1 / 48

指導教授:林永松 博士 研 究 生:林義倫 中華民國 九十五 年七月二十七日

國立台灣大學資訊管理研究所碩士論文審查. Near Optimal Protection Strategies against Targeted Attacks on the Core Node of a Network 考慮單一核心節點攻擊下 網路近似最佳化防護策略. 指導教授:林永松 博士 研 究 生:林義倫 中華民國 九十五 年七月二十七日. Outline. Introduction Models Protection Strategy for Defenders (PSD) Model

lromo
Download Presentation

指導教授:林永松 博士 研 究 生:林義倫 中華民國 九十五 年七月二十七日

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 國立台灣大學資訊管理研究所碩士論文審查 Near Optimal Protection Strategies against Targeted Attacks on the Core Node of a Network 考慮單一核心節點攻擊下網路近似最佳化防護策略 指導教授:林永松 博士 研 究 生:林義倫 中華民國九十五年七月二十七日

  2. Outline • Introduction • Models • Protection Strategy for Defenders (PSD) Model • Probabilistic Protection Strategy for Defenders (PPSD) Model • Solution Approach • Computational Experiments • Conclusion & Future Work 國立台灣大學 資訊管理學研究所

  3. Introduction

  4. Background • With the rapid growth of the Internet, the realm of information security has attracted more and more attention. • A substantial number of techniques and methodologies have been proposed to protect networks against malicious attacks. • Many researchers in the field of information security have focused on the behavior of attackers and the defense methods of those under attack. 國立台灣大學 資訊管理學研究所

  5. The trend of Incidents An incident here means that a violation of security policy, such as an attack on a computer or an attempt to gain unauthorized access to some data. *1 http://www.cert.org/stats/cert_stats.html#incidents 國立台灣大學 資訊管理學研究所

  6. Survivability • Survivability • The capability of a system to fulfill its mission in a timely manner in the presence of attacks, failures, or accidents.*2 • A property of a system, subsystem, equipment, process, or procedure that provides a defined degree of assurance that the named entity will continue to function during and after a natural or man-made disturbance.*3 • The robustness under conditions of intrusion, failure, or accident.*4 *2 Ellison, R. J., R. C. Linger, T. Longstaff, N. R. Mead, “A Case Study in Survivable Network System Analysis,” SEI, Sep 1998. *3 U.S. Department of Commerce, National Telecommunications and Information Administration, Institute for Telecommunications Services, Federal Standard 1037C. *4 Kyamakya, K., Jobman, K.; Meincke, M., “Security and Survivability of Distributed Systems: an Overview,” 21st Century Military Communications Conference Proceedings, Volume 1, IEEE, 2000, pp. 1204-1208. 國立台灣大學 資訊管理學研究所

  7. Summary of Survivability • The continuity of service under an attack • The provision of strategy against an attack • The ability to protect the system from being compromised • The survivability is the measurement of information security, which indicates the protection of the core node. 國立台灣大學 資訊管理學研究所

  8. Core Node • The key asset of enterprises or organizations is their know-how. Usually, they store their most valuable and sensitive knowledge in a network domain, called the “core node”, which attackers try their hardest to compromise. • However, enterprises or organizations have finite information security budgets to purchase security products or obtain expert advice to enhance network survivability. 國立台灣大學 資訊管理學研究所

  9. Motivation • Attack-Defense Behavior • We want to formalize the attack-defense behavior. • Core Node • Defenders will take a strategy to protect the core node. • Limited Theoretical Research • There is limited theoretical research on the allocation of defense resources. • Make the Attack Cost Unacceptable • To make the cost of attacking the core node unacceptable to the attacker. 國立台灣大學 資訊管理學研究所

  10. PSD Model

  11. Problem Assumptions • The attacker is on node s. • Only one node (node t, the core node) is the target of attack. • A node i is the subject of the attack only if a path exists from node s to node i, where all the intermediate nodes on the path have been compromised. • If attack cost or more is applied to node i, then the node will be compromised. • Both the attacker and defender have complete information about the network. • The attacker will always find the best strategy to reach the objective. • The defender is subject to the total budget constraint. • No link attacks are considered. • No random failures are considered. • The network is viewed at the AS level. 國立台灣大學 資訊管理學研究所

  12. Problem Description • Given: • Network topology • Total budget of the defender • The cost of compromising a node is a function of the node’s budget allocation • Objective: • To maximize the minimized total attack cost • Subject to: • Budget constraint of the defender • To determine: • The budget allocated to each node by the defender • Which nodes will be compromised by the attacker • Which routing path will be chosen to reach the core node 國立台灣大學 資訊管理學研究所

  13. Problem Description (Cont’d) D O 國立台灣大學 資訊管理學研究所

  14. Notations 國立台灣大學 資訊管理學研究所

  15. Attacker Defender Budget Constraints Path Constraints Problem Formulation 國立台灣大學 資訊管理學研究所

  16. Shortest Path Constraint Replacement Constraint Path Constraints 0/1 Constraint Budget Constraints Problem Reformulation 國立台灣大學 資訊管理學研究所

