate this Class of Techniques

5 Page 5 Network Maneuver Commander 3/3/2016

6 Page 6 6 Characterizing Cyber Attacks The Hacking Process – Footprint: identify network addresses – Scan: identify hosts, operating systems, services – Enumerate: identify accounts and shares – Gain Access: attempt access to host – Escalate Privileges: gain control of host – Pilfer: sea rch and retrieve data

7 Page 73/3/2016 Randomized Decision Framework Decision Framework Enables the NMC to maneuver elements Parameters: – Diversity – Move interval – Geographic destination

8 Page 83/3/2016 Discussion Analysis Framework – Force-on-force simulation – Each attack is treated independently – Statistics on attacks and defenses are aggregated for resulting metrics NMC Architecture – Collection of loosely coupled services – Orchestrated via Enterprise Service Bus – Generic plug-in framework to support new applications Network Collection Points – Capture of metrics through: Extension of existing tools Mining data already collected

9 Page 93/3/2016 Metrics Basis for many metrics is time – Used to measure an attack’s progress – Used to quantify the cost to the attacker Metric calculations defined include – Percent of successful attacks – Percent of partially successful attacks – Mean number of attack disruptions – Time spent per phase – Duration of successful attack – Defensive efficiency – Defense factor Metrics collection in the network – Defined possible methods and tools Metrics Evaluate Pro-Active Dynamic Defense Methods

10 Page 103/3/2016 Results Demonstration included – Movement of resources across: Platforms Virtual partitions Physical locations Hypervisor vendors – Deployment and maneuvering of: Data Applications Network addresses Results captured on a variety of simulated scenarios Varying network sizes, defense factor, threat profile, etc… Displayed the Effectiveness of NMC Using the Newly Defined Metrics

11 Page 113/3/2016 Conclusion Based on simulations and testing with real applications – Maneuvering, artificial diversity and cleansing provide: Improved intrusion tolerance - lower percentage of attacks were successful Increased cost to attackers - more resources expended Optimal maneuver frequency 2X time of attack on static network Metrics allow for characterization of NMC and other cyber defense systems – Can be used to find optimal configuration of defenses for given threats Raytheon Continues Research in Area, Exploring Candidate Algorithms and Technologies

12 Page 12 Technologies not designed to support resiliency Coordination difficult (interfaces) Visualization/Operational Metrics Vendor Licensing Models Challenges

13 Page 133/3/2016 Questions?

Download ppt "Paul Beraud, Alen Cruz, Suzanne Hassell, Juan Sandoval, Jeffrey J Wiley November 15 th, 2010 CRW’10 2010: NETWORK MANEUVER COMMANDER – Resilient Cyber."

Similar presentations

Using MapuSoft Instead of OS Vendor’s Simulators.

Using MapuSoft Instead of OS Vendor’s Simulators.
Our View Points for Effective Approach to Unify the Diverse Networks on WIS Session 2.3 Industry, 7 November 2006 Oriental Electronics, Inc. Kyoto, Japan.

Our View Points for Effective Approach to Unify the Diverse Networks on WIS Session 2.3 Industry, 7 November 2006 Oriental Electronics, Inc. Kyoto, Japan.
ETHICAL HACKING.

ETHICAL HACKING.
4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.

4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
Peer-to-peer archival data trading Brian Cooper Joint work with Hector Garcia-Molina (and others) Stanford University.

Peer-to-peer archival data trading Brian Cooper Joint work with Hector Garcia-Molina (and others) Stanford University.
Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin.

Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin.
Managing Agent Platforms with the Simple Network Management Protocol Brian Remick Thesis Defense June 26, 2015.

Managing Agent Platforms with the Simple Network Management Protocol Brian Remick Thesis Defense June 26, 2015.
V1.00 © 2009 Research In Motion Limited Introduction to Mobile Device Web Development Trainer name Date.

V1.00 © 2009 Research In Motion Limited Introduction to Mobile Device Web Development Trainer name Date.
Copyright © 2008 SAS Institute Inc. All rights reserved. SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks.

Copyright © 2008 SAS Institute Inc. All rights reserved. SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks.
Network Simulation Internet Technologies and Applications.

Network Simulation Internet Technologies and Applications.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
C OLUMBIA U NIVERSITY Lightwave Research Laboratory Embedding Real-Time Substrate Measurements for Cross-Layer Communications Caroline Lai, Franz Fidler,

C OLUMBIA U NIVERSITY Lightwave Research Laboratory Embedding Real-Time Substrate Measurements for Cross-Layer Communications Caroline Lai, Franz Fidler,
Extreme Networks Confidential and Proprietary. © 2010 Extreme Networks Inc. All rights reserved.

Extreme Networks Confidential and Proprietary. © 2010 Extreme Networks Inc. All rights reserved.
4.x Performance Technology drivers – Exascale systems will consist of complex configurations with a huge number of potentially heterogeneous components.

4.x Performance Technology drivers – Exascale systems will consist of complex configurations with a huge number of potentially heterogeneous components.
NICE :Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems.

NICE :Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems.
Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
STRATEGIC INTELLIGENCE MANAGEMENT Chapter by Paul de Souza Chapter 18 - National Cyber Defense Strategy, Pg. 224.

STRATEGIC INTELLIGENCE MANAGEMENT Chapter by Paul de Souza Chapter 18 - National Cyber Defense Strategy, Pg. 224.

Similar presentations

Ads by Google