hypothesis testing for network security
play

Hypothesis Testing for Network Security Philip Godfrey, Matthew - PowerPoint PPT Presentation

May 21, 2023 •128 likes •373 views

Hypothesis Testing for Network Security Philip Godfrey, Matthew Caesar, David Nicol, William H. Sanders, Dong Jin INFORMATION TRUST INSTITUTE University of Illinois at Urbana-Champaign We need a science of security Practice of doing

  1. Hypothesis Testing for Network Security Philip Godfrey, Matthew Caesar, David Nicol, William H. Sanders, Dong Jin INFORMATION TRUST INSTITUTE University of Illinois at Urbana-Champaign

  2. We need a science of security • Practice of doing cyber-security research needs to change – Attempts based on reaction to known/imagined threats – Too often applied in ad-hoc fashion • SoS program: move security research beyond ad-hoc reactions – Need a principled and rigorous framework – Need a scientific approach 2

  3. What is science? sci·ence noun \ ˈsī - ən (t)s\ : the systematic study of the structure and behavior of the natural and physical world through observation and experiment The scientific method 1. Ask a question 2. Formulate a hypothesis 3. Design and conduct an experiment 4. Analyze results 3

  4. Towards a science of security • Can we apply the scientific method to the domain of cybersecurity? – Challenges: complex, large scale+dynamic environments, many protocols/mechanisms – Opportunities: isolation, rigorous analyses, formal models, automation • Can we develop a methodology for science of security? 4

  5. Our work • NetHTM: a methodology for science of security – Techniques for performing/integrating security analyses to rigorously answer hypotheses about end to end security of a network • Core: hypothesis evaluation engine – Input: testable hypotheses, formal model of system – Automatically designs and conducts experiments to evaluate veracity of hypotheses • Our focus: Network data flow security – Builds upon our prior work in formal network modeling 5

  6. Overall System Architecture Security Scientist Hypotheses • “All network paths traverse a firewall” “Fraction of CRE vulnerabilities in • network, given set of deployed ACLs, is less than 1%” NetHTM Hypothesis Testing Platform System under evaluation Results 6

  7. Active sub-tasks and Status • Task 1: Methodologies for modeling and analyzing networks – Core Network Model – Modeling virtualized networks [best paper award, HotSDN 2014] • Task 2: Automated techniques for hypothesis testing – Automated experiment construction algorithm – Database model of network behavior • Task 3: Realizing a practical system – Modeling dynamic behaviors [NSDI 2015] 7

  8. Let’s start with a router Configuration Control Plane Data Plane Network Forwarding 8

  9. One approach: Build a model of the router Input • Pros: Configuration – Can test prior to deployment • Cons: Control Plane – Modeling is complex – Prediction Data Plane Predicted misses bugs in control plane – Requires vendor Network support Forwarding 9

  10. Our approach: Just model the data plane Configuration • Pros: – Checks as close as possible to network Control Plane behavior – Unified analysis for multiple Data Plane Input protocols – Catches implementation Network bugs Predicted Forwarding 10

  11. Our approach: Data-plane modeling • Challenge: need some general way to express complex forwarding behavior • Solution: Represent data plane as boolean functions – Can leverage well-understood approaches to SAT solving, to check hypotheses against data plane – Translate SAT results to report hypothesis veracity along with diagnostic information 11

  12. Examples Packet Filtering Longest Prefix Matching Destination Interface Destination Interface 10.1.1.0/24 v 10.1.1.0/24 v 10.1.1.128/25 w Drop port 80 to v v v u u w Similar approaches to handle NAT, multicast, ACLs, encapsulation, MPLS label swapping, OpenFlow, etc. P(u,v) = IP dest ∈ 10.1.1.0/24 P(u,v) = IP dest ∈ 10.1.1.0/24 ^ IP dest ∉ 10.1.1.128/25 ^ Port dest ≠ 80 12

  13. Automating Hypothesis Testing • Could directly extend existing techniques (e.g., SAT solvers) – Problem: not very scalable • Alternative solution: represent and test Boolean functions as graph traversals • Main idea: – Represent network state as a forwarding graph – Translate hypothesis tests into graph traversals 13

