Research Direction Introduction Advisor: Frank, Yeong-Sung Lin Presented by Hui-Yu, Chung.
Research Direction Introduction
description
Transcript of Research Direction Introduction
![Page 1: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/1.jpg)
1
Research Direction Introduction
Advisor: Professor Frank, Y.S. LinPresented by Chi-Hsiang Chan
2011/10/11
![Page 2: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/2.jpg)
2
Agenda Introduction
Collaborative Attack Virtualization
Problem description Scenario
2011/10/11
![Page 3: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/3.jpg)
3
Agenda Introduction
Collaborative Attack Virtualization
Problem description Scenario
2011/10/11
![Page 4: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/4.jpg)
4
Collaborative Attack Collaborative attacks are characterized by the
prevalence of coordination before and during attacks. [1]
Collaborative attacks in general would involve multiple human attackers or criminal organizations that have respective adversarial expertise but may not fully trust each other.
Collaborative attacks are more powerful than the sum of the underlying individual attacks that can be launched by the individual attackers independently.
2011/10/11
![Page 5: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/5.jpg)
5
Collaborative Attack
2011/10/11
![Page 6: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/6.jpg)
11
Collaborative Attack Advantages of Collaborative Attack [2]
Coordinated attacks could be designed to avoid detection.
It is difficult to differentiate between decoy and actual attacks.
There is a large variety of coordinated attacks.
2011/10/11
![Page 7: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/7.jpg)
12
Virtualization Definition
Virtualization refers to technologies designed to provide a layer of abstraction between computer hardware systems and the software running on them.[3]
Source: vmware2011/10/11
![Page 8: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/8.jpg)
13
Virtualization Benefit
cost down efficiency scalability easy to have multiple operating system
environment increase the space utilization efficiency in your
data center by server consolidation
Virtualization is the key to cloud computing
2011/10/11
![Page 9: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/9.jpg)
14
IDS an Intrusion detection system (IDS) is a
security system that monitors computer systems and network traffic and analyzes that traffic for possible hostile attacks originating from outside the organization and also for system misuse or attacks originating from inside the organization.[4]
Do more protect than firewall which filter incoming traffic from the Internet.
2011/10/11
![Page 10: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/10.jpg)
15
IDS Two types of IDS
Host IDS(HIDS) Network IDS(NIDS)
The trade-off is evident when comparing HIDS and NIDS NIDS offers high attack resistance at the cost of
visibility. HIDS offers high visibility but sacrifice attack
resistance.
2011/10/11
![Page 11: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/11.jpg)
16
Agenda Introduction
Collaborative Attack Virtualization
Problem description Scenario
2011/10/11
![Page 12: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/12.jpg)
17
Problem Description
?
2011/10/11
![Page 13: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/13.jpg)
18
Attacker View Commander Attackers
Initial location Budget Capability
Objective Steal confidential information Service disruption
2011/10/11
![Page 14: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/14.jpg)
19
Defender View Special Defense Resource
Cost budget VM IDS (Signature) [5] Cloud security service
Costless(Decrease QoS) VM local defense Dynamic topology reconfiguration [6]
2011/10/11
![Page 15: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/15.jpg)
20
Per Hop Decision Period decision
Early stage Late stage
Strategy decision by criteria compromise → risk avoidance pretend to attack → risk tolerance
No. of Attackers Choose ideal attackers
Aggressiveness Attack Energy
Budget Capability
m
m m
TT t
2011/10/11
![Page 16: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/16.jpg)
21
Time Issue Attackers
Compromise time Recovery time
Defender Signature generate Reconfiguration impact QoS
2011/10/11
![Page 17: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/17.jpg)
22
Synergy Pros
Decrease Budget cost of each attacker Less recovery time Less compromise time
Cons Probability of detected
2011/10/11
![Page 18: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/18.jpg)
23
Early Period, Risk Avoidance Purpose
