moving target defense for the
play

Moving Target Defense for the Placement of Intrusion Detection - PowerPoint PPT Presentation

Mar 27, 2023 •293 likes •681 views

Moving Target Defense for the Placement of Intrusion Detection Systems in the Cloud Sailik Sengupta, Ankur Chowdhary, Subbarao Kambhampati Dijiang Huang SNAC Secure Networking and Yochan AI Lab Computing Lab Intrusion Detection Systems?

  1. Moving Target Defense for the Placement of Intrusion Detection Systems in the Cloud Sailik Sengupta, Ankur Chowdhary, Subbarao Kambhampati Dijiang Huang SNAC Secure Networking and Yochan AI Lab Computing Lab

  2. Intrusion Detection Systems? Attacker Web SQL G1 Server Server (W) (M)

  3. Intrusion Detection Systems? Network-Based Intrusion Detection Systems - Checks payload on the network to infer if it is (going to be) malicious. Attacker NIDS Web SQL G1 Server Server (W) (M)

  4. Intrusion Detection Systems? Host-Based Intrusion Detection Systems Network-Based Intrusion Detection Systems - Analyzes a computing system to detect - Checks payload on the network to infer if it anomalous behavior on it. Can monitor is (going to be) malicious. things from read/write access of files/folders to software calls that may record keystrokes etc. Attacker NIDS Web SQL G1 Server Server (W) (M) HIDS auditd itd

  5. Contents • Motivation • Problem Description • Solution Methods • Results • Conclusions

  6. Going All-out for Security in Large Cloud Networks  NIDS increases • Processing time of a packet • Number of packets sent over the internal network  HIDS increases • Use of resources on a particular host etc. Jha, S et al. 2002, Venkatesan, S et al. 2016

  7. Going All-out for Security in Large Cloud Networks  NIDS increases • Processing time of a packet • Number of packets sent over the internal network  HIDS increases • Use of resources on a particular host etc. Jha, S et al. 2002, Venkatesan, S et al. 2016

  8. Going All-out for Security in Large Cloud Networks  NIDS increases • Processing time of a packet • Number of packets sent over the internal network  HIDS increases • Use of resources on a particular host etc. Jha, S et al. 2002, Venkatesan, S et al. 2016

  9. Contents • Motivation • Problem Description • Solution Method • Results • Conclusions

  10. Intrusion Detection Systems in Cloud Networks Internet Administrator Physical Router Management Network Internal Network eth0 eth1 eth0 eth1 eth2 eth0 eth1 NIDS br-int NIDS br-int br-int Web SQL AD FTP Network Attack G1 Server Server G2 Server Server Monitoring Analyzer (W) (M) (D) (F) HIDS HIDS HIDS Cloud Controller Cloud Server 1 Cloud Server 2

  11. Intrusion Detection Systems in Cloud Networks Attacker could be located either outside or inside Internet Administrator Physical Router Attacker (stealthy attacker) the network. Management Network Internal Network eth0 eth1 eth0 eth1 eth2 eth0 eth1 Attacker NIDS br-int NIDS br-int br-int Web SQL AD FTP Network Attack G1 Server Server G2 Server Server Monitoring Analyzer (W) (M) (D) (F) HIDS HIDS HIDS Cloud Controller Cloud Server 1 Cloud Server 2

  12. Intrusion Detection Systems in Cloud Networks Attacker could be located either outside or inside Internet Administrator Physical Router Attacker (stealthy attacker) the network. Deploy a limited ( 𝑙 ) Management Network number of IDS in the Internal Network Cloud Network (that offer protection against known vulnerabilities in eth0 eth1 the cloud system). eth0 eth1 eth2 eth0 eth1 Attacker NIDS br-int NIDS br-int br-int Web SQL AD FTP Network Attack G1 Server Server G2 Server Server Monitoring Analyzer (W) (M) (D) (F) HIDS HIDS HIDS Cloud Controller Cloud Server 1 Cloud Server 2

  13. Intrusion Detection Systems in Cloud Networks Attacker could be located either outside or inside Internet Administrator Physical Router Attacker (stealthy attacker) the network. Deploy a limited ( 𝑙 ) Management Network number of IDS in the Internal Network Cloud Network (that offer protection against known vulnerabilities in eth0 eth1 the cloud system). eth0 eth1 eth2 eth0 eth1 Attacker NIDS br-int NIDS Challenge: br-int br-int How to place these 𝑙 Intrusion Detection Web SQL AD FTP Network Attack G1 Server Server G2 Server Server Systems? Monitoring Analyzer (W) (M) (D) (F) HIDS HIDS HIDS Cloud Controller Cloud Server 1 Cloud Server 2

  14. What can we do? How to place these 𝑙 Intrusion Detection Systems? - Static placement of IDS - Attacker learns the placement over time and thereby learns how to avoid it.