  14. Limiting the Search Space Hypothesis Testing Engine Equivalence class: Packets experiencing Generate the same forwarding Updates Equivalence Classes actions throughout the network. 64.0.0.0/3 0.0.0.0/1 Fwd’ing rules 0.0.0.0/0 Equiv. classes 1 2 3 4 14

  15. Limiting the Search Space Hypothesis Testing Engine Generate Generate Updates Equivalence Forwarding Classes Graphs Forwarding All the info to answer hypotheses graphs: 15

  16. Limiting the Search Space Hypothesis Testing Engine Generate Generate Updates Equivalence Forwarding Run Experiments Classes Graphs Incorrect Correct Hypotheses Hypotheses Black holes, Result report Routing loops, • Experimental step Isolation of multiple VLANs, that violates Access control policies hypothesis • Affected set of packets 16

  17. Evaluation • Simulated an IP network using a Rocketfuel topology – Replayed Route Views BGP traces – 172 routers, 90K BGP updates – Microbenchmarked each phase of HTE’s operation 17

  18. Single-Hypothesis Testing Speed 97.8% of experiments concluded within 1 millisecond 18

  19. Dealing with System Dynamics • Challenge: Networks are Dynamic and Nondeterministic – May not always know what will happen given an input – May not always have up to date state – May not be fully deployed • Solution approach: dealing with “uncertainty” – Explicitly model uncertainty in network’s current state 19

  20. Motivating example Case 1: update ? B C S2 S1 [nh=D received I want to shift Should I send B traffic from S1 Case 2: update not ? B C S2 [nh=C] now? S1 to S2. yet received Change your next hop Change your next hop Controller to S2 to C nh=S2 nh=C B C 20 S1 S2

  21. Uncertainty-aware modeling: Approach “uncertain” links “certain” links 1. Derive possible network states, given inputs 2. Represent possible states using symbolic “uncertainty graph” 3. Traverse graph to test hypotheses 4. Update graph as information comes in 21 Network changes, acks from network, certain delays pass –

  22. Technical approach Controller GCC Network Model Update Update Pass Pending Updates Stream of Analysis Updates Update Engine Network Confirm Fail 22

  23. Hypothesis Testing Time in Dynamic Networks 80% of the hypotheses tested within 10 microseconds 23

  24. Conclusion • We are constructing a hypothesis testing engine for SoS – Analysis methodology for reasoning about science of security of networks – Adds to theoretical underpinnings of SoS, supports practice of SoS • Early results indicate feasibility – Experiments run in milliseconds on complex networks • Interested in working with you – My contact info: caesar@illinois.edu 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Hypothesis Testing Framework for Network Security P. Brighten Godfrey University of Illinois

A Hypothesis Testing Framework for Network Security P. Brighten Godfrey University of Illinois

A Hypothesis Testing Framework for Network Security P. Brighten Godfrey University of Illinois at Urbana-Champaign TSS Seminar, September 15, 2015 Part of the SoS Lablet with David Nicol Kevin Jin Matthew Caesar Bill Sanders Work with

939 views • 49 slides
Gov 2000: 6. Hypothesis Testing Matthew Blackwell October 11, 2016 1 / 55 1. Hypothesis

Gov 2000: 6. Hypothesis Testing Matthew Blackwell October 11, 2016 1 / 55 1. Hypothesis

Gov 2000: 6. Hypothesis Testing Matthew Blackwell October 11, 2016 1 / 55 1. Hypothesis Testing Examples 2. Hypothesis Test Nomenclature 3. Conducting Hypothesis Tests 4. p-values 5. Power Analyses 6. Exact Inference* 7. Wrap up 2 / 55

929 views • 63 slides
Chapter 6 Hypothesis Testing What is Hypothesis Testing? the use of statistical

Chapter 6 Hypothesis Testing What is Hypothesis Testing? the use of statistical

Chapter 6 Hypothesis Testing What is Hypothesis Testing? the use of statistical procedures to answer research questions Typical research question (generic): For hypothesis testing, research questions are statements: This is

243 views • 22 slides
Chapter 6 Hypothesis Testing What is Hypothesis Testing? the use of statistical

