of rhm transparent moving
play

OF-RHM: Transparent Moving Target Defense using Software Defined - PowerPoint PPT Presentation

Jul 20, 2023 •279 likes •571 views

OF-RHM: Transparent Moving Target Defense using Software Defined Networking Haadi Jafarian, Qi Duan and Ehab Al-Shaer ACM SIGCOMM HotSDN Workshop August 2012 Helsinki, Finland CyberDNA lab, UNC Charlotte Why IP Mutation Static assignment

  1. OF-RHM: Transparent Moving Target Defense using Software Defined Networking Haadi Jafarian, Qi Duan and Ehab Al-Shaer ACM SIGCOMM HotSDN Workshop August 2012 Helsinki, Finland CyberDNA lab, UNC Charlotte

  2. Why IP Mutation • Static assignment of IP addresses gives adversaries significant advantage – Host scanning and Network reconnaissance – Intelligent worm propagation – Attack planning • The goal of IP Mutation moving target defense is Distort, Deceive or Deter attack reconnaissance and planning. CyberDNA lab, UNC Charlotte

  3. Requirements/Challenges for IP Mutation • Highly unpredictable • Fast • Operationally Safe • Transparent – No interruption for active session – Deployable with no major network changes CyberDNA lab, UNC Charlotte

  4. Why SDN • Incorporation IP Mutation on traditional networks is disruptive and costly – Application/host Transparent  Network level – Global optimization and control – Real-time distributed reconfiguration – Management synchronization • Software-defined networking (SDN) provides flexible infrastructure for developing and managing random IP mutation CyberDNA lab, UNC Charlotte

  5. Approach Overview • The goal of OpenFlow Random Host Mutation (OF- RHM) is to mutate IP addresses of end-hosts randomly, frequently and quickly . • Each MT host is assigned a new virtual IP (vIP) at regular intervals (called Mutation interval – T). • vIPs are selected from unused address space of the network • Real IP address (rIP) of the hosts remains unchanged • vIPs are translated to rIPs right before the host. • vIP are the only routable addresses. CyberDNA lab, UNC Charlotte

  6. Unused Address Range Construction CyberDNA lab, UNC Charlotte

  7. Problem Definition • Main Objective : maximize both mutation unpredictability and mutation rate. • Range Allocation Problem : Given the IP addresses of MT hosts (h i ) located in subnets (s k ), and the required mutation rate for each host (R i ), how to allocate/assign ranges of unused IP addresses to hosts/subnets such that • Allocate the largest possible unused address space as contiguous ranges • Assigned ranges have enough IP addresses to satisfy the required Unpredictability Constraints mutation rate of all hosts in that subnet during a mutation interval T • A subnet can be assigned multiple mutation ranges • Ranges are assigned based on their sizes and proportional to the Mutation Rate Constraint mutation requirement of each subnet. • One range can only route to one subnet s k Routing Constraint CyberDNA lab, UNC Charlotte

  8. Range Allocation Complexity & Formulation CyberDNA lab, UNC Charlotte

  9. Range Allocation Constraints CyberDNA lab, UNC Charlotte

  10. Constraints (2) CyberDNA lab, UNC Charlotte

  11. IP Mutation Problem • IP Mutation within allocated ranges in each subnet: – Each host must be associated with a new vIP after each mutation interval according to Ri – Any vIP will NOT be assigned more than once for number of consecutive T mutation intervals – vIPs must be chosen randomly from ranges assigned to subnet with No collision with hosts in the same subnet • The new vIP is chosen randomly in two ways: – Blind Random (uniform) Mutation – Weighted Random Mutation (based on feedback) CyberDNA lab, UNC Charlotte

  12. Protocol, Architecture, Algorithms CyberDNA lab, UNC Charlotte

  13. Communication via Host Name TTL set according to mutation rate CyberDNA lab, UNC Charlotte

  14. Communication via rIP CyberDNA lab, UNC Charlotte

  15. Architecture & Implementation • We implemented OF-RHM on a mininet network controlled by a NOX controller – a network including 1024 hosts with OpenFlow switches • Open vSwitch kernel switches • NOX Controller Tasks (acts as the central authority) – Managing IP mutation: run SMT solver globally, and avoid collision locally – Installing flow entries in switches – Updates DNS responses • The architecture can be extended to include several controllers – Each controller can be autonomous and it can manage its designated subnets independently CyberDNA lab, UNC Charlotte