  17. PPSD Model

  18. Problem Assumptions • The attacker is on node s. • Only one node (node t, the core node) is the target of attack. • A node i is the subject of the attack only if a path exists from node s to node i. • Both the attacker and defender have complete information about the network. • The attacker will always find the best strategy to reach the objective. • The defender is subject to the total budget constraint. • No link attacks are considered. • No random failures are considered. • Attacks on nodes are independent. • The network is viewed at the AS level. 國立台灣大學 資訊管理學研究所

  19. Problem Description • Given: • Network topology • Total budget of the defender • The probability that a node will be compromised is a function of its budget allocation. • Objective: • To minimize the maximized compromise probability of the network • Subject to: • Budget constraint of the defender • To determine: • The budget allocated to each node by the defender • Which nodes will be compromised by the attacker • Which routing path will be chosen to reach the core node 國立台灣大學 資訊管理學研究所

  20. Problem Description (Cont’d) D O 國立台灣大學 資訊管理學研究所

  21. Attacker Defender Budget Constraints Path Constraints Problem Formulation 國立台灣大學 資訊管理學研究所

  22. Shortest Path Constraint Replacement Constraint Path Constraints 0/1 Constraint Budget Constraints Problem Reformulation 國立台灣大學 資訊管理學研究所

  23. Solution Approach

  24. Lagrangean Relaxation Method LR 1 LR 2 SUB 1-1 SUB 1-2 SUB 2-1 SUB 2-2 xp yi, bi xp yi, bi O(|N|3) O(|N|2) O(|N|2) O(|N|) 國立台灣大學 資訊管理學研究所

  25. Getting Primal Feasible Solution Budget 2Epsilon D O 國立台灣大學 資訊管理學研究所

  26. Experiment Results

  27. Experiment Results for the PSD Model Survivability Factor: 國立台灣大學 資訊管理學研究所

  28. Experiment Results for the PSD Model (Cont’d) 國立台灣大學 資訊管理學研究所

  29. Experiment Results for the PPSD Model Scenario 1 (λ1=0.1, λ2=0.2 ) • We assume that 20% nodes of a network are more important, with a low and stable compromise probability. • Others 80% nodes of the network are initially much more vulnerable, with a rapidly reduced compromise probability. 國立台灣大學 資訊管理學研究所

  30. Experiment Results for the PPSD Model Scenario 1 (Cont’d) λ1=0.1, λ2=0.2 λ1=0.1, λ2=0.4 λ1=0.1, λ2=0.4 國立台灣大學 資訊管理學研究所

  31. Experiment Results for the PPSD Model Scenario 2 • We assume that the O-D pair initially has a certain level of protection. • Compromise probabilities of the other nodes are randomly given, corresponding to real world network environment. 國立台灣大學 資訊管理學研究所

  32. Experiment Results for the PPSD Model Scenario 2 (Cont’d) 國立台灣大學 資訊管理學研究所

  33. Conclusion & Future Work

  34. Conclusion • Defense in Depth • Node Characteristics • Adaptive - King and Castle 國立台灣大學 資訊管理學研究所

  35. Contribution • We propose a mathematical model to well formulate attack-defense behavior and derive a quantitative survivability analysis factor. • We provide defenders an effectively defense resource allocation strategy to prevent the core node from being compromised due to its high attack cost, even in different-sized networks and topologies. • By applying the proposed algorithm, we can obtain a maximal attack cost threshold at. Therefore, the survivability factor would be P(A|A>at). 國立台灣大學 資訊管理學研究所

  36. O D Future Work • Function • Multiple Core Nodes • Choke Point 國立台灣大學 資訊管理學研究所

  37. Thank You

  38. Scale-Free Networks • The Rich Get Richer • Power Law Distribution • Robust for Random Failures • An Achilles’ Heel *5 Albert-László Barabási and E. Bonabeau. “Scale-Free Networks” Scientific American 288, 60-69 (2003). 國立台灣大學 資訊管理學研究所

  39. Lagrangean Relaxation - PSD Model 國立台灣大學 資訊管理學研究所

  40. Subproblem 1 - Related to Decision Variable xp Apply Dijkstra’s shortest path algorithm Time complexity: O(|N|2) 國立台灣大學 資訊管理學研究所

  41. Subproblem 2 - Related to Decision Variables yi, bi Decompose into |N| subproblems Time complexity: O(|N|3) 國立台灣大學 資訊管理學研究所

  42. Lagrangean Relaxation - PPSD Model 國立台灣大學 資訊管理學研究所

  43. Subproblem 1 - Related to Decision Variable xp Apply Dijkstra’s shortest path algorithm Time complexity: O(|N|2) 國立台灣大學 資訊管理學研究所

  44. Subproblem 2 - Related to Decision Variables yi, bi Decompose into |N| subproblems Time complexity: O(|N|) 國立台灣大學 資訊管理學研究所

  45. Experiment Results for the PPSD Model Scenario 1 (λ1=0.2, λ2=0.4 ) 國立台灣大學 資訊管理學研究所

  46. Experiment Results for the PPSD Model Scenario 1 (λ1=0.2, λ2=0.6 ) 國立台灣大學 資訊管理學研究所

  47. Experiment Results for the PPSD Model Scenario 1 (λ1=0.2, λ2=0.8 ) 國立台灣大學 資訊管理學研究所

  48. Gap Explanation LR Procedure Actually O Gap D 國立台灣大學 資訊管理學研究所

More Related