Chapter 6 Hypothesis Testing What is Hypothesis Testing? the use of statistical

Chapter 6 Hypothesis Testing What is Hypothesis Testing? the use of statistical procedures to answer research questions Typical research question (generic): For hypothesis testing, research questions are statements: This is

770 views • 50 slides
Testing 6.1 Specification testing Michel Bierlaire A short reminder on hypothesis testing

Testing 6.1 Specification testing Michel Bierlaire A short reminder on hypothesis testing

Testing 6.1 Specification testing Michel Bierlaire A short reminder on hypothesis testing Hypothesis testing is a method to contradict a theoretical assumption using data. In his seminal book on design of experiments, Fisher (1937) uses

526 views • 3 slides
Statistics'and' Hypothesis'Testing

Statistics'and' Hypothesis'Testing

Statistics'and' Hypothesis'Testing NENS230:DataAnalysisfortheBiosciencesusingMATLAB EddyAlbarran November3,2015 AnalysisMethodology Data Exploratory Hypothesis DataAnalysis Testing

985 views • 61 slides
Hypothesis Testing for a Proportion August 21, 2019 August 21, 2019 1 / 64 Hypothesis Testing

Hypothesis Testing for a Proportion August 21, 2019 August 21, 2019 1 / 64 Hypothesis Testing

Hypothesis Testing for a Proportion August 21, 2019 August 21, 2019 1 / 64 Hypothesis Testing Framework Suppose were interested in examining how people perform on a multiple choice question related to world health. We might like to

1.37k views • 64 slides
STAT 113 Hypothesis Testing I Colin Reimer Dawson Oberlin College October 5, 2017 1 / 17

STAT 113 Hypothesis Testing I Colin Reimer Dawson Oberlin College October 5, 2017 1 / 17

Hypothesis Testing Null Hypothesis Testing Formulating Statistical Hypotheses Preview: Quantifying Evidence STAT 113 Hypothesis Testing I Colin Reimer Dawson Oberlin College October 5, 2017 1 / 17 Hypothesis Testing Null Hypothesis

321 views • 17 slides
Hypothesis testing get data that differ from the null hypothesis. If the data would be quite

Hypothesis testing get data that differ from the null hypothesis. If the data would be quite

Hypothesis testing asks how unusual it is to Hypothesis testing get data that differ from the null hypothesis. If the data would be quite unlikely under H 0 , we reject H 0 . So we need to know how good the sample is, and how likely it is that

334 views • 14 slides
STAT 215 Hypothesis Testing I Colin Reimer Dawson Oberlin College September 7, 2017 1 / 14

STAT 215 Hypothesis Testing I Colin Reimer Dawson Oberlin College September 7, 2017 1 / 14

Inference Goals Hypothesis Testing Philosophy of Null Hypothesis Testing Formulating Statistical Hypotheses STAT 215 Hypothesis Testing I Colin Reimer Dawson Oberlin College September 7, 2017 1 / 14 Inference Goals Hypothesis Testing

251 views • 14 slides
Sequential techniques for Hypothesis testing & Change detection George V. Moustakides

Sequential techniques for Hypothesis testing & Change detection George V. Moustakides

Sequential techniques for Hypothesis testing & Change detection George V. Moustakides University of Patras Outline Sequential hypothesis testing The Sequential Probability Ratio Test (SPRT) for optimum hypothesis testing

393 views • 27 slides
SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS Few Security Breaches Date: 2013-14 September 2016, while in negotiations to

404 views • 18 slides
Hypothesis Testing Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Hypothesis Testing Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Hypothesis Testing Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay August 22, 2012 1 / 23 Basics of Hypothesis Testing What is a Hypothesis? One situation among a set of

501 views • 23 slides
Testing Specification testing Michel Bierlaire Introduction to choice models Differences from

Testing Specification testing Michel Bierlaire Introduction to choice models Differences from

Testing Specification testing Michel Bierlaire Introduction to choice models Differences from classical hypothesis testing Classical hypothesis testing: example Null hypothesis ( H 0 ) A simple hypothesis contradicting a theoretical

516 views • 33 slides
Hypothesis testing Hypothesis tests are most often used to make a statement about superiority,

Hypothesis testing Hypothesis tests are most often used to make a statement about superiority,

Hypothesis testing Hypothesis tests are most often used to make a statement about superiority, inferiority or equality of treatments. Confidence intervals do contain this information also, but the conclusion is a bit more difficult to extract.

