Cloud-based Testbed for Simulation of Cyber Attacks D. Kouil, T. - - PowerPoint PPT Presentation

cloud based testbed for simulation of cyber attacks
SMART_READER_LITE
LIVE PREVIEW

Cloud-based Testbed for Simulation of Cyber Attacks D. Kouil, T. - - PowerPoint PPT Presentation

Aug 28, 2023 150 likes •354 views

Cloud-based Testbed for Simulation of Cyber Attacks D. Kouil, T. Rebok, T. Jirsk, J. egan, M. Draar, M. Vizvry, J. Vykopal { lastname }@ics.muni.cz IEEE/IFIP Network Operations and Management Symposium, NOMS 2014 5-9 May 2014, Krakow,

slide-1
SLIDE 1

Cloud-based Testbed for Simulation of Cyber Attacks

  • D. Kouřil, T. Rebok, T. Jirsík, J. Čegan,
  • M. Drašar, M. Vizváry, J. Vykopal

{lastname}@ics.muni.cz IEEE/IFIP Network Operations and Management Symposium, NOMS 2014 5-9 May 2014, Krakow, Poland

slide-2
SLIDE 2

Part I Introduction

Kouřil et al. Cloud-based Testbed for Simulation of Cyber Attacks 2 / 19

slide-3
SLIDE 3

Motivation

Current status Ubiquitous cyber attacks Need to be studied and understood What do we need? Real-world arrangements simulation Sufficient isolation and control User friendly environment (easy to instantiate and use)

Kouřil et al. Cloud-based Testbed for Simulation of Cyber Attacks 3 / 19

slide-4
SLIDE 4

Requirements statement

Network-related requirements Host-related requirements Monitoring infrastructure Control requirements Deployment requirements

Kouřil et al. Cloud-based Testbed for Simulation of Cyber Attacks 4 / 19

slide-5
SLIDE 5

Part II Cybernetic Proving Ground

Kouřil et al. Cloud-based Testbed for Simulation of Cyber Attacks 5 / 19

slide-6
SLIDE 6

About

Features Simulation of a large network, systems, services and applications. Monitoring of network behaviour, detection and mitigation of anomalies and attacks. Cloud environment for repeatable investigation of cyber threats. Cloud Enables computing of resource-intensive tasks. Remote secure access of users around the world. Enables providing CPG to third parties as a service.

Kouřil et al. Cloud-based Testbed for Simulation of Cyber Attacks 6 / 19

slide-7
SLIDE 7

General architecture

Entry Node

Scenario Management Node

Sandbox 1

Scenario Management Node

Sandbox 2

Scenario Management Node

Sandbox n

Cloud environmnet

Multiple Users Various Scenarios

Kouřil et al. Cloud-based Testbed for Simulation of Cyber Attacks 7 / 19

slide-8
SLIDE 8

Sandbox architecture

Scenario Management Scenario Configuration Scenario Management node Management & Measurement channel Network traffic LAN 2 LAN 1 LAN n Database Data Processing Kouřil et al. Cloud-based Testbed for Simulation of Cyber Attacks 8 / 19

slide-9
SLIDE 9

Networking

ISO Layers L2 layer is provided by CPG L3 completely under user control Flexibility IPv4, IPv6 Non-IP protocols Emulation of various network characteristics (delays, bandwidth limits, dropped packets) Components Management Network Simulated Network Lan Management Node

Kouřil et al. Cloud-based Testbed for Simulation of Cyber Attacks 9 / 19

slide-10
SLIDE 10

L2 Architecture

Station 1

VM 1

Station 2

VM 2

Station 3

VM 3

PC 1 Hypervisor PC 2 Switch 1

VM 4

Hypervisor PC 3 Physical Switch Hypervisor

Hypervisor

Kouřil et al. Cloud-based Testbed for Simulation of Cyber Attacks 10 / 19

slide-11
SLIDE 11

L3 Architecture

DHCP

Open vSwitch

Mgmt WAN

firewall netem/tc

Network traffic Measured data

probe

Kouřil et al. Cloud-based Testbed for Simulation of Cyber Attacks 11 / 19

slide-12
SLIDE 12

Monitoring infrastructure

Network monitoring Network flow monitoring Automatic configuration Host monitoring Nested virtualization munin

Probe Collector

IPFIX

SRC and DST IP addr SRC and DST port Protocol number Lifetime Sum of bytes TCP flags Others

Data analysis

Kouřil et al. Cloud-based Testbed for Simulation of Cyber Attacks 12 / 19

slide-13
SLIDE 13

Benefits for users

Easier investigation of cyber threats and attack Automated gathering and processing of data generated during security scenarios. Creating database of malicious code (malware, worms, botnets). Visualization of significant aspects of the scenarios. Traffic analysis and forensics Acquisition, storage and analysis of network traffic statistics. Analysis of malware – at infected host as well as in network. Validation of processes of incident handling and response.

Kouřil et al. Cloud-based Testbed for Simulation of Cyber Attacks 13 / 19

slide-14
SLIDE 14

Part III Use-cases

Kouřil et al. Cloud-based Testbed for Simulation of Cyber Attacks 14 / 19

slide-15
SLIDE 15

Security scenario

What is it? General description of environment, components, actions, expected outcomes of particular experiment What does it consist of? Scenario description Technical description

Variation description Network topology including node types List of events List of actions Characteristic manifestations

Kouřil et al. Cloud-based Testbed for Simulation of Cyber Attacks 15 / 19

slide-16
SLIDE 16

Simulation of DDoS

Kouřil et al. Cloud-based Testbed for Simulation of Cyber Attacks 16 / 19

slide-17
SLIDE 17

Work in progress

Attacks to critical infrastructure: Domain Name System Testing tools Research and development Forensic analysis of infected files and applications Observation and monitoring of captured artifacts Scenario repeatability Penetration testing Testing of detection tools Training of penetration testers

Kouřil et al. Cloud-based Testbed for Simulation of Cyber Attacks 17 / 19

slide-18
SLIDE 18

Future work

Training of security teams Commented analysis of scenarios Cyber war game in CPG CPG as a service Remote access to CPG to third parties New scenarios “on demand“

Kouřil et al. Cloud-based Testbed for Simulation of Cyber Attacks 18 / 19

slide-19
SLIDE 19

Thank You For Your Attention! Cloud-based Testbed for Simulation of Cyber Attacks

  • D. Kouřil

T.Rebok

  • T. Jirsík

J.Čegan

  • M. Drašar
  • M. Vizváry
  • J. Vykopal

Home page

http://www.muni.cz/ics/kypo

Kouřil et al. Cloud-based Testbed for Simulation of Cyber Attacks 19 / 19