  16. Architecture & Implementation CyberDNA lab, UNC Charlotte

  17. Controller Algorithm • OF-switches are configured to send unmatched packets to the controller • If packet is destined to rIP it is authorized – If authorization succeeds, necessary flows are installed in path switches • If packet is destined to vIP – Necessary flows are installed in path switches with corresponding actions • rIPs are translated to vIPs for outgoing packets • vIPs are translated to rIPs for incoming packets CyberDNA lab, UNC Charlotte

  18. Effectiveness CyberDNA lab, UNC Charlotte

  19. Random External Scanners (1) • Scanning is usually the precursory step for attacks • attackers usually use scanning tools such as Nmap to discover active hosts • We run 100 Nmap scan on our Mininet class B network which consists of 1024 hosts • We compared the result with ground truth • Less than 1% are discovered in any scan CyberDNA lab, UNC Charlotte

  20. Random External Scanners (1) CyberDNA lab, UNC Charlotte

  21. Worms (2) • We examined propagation of – random scanning worms – cooperative worms • We studied their propagation for both – Blind Mutation – Weighted mutation • Higher weight is assigned to highly scanned Ips CyberDNA lab, UNC Charlotte

  22. Worms (2) NP OF-RHM =100% Random + blind =65% Cooperative+ blind =65% Random + weighted=18% Cooperative+ weighted=10% CyberDNA lab, UNC Charlotte

  23. Overhead CyberDNA lab, UNC Charlotte

  24. Address Space Size • Required IP address size for various mutation intervals and number of hosts CyberDNA lab, UNC Charlotte

  25. Flow Table Length • Flow table length for different session establishment rates and session durations W=300 sec W=60 sec, Max = 25M W=20 sec • The longer the session the less effective CyberDNA lab, UNC Charlotte

  26. Conclusion and Future Work • Random IP Mutation is shown to be effective to counter many reconnaissance attacks – We are working on configurable evaluation tool for RHM • Based on our implementation of RHM on both traditional and OpenFlow networks, SDN shows a great flexibility and efficiency in developing/deploying novel cyber defense techniques – Much easier, efficient and deployable (cost-effective) • Future Work – Exploring other reconnaissance and Cyber attack models – Exploring mutation techniques other than time-based on SDN – Exploring distributed controller approach CyberDNA lab, UNC Charlotte

  27. Questions? CyberDNA lab, UNC Charlotte

  28. Controller Algorithm CyberDNA lab, UNC Charlotte

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Transparent Assessment Providing transparent goals and expectations for students Jonathon Adams

Transparent Assessment Providing transparent goals and expectations for students Jonathon Adams

Transparent Assessment Providing transparent goals and expectations for students Jonathon Adams Shinshu University Thursday, 9 August 12 Outline Aims of the presentation An approach to transparent goals and expectations Example

576 views • 46 slides
Device-Transparent Personal Storage Based on the article Eyo: Device Transparent Personal

Device-Transparent Personal Storage Based on the article Eyo: Device Transparent Personal

Device-Transparent Personal Storage Based on the article Eyo: Device Transparent Personal Storage by Jacob Strauss, Justin Mazzola Paluska, Chris Lesniewski-Laas, Bryan Ford, Robert Morris, Frans Kaashoek Eyos assumptions and API

490 views • 30 slides
Simulating Transparent Migration in Java Java doesnt provide transparent migration. non

Simulating Transparent Migration in Java Java doesnt provide transparent migration. non

Simulating Transparent Migration in Java Java doesnt provide transparent migration. non transparent programm as if mymethod(int x) mymethod() { { if ( x==1) Use code instrumentation go() go() if ( x==2) } } save local

322 views • 13 slides
Transparent boundary conditions for the elastic Transparent boundary conditions for the elastic

Transparent boundary conditions for the elastic Transparent boundary conditions for the elastic

Transparent boundary conditions for the elastic Transparent boundary conditions for the elastic waves in anisotropic media waves in anisotropic media Ivan L. Sofronov, Nickolai A. Zaitsev Keldysh Institute of Applied Mathematics RAS, Moscow

514 views • 35 slides
DDR solution Sprites overview Moving right arrow Moving left arrow Moving down arrow Moving up

DDR solution Sprites overview Moving right arrow Moving left arrow Moving down arrow Moving up

DDR solution Sprites overview Moving right arrow Moving left arrow Moving down arrow Moving up arrow Moving up arrow Cassy (contol loop) Great sprite OK sprite Space bar sprite

