1 / 40

Research Direction Introduction

Research Direction Introduction. Advisor: Professor Frank, Y.S. Lin Presented by Chi-Hsiang Chan. Agenda. Introduction Collaborative Attack Virtualization Problem description Scenario. Agenda. Introduction Collaborative Attack Virtualization Problem description Scenario.

teresa
Download Presentation

Research Direction Introduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Research Direction Introduction Advisor: Professor Frank, Y.S. Lin Presented by Chi-Hsiang Chan

  2. Agenda • Introduction • Collaborative Attack • Virtualization • Problem description • Scenario

  3. Agenda • Introduction • Collaborative Attack • Virtualization • Problem description • Scenario

  4. Collaborative Attack • Collaborative attacks are characterized by the prevalence of coordination before and during attacks. [1] • Collaborative attacks in general would involve multiple human attackers or criminal organizations that have respective adversarial expertise but may not fully trust each other. • Collaborative attacks are more powerful than the sum of the underlying individual attacks that can be launched by the individual attackers independently.

  5. Collaborative Attack

  6. Collaborative Attack • Advantages of Collaborative Attack [2] • Coordinated attacks could be designed to avoid detection. • It is difficult to differentiate between decoy and actual attacks. • There is a large variety of coordinated attacks.

  7. Virtualization • Definition • Virtualization refers to technologies designed to provide a layer of abstraction between computer hardware systems and the software running on them.[3] Source: vmware

  8. Virtualization • Benefit • cost down • efficiency • scalability • easy to have multiple operating system environment • increase the space utilization efficiency in your data center by server consolidation • Virtualization is the key to cloud computing

  9. IDS • an Intrusion detection system (IDS) is a security system that monitors computer systems and network traffic and analyzes that traffic for possible hostile attacks originating from outside the organization and also for system misuse or attacks originating from inside the organization.[4] • Do more protect than firewall which filter incoming traffic from the Internet.

  10. IDS • Two types of IDS • Host IDS(HIDS) • Network IDS(NIDS) • The trade-off is evident when comparing HIDS and NIDS • NIDS offers high attack resistance at the cost of visibility. • HIDS offers high visibility but sacrifice attack resistance.

  11. Agenda • Introduction • Collaborative Attack • Virtualization • Problem description • Scenario

  12. Problem Description ?

  13. Attacker View • Commander • Attackers • Initial location • Budget • Capability • Objective • Steal confidential information • Service disruption

  14. Defender View • Special Defense Resource • Cost budget • VM IDS (Signature) [5] • Cloud security service • Costless(Decrease QoS) • VM local defense • Dynamic topology reconfiguration [6]

  15. Per Hop Decision • Period decision • Early stage • Late stage • Strategy decision by criteria • compromise → risk avoidance • pretend to attack → risk tolerance • No. of Attackers • Choose ideal attackers • Aggressiveness • Attack Energy • Budget • Capability

  16. Time Issue • Attackers • Compromise time • Recovery time • Defender • Signature generate • Reconfiguration impact QoS

  17. Synergy • Pros • Decrease Budget cost of each attacker • Less recovery time • Less compromise time • Cons • Probability of detected

  18. Early Period, Risk Avoidance • Purpose • Try to compromise nodes as fast as they can • Keep the stronger attackers for compromise core nodes

  19. Agenda • Introduction • Collaborative Attack • Virtualization • Problem description • Scenario

  20. Scenario General node Core node Cloud security agent Third party’s defense center Cloud security provider VMM environment

  21. Scenario A E B F C I G D J H

  22. Early Stage Attack Strategy A E B F C I G D J H

  23. Local Defense A E B F C I G D J H

  24. Signature generating… IPDS request signature A E B F C I G D J H

  25. Signature generating… Late Stage Attack Strategy A E B F C I G D J H

  26. Signature generating… Attack VMM A E B F C I G D J H

  27. Signature generating… Risk Level、Reconfiguration A E B F C I G D J H

  28. Signature generating… Cloud Security Service A E B F C I G D J H

  29. Transfer Signature A E B F C I G D J H

  30. Failure of Attacker A E B F C I G D J H

  31. Failure of Defender A E B F C I G QoS D J H

  32. Thanks for your listening!!

  33. Reference • [1] S. Xu, “Collaborative Attack vs. Collaborative Defense”, Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, Volume 10, Part 2, pp.217-228,2009 • [2] S. Braynov and M. Jadliwala, “Representation and Analysis of Coordinated Attacks”, FMSE'03, 2003 • [3] J. K. Waters, “Virtualization Definition and Solutions”, 2008, http://www.cio.com/article/40701/Virtualization_Definition_and_Solutions • [4] SANS Institute InfoSec Reading Room, "Intrusion Detection Systems: Definition, Need and Challenges," 2001. • [5] T. Garfinkel and M. Rosenblum, “A Virtual Machine Introspection Based Architecture for Intrusion Detection”, Proc. Network and Distributed Systems Security Symposium, 2003

  34. Reference • [6] M. Atighetchi, P. Pal, F. Webber and C. Jones, “Adaptive Use of Network-Centric Mechanisms in Cyber-Defense”, BBN Technologies LLC

  35. Appendix

  36. Host-based IDS • HIDS obtains information by watching local activity on a host: • processes, system calls, logs, etc. • Advantages: • Detailed information about system activities. • Greater accuracy and fewer false positives. • Weakness: • Highly dependent on host systems. • Can be deactivated or tampered by a successful intruder.

  37. Network-based IDS • NIDS obtains data by monitoring the traffic in the network. • Advantages: • Operating System-independent. • Can detect attack attempts outside the firewall. • Difficult for attackers to displace their evidences. • Weakness: • In high-traffic networks, a network monitor could potentially miss packets, or become a bottleneck. • Hard to get detailed information of hosts.

  38. Period • N:ThetotalnumbersofnodesintheDefenseNetworks. • F:ThetotalnumbersofnodewhichiscompromisedintheDefenseNetworks.

  39. Selection Criteria

  40. No.ofAttackers • M : Numberofselectedcandidates • SuccessRate(SR) =RiskAvoidanceCompromised/RiskAvoidanceAttacks

More Related