UsingTestRangesforCyberSecurityResearch
ByAbigailKoaySupervisedby:AaronChen&IanWelch
VictoriaUniversityofWellingtoneResearch 2016
Overview
• CyberSecurity• Whatwedo?• Whatweencounter?• Whatwecanimprove
LiveCyberAttacksDigitalMap
CyberAttacks,inrealtime
TopCyberAttacks
NetworkIntrusion
Botnet
Denial ofService
Phishing/Spear
Phishing
Drive-byDownload
TopCyberAttacks
NetworkIntrusion
Botnet
Denial ofService
Phishing/Spear
Phishing
Drive-byDownload
DDoSontheRise- Worldwide
DDoSAttackontheRise
DDoSAttack,RealTime
LiveDDoSAttackMapLiveDDoSAttacksDigitalMap
DDoSAttacks,inrealtime
Overview
• CyberSecurity• Whatwedo?• Whatweencounter?• Whatwecanimprove
What’smyresearchabout?
MachineLearning
InformationEntropy
CorrelationAnalysis
DetectionSystem
DevelopingabetterDDoSdetectionsystemforlargescalenetwork
HowdoIevaluatemysystem?
• Existingdatasets• MITLincolnLabDARPAIntrusionDetectionDataSets(1998-2000)• UniversityofNewBrunswickISCXIntrusionDetectionEvaluationDataSet(2012)
• Simulation/Emulations• Simulationsoftware• Testranges
WhatareCyberSecurityTestRanges?
Asecurenetworkenvironmentforexperimenterstolaunchattackssafely.
PublicallyAvailableTestRanges
• >600researchersworldwide• ~200scientificpapers• >3800studentsreceivedtraining• >540high-capacitymulticoreservernodes(Berkeley,LosAngeles,Arlington)
Cyber-Defense Technology Experimental Research Laboratory
NewProjectApplicationForm
BeginanExperiment
Exampleof.nsfile
TopologycreatedwithDeterlab
Objective:GeneratenetworktrafficenvironmentwithDDoSattack
Topology :Smallnetworkenvironmentwith3LAN.
Tools:HTTPSlowlorisBotnetgenerator(BoNeSi)D-ITG
Packetcapture:Wireshark
ExampleofExperiment
victims
Whatisgood
• Scalabletopologies• Configurablebandwidthanddelaysfor
eachnetworklinks• Configurableroutings• Dedicatedphysicalhostforeachnode• OSimageselection• Abletoinstalltools
Overview
• CyberSecurity• Whatwedo?• Whatweencounter?• Whatwecanimprove
Challenges
• Resourceslimitation• Location/TimeDifference• Testbedarchitectureunfamiliarity• Federatedmaintenance
Overview
• CyberSecurity• Whatwedo?• Whatweencounter?• Whatwecanimprove
Wouldifbebetterifwecanhaveasimilar
facilityinNZ?
CurrentcybersecuritylabsinNZ
CyberSecurityResearchCentre(Unitec)
CyberSecurityResearchersofWaikato(CROW)Laboratory
ResearchFacility
ResearchFacility
Testold/newcyberattacks
CaptureTraffic
SDN
Shareresources
Repeatexisting
experiments
education
fostercollaborati
on
shareexpertise
Woulditbebettertohave..
Questions?
Thankyou.--End--
Top Related