521 views • 11 slides
MOVING STORIES Narrative and the moving image in ELT Session outline 1.The importance of

MOVING STORIES Narrative and the moving image in ELT Session outline 1.The importance of

MOVING STORIES Narrative and the moving image in ELT Session outline 1.The importance of narrative and moving images in education and language learning. 2.Practical lesson ideas inspired by short films. Never underestimate the power of a

1.32k views • 64 slides
Moving Beyond DOT Moving Beyond DOT and O*NET: and O*NET: 1. Review the sad history of

Moving Beyond DOT Moving Beyond DOT and O*NET: and O*NET: 1. Review the sad history of

Todays Goals Todays Goals Moving Beyond DOT Moving Beyond DOT and O*NET: and O*NET: 1. Review the sad history of O*NET 2. Discuss some other disturbing trends and widely-held truths 3. Propose a strategy for dealing

523 views • 12 slides
Moving Minds & Moving Code Understanding, Exploring and

Moving Minds & Moving Code Understanding, Exploring and

Moving Minds & Moving Code Understanding, Exploring and Defining SMB Website Requirements PRESENTED BY MICHAEL JOHNSON www.pixelpunk.com A Li@le About Me

615 views • 27 slides
Transparent Flow Mapping for NEAT Felix Weinrank, Michael Txen Department of Electrical

Transparent Flow Mapping for NEAT Felix Weinrank, Michael Txen Department of Electrical

Transparent Flow Mapping for NEAT Felix Weinrank, Michael Txen Department of Electrical Engineering and Computer Science Funded by EU H2020 NEAT project (Grant agreement no. 644334) In a nutshell Automatic multiplexing + fallback Transparent

332 views • 16 slides
Keep Alaska Moving through service and infrastructure Keep Alaska Moving through service and

Keep Alaska Moving through service and infrastructure Keep Alaska Moving through service and

Keep Alaska Moving through service and infrastructure Keep Alaska Moving through service and infrastructure AGENDA Fiscal Year 2016 Review AMHS RBA Measures Results Based Alignment Core and Direct Services Conformance to Plan,

371 views • 17 slides
Transparent Wishes Kai von Fintel and Sabine Iatridou April 21, 2017 Berlin 1

Transparent Wishes Kai von Fintel and Sabine Iatridou April 21, 2017 Berlin 1

Transparent Wishes Kai von Fintel and Sabine Iatridou April 21, 2017 Berlin 1 Transparent comes from von Fintel and Iatridou 2008 How to say ought in Foreign. We had studied the weak necessity modal ought : 1. You ought to do the

920 views • 76 slides
DARPA/I2O Transparent Computing Program THEIA: Tagging and Tracking of Multi-Level Host Events

DARPA/I2O Transparent Computing Program THEIA: Tagging and Tracking of Multi-Level Host Events

DARPA/I2O Transparent Computing Program THEIA: Tagging and Tracking of Multi-Level Host Events for Transparent Computing and Information Assurance Mattia Fazzini Georgia Institute of Technology Nov 3rd, 2017 Agenda Project overview

1.64k views • 149 slides
Cyber Moving Targets Yashar Dehkan Asl Introduction An overview of different cyber moving target

Cyber Moving Targets Yashar Dehkan Asl Introduction An overview of different cyber moving target

Cyber Moving Targets Yashar Dehkan Asl Introduction An overview of different cyber moving target techniques, their threat models, and their technical details. Cyber moving target technique: Defend a system Increase the complexity of cyber

442 views • 40 slides
Moving punctures that are neither moving, nor punctures Mark Hannam Friedrich-Schiller

Moving punctures that are neither moving, nor punctures Mark Hannam Friedrich-Schiller

Moving punctures that are neither moving, nor punctures Mark Hannam Friedrich-Schiller Universit at, Jena, Germany From Geometry to Numerics workshop Paris November 20-24 2006 Ongoing work following ugmann, Hannam, Husa, Pollney, Br

605 views • 28 slides
Community Outreach on Transportation Priorities What is Get Us Moving SMC? Get Us Moving SMC

Community Outreach on Transportation Priorities What is Get Us Moving SMC? Get Us Moving SMC

Community Outreach on Transportation Priorities What is Get Us Moving SMC? Get Us Moving SMC is spearheaded by the San Mateo County Transit District and the San Mateo County Board of Supervisors in collaboration with cities, agencies,