  15. Moving Target Defense How to place these 𝑙 Intrusion Detection Systems? - Static placement of IDS - Attacker learns the placement over time and thereby learns how to avoid it. - Dynamic placement of IDS - Keep moving the IDS that are activated at any given point of time

  16. Moving Target Defense Attack + Exploration How to place these 𝑙 Intrusion Detection Systems? Surface Shifting Zhuang et. al. 2014 Venkatesan 2016 Exploration Surface Shifting - Dynamic placement of IDS Lei et al. 2017 Al-Shaer et. al. 2013 Jajodia et. al. 2018 - Keep moving the IDS that are activated at any given point of time - How to move? - Stackelberg Security Game (SSG) Attack Surface Shifting Manadhata et. al. 2013 Detection Surface Shifting Zhu and Bashar 2013 Venkatesan et. al. 2016 Carter et. al. 2014 Prakash and Wellman 2015 Sengupta et al. 2018 Sengupta et. al. 2016, 2017 Chowdhury et. al. 2016 B. Bohara 2017 Prevention Surface Shifting

  17. Contents • Motivations • Problem Description • Solution Methods • Results • Conclusions

  18. Moving Target Defense – A Cloud Network Scenario These attacks can be selected from the Common Vulnerabilities and Exposures Internet Administrator Physical Router (CVEs) stored in the National Vulnerability Database (NVD). Each CVE has a • list of technologies it can effect. • Expertise required for being able to use it. Management Network Internal Network 〈 192.168.0.6, CVE-2016-0128 〉 eth0 eth1 eth0 eth1 eth2 eth0 eth1 〈 192.168.0.6, CVE-2015-1635 〉 Attacker NIDS br-int NIDS br-int br-int 〈 192.168.0.6, CVE-2011-0657 〉 Web SQL AD FTP Network Attack G1 Server Server G2 Server Server 〈 192.168.0.7, CVE-2008-5161 〉 Monitoring Analyzer (W) (M) (D) (F) HIDS HIDS HIDS 〈 192.168.0.9, CVE-2008-5161 〉 Cloud Controller Cloud Server 1 Cloud Server 2

  19. Game Theoretic Modeling Selects a vulnerability to attack Number of defender strategies is 𝑜 𝑙 . Combinatorial Explosion! . . . Selects 2 nodes to deploy IDS in

  20. Game Theoretic Modeling Selects a vulnerability to attack Number of defender strategies is 𝑜 𝑙 . Combinatorial 𝑆 𝐸 , 𝑆 𝐵 Explosion! Thus, the number of utility values that need to be specified is also large! . . . Selects 2 nodes to deploy IDS in

  21. Efficient Utility Modeling Number of defender strategies is 𝑜 𝑙 . Combinatorial Explosion! Thus, the number of utility Covered Not covered Covered Not covered values that need to be specified is also large!  Break it down!  Define Utility values for each 𝐸 𝐵 𝐵 𝐸 𝑉 𝑣,𝑏 𝑉 𝑣,𝑏 𝑉 𝑑,𝑏 𝑉 𝑑,𝑏 player for each IDS placement. Allocated an IDS Did not. to detect attack a

  22. Common Vulnerability Scoring Service Common Vulnerability Scoring Systems (CVSS)* • Is a scoring matrix for CVEs maintained by security experts across the world. • It has 2 high level scores: Covered Not covered Covered Not covered • Impact Score (IS) • Exploitability Score (ES) • One can generate a Base Score for each CVE based on formulas 𝐸 𝐵 𝐵 𝐸 𝑉 𝑣,𝑏 𝑉 𝑣,𝑏 𝑉 𝑑,𝑏 𝑉 𝑑,𝑏 defined by security experts. BS = f(IS, ES)

