outline
play

Outline 2 Motivation Current cyber defense landscape & open - PowerPoint PPT Presentation

Jan 20, 2023 •431 likes •863 views

A DVERSARIAL AND U NCERTAIN R EASONING FOR A DAPTIVE C YBER D EFENSE : B UILDING THE S CIENTIFIC F OUNDATION Sushil Jajodia George Mason University IEEE International 5G Summit, Reston, Virginia August 19, 2017 Outline 2 Motivation

  1. A DVERSARIAL AND U NCERTAIN R EASONING FOR A DAPTIVE C YBER D EFENSE : B UILDING THE S CIENTIFIC F OUNDATION Sushil Jajodia George Mason University IEEE International 5G Summit, Reston, Virginia August 19, 2017

  2. Outline 2  Motivation  Current cyber defense landscape & open questions  Pro-active Defense via Adaptation  Adaption Techniques  Scientific Challenges  Research Highlights IEEE 5G Summit August 19, 2017

  3. Motivation 3 IEEE 5G Summit August 19, 2017

  4. Today’s Cyber Defenses are Static 4  Today’s approach to cyber defense is governed by slow and deliberative processes such as  Security patch deployment, testing, episodic penetration exercises, and human-in-the-loop monitoring of security events  Adversaries can greatly benefit from this situation  They can continuously and systematically probe targeted networks with the confidence that those networks will change slowly if at all  They have the time to engineer reliable exploits and pre-plan their attacks  Additionally, once an attack succeeds, adversaries persist for long times inside compromised networks and hosts  Hosts, networks, software, and services do not reconfigure, adapt, or regenerate except in deterministic ways to support maintenance and uptime requirements IEEE 5G Summit August 19, 2017

  5. Pro-active Defense via Adaptation 5 IEEE 5G Summit August 19, 2017

  6. Security through adaptation: A paradigm shift 6  Adaptation Techniques (AT) consist of engineering systems that have homogeneous functionalities but randomized manifestations  These techniques make networked information systems less homogeneous and less predictable  Examples: Moving Target Defenses (MTD), artificial diversity, and bio-inspired defenses  Homogeneous functionality allows authorized use of networks and services in predictable, standardized ways  Randomized manifestations make it difficult for attackers to engineer exploits remotely, or reuse the same exploit for successful attacks against a multiplicity of hosts IEEE 5G Summit August 19, 2017

  7. Adversary and Defender Uncertainty 7 In a static configuration, over time, the Learning phase : the attacker adversary will improve his knowledge has to gather new information about the reconfigure system about network topology and configuration, thus reducing his uncertainty Learning phase : legitimate users have to adapt to the new configuration When ATs are deployed, each system reconfiguration will invalidate previous knowledge acquired by adversaries, thus restoring their uncertainty to higher levels IEEE 5G Summit August 19, 2017

  8. Uncertainty Gap 8 ATs enable us to maintain the information gap between adversaries and defenders at a relatively constant level • Before deploying the proposed mechanisms, the defender’s advantage is eroded over time • Dynamically changing the attack surface ensures a persistent advantage If the system’s configuration remains static, the attacker will eventually learn all the details about the configuration IEEE 5G Summit August 19, 2017

  9. AT Benefits 9  Increase complexity, cost, and uncertainty for attackers  Limit exposure of vulnerabilities and opportunities for attack  Increase system resiliency against known and unknown threats  Offer probabilistic protection despite exposed vulnerabilities, as long as the vulnerabilities are not predictable by the adversary at the time of attack IEEE 5G Summit August 19, 2017

  10. Software-Based Adaptation 10  Address Space Layout Randomization (ASLR)  Randomizes the locations of objects in memory, so that attacks depending on knowledge of the address of specific objects will fail  Instruction Set Randomization (ISR)  A technique for preventing code injection attacks by randomly altering the instructions used by a host machine or application  Compiler-based Software Diversity  When translating high-level source code to low-level machine code, the compiler diversifies the machine code on different targets, so that vulnerability exploits working on one target may not work on other targets IEEE 5G Summit August 19, 2017

  11. Network-Based Adaptation 11  ID randomization  Generation of arbitrary external attack surfaces  VM-based dynamic virtualized network  Phantom servers to mitigate insider and external attacks  Proxy moving and shuffling to detect insider attacks  Overall, these techniques aim at giving the attacker a view of the target system that is significantly different from what the system actually is IEEE 5G Summit August 19, 2017