242 views • 13 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
NAT & IPTables NAT & IPTables NAT & IPTables From ACCEPT to MASQUERADE From ACCEPT

NAT & IPTables NAT & IPTables NAT & IPTables From ACCEPT to MASQUERADE From ACCEPT

NAT & IPTables NAT & IPTables NAT & IPTables From ACCEPT to MASQUERADE From ACCEPT to MASQUERADE Tim(othy) Clark (eclipse) Tim(othy) Clark (eclipse) NAT IPv4 Hack One external IP for a whole network Used commonly

732 views • 13 slides
Disabling a Computer by Exploiting Softphone Vulnerabilities Ryan Farley and Xinyuan Wang George

Disabling a Computer by Exploiting Softphone Vulnerabilities Ryan Farley and Xinyuan Wang George

Disabling a Computer by Exploiting Softphone Vulnerabilities Ryan Farley and Xinyuan Wang George Mason University September 26, 2013 Where Innovation Is Tradition Threat and Mitigation Introduction Background Disabling the

535 views • 31 slides
OMNeT++ Community Summit, 2016 Visualization in the INET Framework Brno University of Technology

OMNeT++ Community Summit, 2016 Visualization in the INET Framework Brno University of Technology

OMNeT++ Community Summit, 2016 Visualization in the INET Framework Brno University of Technology Czech Republic September 15-16, 2016 Levente Mszros Motivation Example Implemented Visualizations for Communication Physical layer

469 views • 13 slides
XDP in Practice DDoS Mitigation @Cloudflare Gilberto Bertin About me Systems Engineer at

XDP in Practice DDoS Mitigation @Cloudflare Gilberto Bertin About me Systems Engineer at

XDP in Practice DDoS Mitigation @Cloudflare Gilberto Bertin About me Systems Engineer at Cloudflare London DDoS Mitigation Team Enjoy messing with networking and Linux kernel Agenda Cloudflare DDoS mitigation pipeline Iptables and

802 views • 65 slides
Problem Problem Problem A.R.S.S (Anonymity) AdBlock VPN DNS Crypt A.R.S.S (Reliability)

Problem Problem Problem A.R.S.S (Anonymity) AdBlock VPN DNS Crypt A.R.S.S (Reliability)

Problem Problem Problem A.R.S.S (Anonymity) AdBlock VPN DNS Crypt A.R.S.S (Reliability) OpenBSD Higher Availability IDS M:Tier A.R.S.S (Security) DNS Reshaping DNS Local Resolver NTP DMZ A.R.S.S (Stability) Packet

415 views • 16 slides
Flow Visualization Using MS-Excel Visualization for the Common Man Presented by Lee Rock and Jay

Flow Visualization Using MS-Excel Visualization for the Common Man Presented by Lee Rock and Jay

Flow Visualization Using MS-Excel Visualization for the Common Man Presented by Lee Rock and Jay Brown US-CERT Analysts Einstein Program Background US-CERT Mission Einstein Program > Large volumes of traffic > Architecture

529 views • 36 slides
TTN Mapper Processing 3 million crowd sourced LoRa packets JP Meijers Interests: Who am I?

TTN Mapper Processing 3 million crowd sourced LoRa packets JP Meijers Interests: Who am I?

TTN Mapper Processing 3 million crowd sourced LoRa packets JP Meijers Interests: Who am I? radio, weather, electronics, computers. Creator of TTN Mapper Amateur radio (HAM) ZS1JPM Based on methods used during my masters research No

616 views • 33 slides
Reliable Security Always NEEDHAM GROWTH CONFERENCE JANUARY 2019 1. CONFIDENTIAL | DO NOT

Reliable Security Always NEEDHAM GROWTH CONFERENCE JANUARY 2019 1. CONFIDENTIAL | DO NOT

Reliable Security Always NEEDHAM GROWTH CONFERENCE JANUARY 2019 1. CONFIDENTIAL | DO NOT DISTRIBUTE 1 CAUTIONARY STATEMENTS & DISCLOSURES This presentation and the accompanying oral presentation contain forward - looking

540 views • 32 slides

More recommend