  23. Obtaining Utility Values Common Vulnerability Scoring Systems (CVSS)* • Is a scoring matrix for CVEs maintained by security experts across the world. -1 * bet. -1*impact -1 * exp base cen. value • It has 2 high level scores: Covered Not covered Covered Not covered • Impact Score (IS) • Exploitability Score (ES) −5.7 −6.4 −8.6 +6.8 • One can generate a Base Score for each CVE based on formulas 𝐸 𝐵 𝐵 𝐸 𝑉 𝑣,𝑏 𝑉 𝑣,𝑏 𝑉 𝑑,𝑏 𝑉 𝑑,𝑏 defined by security experts. BS = f(IS, ES)

  24. Defender’s expected utility Multi-objective function maximization that, - Ensures the least impact of performance, - Maximizes the security

  25. Defender’s expected utility Multi-objective function maximization that, - Ensures the least impact on performance, - Maximizes the security Attacker selects the attack a′ that maximize their utility 𝑥 𝑏′ = 1 Inspired from P Paruchuri et al. 2008

  26. Defender’s expected utility Turns out this is equivalent to solving multiple LPs where you pre-decide the action an attacker will take. Thus, can be computed in polynomial time. We prove equivalence to a modified version of the multiple LP approach in Korzhyk et al. 2010 Attacker selects the attack a′ that maximize their utility 𝑥 𝑏′ = 1

  27. Contents • Motivations • Problem Description • Solution Methods • Results • Conclusions

  28. Experiments Administrator Physical Router Internet Management Network Internal Network eth0 eth1 eth0 eth1 eth2 eth0 eth1 Attacker NIDS br-int NIDS br-int br-int Web SQL AD FTP Network Attack G1 Server Server G2 Server Server Monitoring Analyzer (W) (M) (D) (F) HIDS HIDS HIDS Cloud Controller Cloud Server 1 Cloud Server 2

  29. Finding implementable strategies 𝑞 𝑢,𝑏

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber

Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber

Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber moving target technique refers to any technique that attempts to defend a system and increase the complexity of cyber attacks by making the system

728 views • 27 slides
OF-RHM: Transparent Moving Target Defense using Software Defined Networking Haadi Jafarian, Qi

OF-RHM: Transparent Moving Target Defense using Software Defined Networking Haadi Jafarian, Qi

OF-RHM: Transparent Moving Target Defense using Software Defined Networking Haadi Jafarian, Qi Duan and Ehab Al-Shaer ACM SIGCOMM HotSDN Workshop August 2012 Helsinki, Finland CyberDNA lab, UNC Charlotte Why IP Mutation Static assignment

571 views • 28 slides
A 1 Moving-target Defense Strategy for Cloud-based Services with Heterogeneous and Dynamic Attack

A 1 Moving-target Defense Strategy for Cloud-based Services with Heterogeneous and Dynamic Attack

A 1 Moving-target Defense Strategy for Cloud-based Services with Heterogeneous and Dynamic Attack Surfaces Wei Peng 1 Feng Li 1 Chin-Tser Huang 2 Xukai Zou 1 1 Indiana University-Purdue University Indianapolis (IUPUI.edu) 2 University of South

857 views • 22 slides
Cyber Moving Targets Yashar Dehkan Asl Introduction An overview of different cyber moving target

Cyber Moving Targets Yashar Dehkan Asl Introduction An overview of different cyber moving target

Cyber Moving Targets Yashar Dehkan Asl Introduction An overview of different cyber moving target techniques, their threat models, and their technical details. Cyber moving target technique: Defend a system Increase the complexity of cyber

442 views • 40 slides
Optimal Defense Policies for Partially Erik Miehling Observable Spreading Processes on Mohammad

Optimal Defense Policies for Partially Erik Miehling Observable Spreading Processes on Mohammad

University of Michigan - Ann Arbor Optimal Defense Policies for Partially Erik Miehling Observable Spreading Processes on Mohammad Rasouli Demosthenis Teneketzis Bayesian Attack Graphs Second ACM Workshop on Moving Target Defense (MTD 2015)