360 views • 19 slides
Its Moving! A Probabilistic Model for Causal Motion Segmentation in Moving Camera Videos

Its Moving! A Probabilistic Model for Causal Motion Segmentation in Moving Camera Videos

Its Moving! A Probabilistic Model for Causal Motion Segmentation in Moving Camera Videos Erik Learned-Miller with Manju Narayana Pia Bideau U NIVERSITY OF M ASSACHUSETTS , A MHERST College of Computer and Information Sciences U

1.02k views • 70 slides
Structure-aware fuzzing for Clang and LLVM with libprotobuf-mutator Kostya Serebryany, Vitaly

Structure-aware fuzzing for Clang and LLVM with libprotobuf-mutator Kostya Serebryany, Vitaly

Structure-aware fuzzing for Clang and LLVM with libprotobuf-mutator Kostya Serebryany, Vitaly Buka, Matt Morehouse; Google October 2017 Agenda Fuzzing Fuzzing Clang/LLVM Fuzzing Clang/LLVM better (structure-aware)

914 views • 35 slides
CSE341: Programming Languages Section 6 What does mutation mean? When do function bodies run?

CSE341: Programming Languages Section 6 What does mutation mean? When do function bodies run?

CSE341: Programming Languages Section 6 What does mutation mean? When do function bodies run? Winter 2018 With thanks to: Dan Grossman / Eric Mullen Agenda Let Expressions Mutation: Set! Delayed Evaluations: Thunks Winter

560 views • 25 slides
MUTABILITY, CLONING (download slides and .py files and follow along!) 6.0001 LECTURE 5 1 6.0001

MUTABILITY, CLONING (download slides and .py files and follow along!) 6.0001 LECTURE 5 1 6.0001

TUPLES, LISTS, ALIASING, MUTABILITY, CLONING (download slides and .py files and follow along!) 6.0001 LECTURE 5 1 6.0001 LECTURE 5 LAST TIME functions decomposition create structure abstraction suppress details from now

274 views • 24 slides
CS 61A Discussion 5 Trees, Mutation, Box and Pointers, Nonlocal Albert Xu Attendance:

CS 61A Discussion 5 Trees, Mutation, Box and Pointers, Nonlocal Albert Xu Attendance:

CS 61A Discussion 5 Trees, Mutation, Box and Pointers, Nonlocal Albert Xu Attendance: links.cs61a.org/albert-disc Slides: albertxu.xyz/teaching/cs61a/ Announcements Trees An anatomical perspective Nodes Branch Root 1 Labels 2 3 6 7 4

914 views • 72 slides
1 Neo-Darwinism 1. genetic variation arises at random via mutation and recombination 2.

1 Neo-Darwinism 1. genetic variation arises at random via mutation and recombination 2.

Neutral theory 1: Genetic load and introduction Neutral theory 1. Mutation 2. Polymorphism Neutral theory: connected these is a new (radical) way 3. Substitution 1 Neo-Darwinism 1. genetic variation arises at random via mutation and

495 views • 12 slides
Mutation models: probabilistic study and parameter estimation Adrien Mazoyer, supervised by

Mutation models: probabilistic study and parameter estimation Adrien Mazoyer, supervised by

Mutation models: probabilistic study and parameter estimation Adrien Mazoyer, supervised by Bernard Ycart Laboratoire Jean Kuntzmann, UGA GRENOBLE JPS 2016 Adrien Mazoyer (LJK) Mutation models JPS 2016 1 / 17 Example mutation rate = 0.05 ,

508 views • 32 slides
Q -Gorenstein deformation families of Fano varieties or The combinatorics of Mirror Symmetry

Q -Gorenstein deformation families of Fano varieties or The combinatorics of Mirror Symmetry

Q -Gorenstein deformation families of Fano varieties or The combinatorics of Mirror Symmetry Alexander Kasprzyk Fano manifolds Smooth varieties, called manifolds , come with a natural notion of curvature, and fall into one of three classes.

486 views • 26 slides
Learning objectives Understand the basic ideas of fault-based testing How knowledge of a

Learning objectives Understand the basic ideas of fault-based testing How knowledge of a

Learning objectives Understand the basic ideas of fault-based testing How knowledge of a fault model can be used to Fault-Based Testing create useful tests and judge the quality of test cases Understand the rationale of

296 views • 5 slides

More recommend