1 / 7

Intrusion Detection and Forensics for Self-defending Wireless Networks

Intrusion Detection and Forensics for Self-defending Wireless Networks. Yan Chen Dept. of Electrical Engineering and Computer Science Northwestern University Spring Review 2008 Award # : FA9550-07-1-0074. Technical Approach: Self-Defending Wireless Networks.

Download Presentation

Intrusion Detection and Forensics for Self-defending Wireless Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Intrusion Detection and Forensics for Self-defending Wireless Networks Yan Chen Dept. of Electrical Engineering and Computer Science Northwestern University Spring Review 2008 Award # : FA9550-07-1-0074

  2. Technical Approach: Self-Defending Wireless Networks • Proactively search of vulnerability for wireless network protocols • Intelligent and thorough checking through combo of manual analysis + auto search with formal methods • First, manual analysis provide hints and right level of abstraction for auto search • Then specify the specs and potential capabilities of attackers in a formal language TLA+ • Then model check for any possible attacks • Defend against emerging threat • Worm: network-based polymorphic worm signature generations • Botnet: IRC (Internet relay chat) based C&C detection and mitigation

  3. Technical Breakthroughs (I) • Intelligent vulnerability analysis • Focused on outsider attacks, i.e., w/ unprotected error msgs • Checked the complete spec of 802.16e before authentication • Found some vulnerability, e.g., for ranging (but needs to change MAC) • Checked the mobile IPv4/v6 • Find an easy attack to disable the route optimization of MIPv6 ! • Checked the WiFi 802.11 • Find an easy attack to DoS any new clients from joining the • Partnered with Motorola, very interested in the vulnerability found

  4. Technical Breakthroughs (II) • Automatic polymorphic worm signature generation systems for high-speed networks • Fast, noise tolerant w/ proved attack resilience • Work for any worms target the same vulnerability • Patent filed Vulnerability signature trafficfiltering Internet X X Our network X X Vulnerability

  5. Accomplishments of 2007 • Four conference papers, one journal paper and two book chapters • Accurate and Efficient Traffic Monitoring Using Adaptive Non-linear Sampling Method", to appear in the Proc. of IEEE INFOCOM, 2008 • Honeynet-based Botnet Scan Traffic Analysis, invited book chapter for Botnet Detection: Countering the Largest Security Threat, Springer, 2007. • Reversible Sketches: Enabling Monitoring and Analysis over High-speed Data Streams, in ACM/IEEE Transaction on Networking, Volume 15, Issue 5, Oct. 2007. • Network-based and Attack-resilient Length Signature Generation for Zero-day Polymorphic Worms, in the Proc. of the 15th IEEE International Conference on Network Protocols (ICNP), 2007. • Integrated Fault and Security Management, invited book chapter for Information Assurance: Dependability and Security in Networked Systems, Morgan Kaufmann Publishers, 2007. • Detecting Stealthy Spreaders Using Online Outdegree Histograms, in the Proc. of the 15th IEEE International Workshop on Quality of Service (IWQoS), 2007. • A Suite of Schemes for User-level Network Diagnosis without Infrastructure, in the Proc. of IEEE INFOCOM, 2007

  6. Why AFOSR Support Important • Wireless networks prevalent and mission critical for AF GIG • Security particularly important for defense • AFOSR support opens door for collaboration with AFRL researchers • Annual PI meeting is a great venue for fostering collaboration • Currently working with Dr. Keesook Han for analyzing the next generation C&C of botnet • Obtain binary/source from Dr. Han • Plan to use the testbed developed at AFRL • Enable technology transfer to better secure AF wireless networks

  7. Collaborations for Real Impact • Dr. Keesook Han from AFRL • Dr. Judy Fu from Motorola Labs • Talk to real product group on system implementations • Potential tech transfer to make more secure wireless network products

More Related