733 views • 28 slides
Food Defense Tabletop Exercise: Schools as a Target Pres esen ent ed ed by Douglas Conw ell

Food Defense Tabletop Exercise: Schools as a Target Pres esen ent ed ed by Douglas Conw ell

Food Defense Tabletop Exercise: Schools as a Target Pres esen ent ed ed by Douglas Conw ell t or I nst r t ruct o National Food Service Management I nstitute 1 What I s Food Defense? FOOD DEFENSE is defined as the protection of food

629 views • 45 slides
Understanding the Uncertainty in 1D Unidirectional Moving Target Selection Jin Huang , Feng Tian,

Understanding the Uncertainty in 1D Unidirectional Moving Target Selection Jin Huang , Feng Tian,

Understanding the Uncertainty in 1D Unidirectional Moving Target Selection Jin Huang , Feng Tian, Xiangmin Fan, Xiaolong(Luke) Zhang, Shumin Zhai CHI 2018 April 26 th , 2018 INTRODUCTION MOVING TARGETS EVERYWHERE Screenshot of StarCraft II

430 views • 39 slides
Food Defense Food Defense Tabletop Food Defense Food Defense Tabletop Tabletop Tabletop

Food Defense Food Defense Tabletop Food Defense Food Defense Tabletop Tabletop Tabletop

Food Defense Food Defense Tabletop Food Defense Food Defense Tabletop Tabletop Tabletop Exercise: Exercise: Schools as a Target Schools as a Target Presented by Presented by Presented by Presented by National Food Service Management I

756 views • 44 slides
Robust target detection for Hyperspectral Imaging Joana Frontera-Pons SONDRA PhD defense Under

Robust target detection for Hyperspectral Imaging Joana Frontera-Pons SONDRA PhD defense Under

Preliminary Notions Target Detection in Gaussian background Target Detection in non-Gaussian background Anomaly Robust target detection for Hyperspectral Imaging Joana Frontera-Pons SONDRA PhD defense Under the supervision of Frdric

518 views • 51 slides
Protecting a Moving Target: Addressing Web Application Concept Drift The 12 th International

Protecting a Moving Target: Addressing Web Application Concept Drift The 12 th International

Protecting a Moving Target: Addressing Web Application Concept Drift The 12 th International Symposium on Recent Advances in Intrusion Detection 2009 Federico Maggi, William Robertson, Christopher Krgel, Giovanni Vigna Politecnico di Milano,

1.08k views • 79 slides
Runtime Considerations Were moving towards actually producing target code. This means we need

Runtime Considerations Were moving towards actually producing target code. This means we need

10/29/2012 Runtime Considerations Were moving towards actually producing target code. This means we need to consider the runtime actions of the program. CS 1622: Runtime support: Functions and local variable storage Activation

160 views • 4 slides
A moving target: Assessing the process and progress of learning Shane Sutherland, Yangama

A moving target: Assessing the process and progress of learning Shane Sutherland, Yangama

#THETA2015 A moving target: Assessing the process and progress of learning Shane Sutherland, Yangama Jokwiro, Kath Fisher, Terri Downer, Christine Slade, Richard Bostwick, Alison Poot This work is licensed under a

348 views • 33 slides
Introduction to: Moving Target Indicator Radar (DRAFT) Armin Doerry This presentation is an

Introduction to: Moving Target Indicator Radar (DRAFT) Armin Doerry This presentation is an

10/24/2017 Introduction to: Moving Target Indicator Radar (DRAFT) Armin Doerry This presentation is an informal communication intended for a limited audience comprised of attendees to the Institute for Computational and Experimental Research

807 views • 39 slides
MCMC for Cut Models or Chasing a Moving Target with MCMC Martyn Plummer International Agency

MCMC for Cut Models or Chasing a Moving Target with MCMC Martyn Plummer International Agency

MCMC for Cut Models or Chasing a Moving Target with MCMC Martyn Plummer International Agency for Research on Cancer MCMSki Chamonix, 6 Jan 2014 Cut models What do we want to do? 1. Generate some random variables under one model 2. Analyze

1.24k views • 24 slides
chasing a moving target Stockholm, March 9, 2018 Ari Kokko Copenhagen Business School and

chasing a moving target Stockholm, March 9, 2018 Ari Kokko Copenhagen Business School and