Try to compromise nodes as fast as they can Keep the stronger attackers for compromise core
nodes
2011/10/11
![Page 19: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/19.jpg)
24
Agenda Introduction
Collaborative Attack Virtualization
Problem description Scenario
2011/10/11
![Page 20: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/20.jpg)
25
Scenario
General node Core node Cloud security agent
VMM environment
Third party’s defense center
Cloud security provider
2011/10/11
![Page 21: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/21.jpg)
26
ScenarioA
B
C
D
E
F
G
H
I
J
2011/10/11
![Page 22: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/22.jpg)
27
Early Stage Attack StrategyA
B
C
D
E
F
G
H
I
J
2011/10/11
![Page 23: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/23.jpg)
28
Local DefenseA
B
C
D
E
F
G
H
I
J
2011/10/11
![Page 24: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/24.jpg)
29
IPDS request signatureA
B
C
D
E
F
G
H
I
J
Signature generating…
2011/10/11
![Page 25: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/25.jpg)
30
Late Stage Attack StrategySignature generating…
A
B
C
D
E
F
G
H
I
J
2011/10/11
![Page 26: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/26.jpg)
31
Attack VMMSignature generating…
A
B
C
D
E
F
G
H
I
J
2011/10/11
![Page 27: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/27.jpg)
32
Risk Level 、 ReconfigurationSignature generating…
A
B
C
D
E
F
G
H
I
J
2011/10/11
![Page 28: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/28.jpg)
33
Cloud Security ServiceSignature generating…
A
B
C
D
E
F
G
H
I
J
2011/10/11
![Page 29: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/29.jpg)
34
Transfer SignatureA
B
C
D
E
F
G
H
I
J
2011/10/11
![Page 30: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/30.jpg)
35
Failure of AttackerA
B
C
D
E
F
G
H
I
J
2011/10/11
![Page 31: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/31.jpg)
36
Failure of DefenderA
B
C
D
E
F
G
H
I
JQoS2011/10/11
![Page 32: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/32.jpg)
37
Thanks for your listening!!
2011/10/11
![Page 33: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/33.jpg)
38
Reference [1] S. Xu, “Collaborative Attack vs. Collaborative Defense”,
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, Volume 10, Part 2, pp.217-228, 2009
[2] S. Braynov and M. Jadliwala, “Representation and Analysis of Coordinated Attacks”, FMSE'03, 2003
[3] J. K. Waters, “Virtualization Definition and Solutions”, 2008, http://www.cio.com/article/40701/Virtualization_Definition_and_Solutions
[4] SANS Institute InfoSec Reading Room, "Intrusion Detection Systems: Definition, Need and Challenges," 2001.
[5] T. Garfinkel and M. Rosenblum, “A Virtual Machine Introspection Based Architecture for Intrusion Detection”, Proc. Network and Distributed Systems Security Symposium, 2003
2011/10/11
![Page 34: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/34.jpg)
39
Reference [6] M. Atighetchi, P. Pal, F. Webber and C. Jones,
“Adaptive Use of Network-Centric Mechanisms in Cyber-Defense”, BBN Technologies LLC
2011/10/11
![Page 35: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/35.jpg)
40
Appendix
2011/10/11
![Page 36: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/36.jpg)
41
Host-based IDS HIDS obtains information by watching local
activity on a host : processes, system calls, logs, etc.
Advantages : Detailed information about system activities. Greater accuracy and fewer false positives.
Weakness : Highly dependent on host systems.
Can be deactivated or tampered by a successful intruder.
2011/10/11
![Page 37: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/37.jpg)
42
Network-based IDS NIDS obtains data by monitoring the traffic in
the network. Advantages :
Operating System-independent. Can detect attack attempts outside the firewall. Difficult for attackers to displace their evidences.
Weakness : In high-traffic networks, a network monitor could
potentially miss packets, or become a bottleneck. Hard to get detailed information of hosts.
2011/10/11
![Page 38: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/38.jpg)
43
Period
N : The total numbers of nodes in the Defense Networks.
F : The total numbers of node which is compromised in the Defense Networks.
2011/10/11
![Page 39: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/39.jpg)
44
Selection Criteria
2011/10/11
![Page 40: Research Direction Introduction](https://reader036.fdocuments.in/reader036/viewer/2022062501/56816428550346895dd5e868/html5/thumbnails/40.jpg)
45
No. of Attackers
M : Number of selected candidates Success Rate (SR) = Risk Avoidance
Compromised / Risk Avoidance Attacks
2011/10/11