Structural change and growth: chasing a moving target Stockholm, March 9, 2018 Ari Kokko Copenhagen Business School and School of Business, Economics, and Law, Gothenburg University Introduction Many fields of research have studied

536 views • 24 slides
Triple-S alternatives, possibilities, choices Steve Jenkins Dimensions of change Moving Target

Triple-S alternatives, possibilities, choices Steve Jenkins Dimensions of change Moving Target

Triple-S alternatives, possibilities, choices Steve Jenkins Dimensions of change Moving Target Scope Including exotic Many versions make elements can make life a standard non- difficult for some (all) standard Features or Delivery

635 views • 17 slides
Target Client <<interface>> Original operationA() operationB() Adapter

Target Client <<interface>> Original operationA() operationB() Adapter

Target Client <<interface>> Original operationA() operationB() Adapter operationA() operationB() Target Client <<interface>> operationA() Adapter Original operationB() original operationA()

320 views • 4 slides
Optimization CMPUT 296: Basics of Machine Learning Textbook 4.1-4.4 Logistics Reminders:

Optimization CMPUT 296: Basics of Machine Learning Textbook 4.1-4.4 Logistics Reminders:

Optimization CMPUT 296: Basics of Machine Learning Textbook 4.1-4.4 Logistics Reminders: Thought Question 1 due TODAY, September 17, by 11:59pm To be handed in via eClass Assignment 1 (due Thursday, September 24 ) Tutorial:

477 views • 18 slides
Natural Language Processing with Deep Learning Neural Networks a Walkthrough Navid Rekab-Saz

Natural Language Processing with Deep Learning Neural Networks a Walkthrough Navid Rekab-Saz

Natural Language Processing with Deep Learning Neural Networks a Walkthrough Navid Rekab-Saz navid.rekabsaz@jku.at Institute of Computational Perception Agenda Introduction Non-linearities Forward pass &

670 views • 47 slides
Stochastic constrained optimization in Hilbert spaces with applications Georg Ch. Pflug/C.

Stochastic constrained optimization in Hilbert spaces with applications Georg Ch. Pflug/C.

Stochastic constrained optimization in Hilbert spaces with applications Georg Ch. Pflug/C. Geiersbach March 27, 2019 Georg Ch. Pflug/C. Geiersbach Stochastic constrained optimization in Hilbert spaces with applications Iteration methods

589 views • 35 slides
New Evidence for (0 , 2) Target Space Duality He Feng Department of Physics, Virginia Tech based

New Evidence for (0 , 2) Target Space Duality He Feng Department of Physics, Virginia Tech based

New Evidence for (0 , 2) Target Space Duality He Feng Department of Physics, Virginia Tech based on: arXiv:1607.04628[hep-th] Lara B. Anderson and He Feng AMS Special Session - Nov. 13, 2016 He Feng (Virginia Tech) New Evidence for (0 , 2)

819 views • 35 slides
demographics, and outcomes to target support for vulnerable groups Progress to Date:

demographics, and outcomes to target support for vulnerable groups Progress to Date:

Using spatial data on resources, demographics, and outcomes to target support for vulnerable groups Progress to Date: Development of a methodology to track funding ALL-SOURCE towards SDG goals and SDG TRACKING targets -COLOMBIA

284 views • 6 slides
Transgender Youth October 25, 2019 An Pham, MD (pronouns- she/her) Seattle Childrens

Transgender Youth October 25, 2019 An Pham, MD (pronouns- she/her) Seattle Childrens

Transgender Youth October 25, 2019 An Pham, MD (pronouns- she/her) Seattle Childrens Adolescent Medicine Fellow Disclosures No conflict of interest to report. No commercial support or sponsorship, nor is it co- sponsored.

874 views • 26 slides
The C++ Core Guidelines Project Bjarne Stroustrup Morgan Stanley, Columbia University

The C++ Core Guidelines Project Bjarne Stroustrup Morgan Stanley, Columbia University

The C++ Core Guidelines Project Bjarne Stroustrup Morgan Stanley, Columbia University www.stroustrup.com The big question What is good modern C++? Many people want to write Modern C++ What would you like your code to look

497 views • 13 slides

More recommend