  12. But there are Many ACD Ideas … 12 At least 39 documented in this 2013 MIT Lincoln Labs Report >50 today? How can we compare them? IEEE 5G Summit August 19, 2017

  13. Spectrum of Moving Target Defense Techniques Most Dominant Least Technique Dominant Technique Low Effectiveness with High Effectiveness with High Effectiveness with Medium Effectiveness Medium Effectiveness High, Medium, or Low with Medium-Low Costs with Medium-High Costs Medium-Low Costs Medium-High Costs Costs Mutable Network SQLRand Operating System Proactive Randomization Obfuscation Function Pointer Multivariant Encryption Execution DieHard N-Variant Against System Code Systems Injection with System Call Randomization RandSys Program Differentiation Instruction Level Genesis Memory Randomization Network Address Revere Space Randomization G-Free Reverse Stack Randomized Execution in a Multi- Intrusion-Tolerant Variant Environment Asynchronous Service Dynamic Backbone Randomized Instruction Dynamic Network Address Space Set Emulation Address Translation Layout Permutation Active Repositioning in Practical Software Cyberspace for Dynamic Translation Synchronized Evasion Dynamic Runtime Dynamic Runtime Dynamic Dynamic Dynamic Environment: Address Space Environment: Instruction Software Networks Platforms 13 Layout Randomization Set Randomization Source: Kate Ferris, George Cybenko

  14. Limitations of Current Approaches 14  The contexts in which ATs are useful and their added cost (in terms of performance and maintainability) to the defenders can vary significantly  Most ATs aim at preventing a specific type of attack  The focus of existing approaches is on developing new techniques , not on understanding overall operational costs, when they are most useful, and what their possible interrelationships might be  While each AT might have some engineering rigor, the overall discipline is largely ad hoc when it comes to understanding the totality of AT methods and their optimized application  AT approaches assume non-adversarial, environments IEEE 5G Summit August 19, 2017

  15. Adaptive Cyber Defense (ACD) 15  We need to understand  the overall operational costs of these techniques  when they are most useful  their possible inter-relationships  Propose new classes of techniques that force adversaries to continually re-assess and re-plan their cyber operations  Present adversaries with optimally changing attack surfaces and system configurations IEEE 5G Summit August 19, 2017

  16. Adaptive Cyber Defense (ACD) 16 Advanced Persistent Threats (APTs) have the time and technology to easily exploit our systems now Reconnaissance Access Persistence Attack Phase Identify the attack Compromise a Maintain presence surface targeted component and exploitation Randomized Randomized Dynamic network addressing instruction set and virtualization; Possible There are and layout; memory layout; Workload and many Adaptation Obfuscated OS Just-in-time service migration; possible AT Techniques (AT) options types and services. compiling and System decryption. regeneration. Adaptation techniques We need to develop a scientific framework for optimizing are typically aimed at strategies for deploying adaptation techniques for different defeating different attack types, stages and underlying missions stages of possible attacks IEEE 5G Summit August 19, 2017

  17. Research Highlights 17 IEEE 5G Summit August 19, 2017

  18. Novel Adaptive Techniques 18  Manipulating responses to an attacker’s probes  Goal: altering the attacker’s perception of a system’s attack surface  Creating distraction clusters  Goal: controlling the probability that an intruder may reach a certain goal within a specified amount of time  Increasing diversity  Goal: increasing the complexity and cost for attackers by increasing the diversity of resources along certain attack paths  Different metrics are proposed to measure diversity IEEE 5G Summit August 19, 2017

  19. Example: Internal Attack Surface 19 The internal attack surface represent insider knowledge about the system, and can use topology graphs, attack graphs, dependency graphs, or a combination of them. For the sake of presentation, this example only shows topology information. IEEE 5G Summit August 19, 2017

  20. Example: External Attack Surface 20 The external attack surface represent what we want the attacker to infer about the system. Inference is based on probing and sniffing. IEEE 5G Summit August 19, 2017

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Ins Domingues Breast Cancer Workshop April 7th 2015 Outline Outline Outline Outline

Ins Domingues Breast Cancer Workshop April 7th 2015 Outline Outline Outline Outline

An automatic mammogram system: from screening to diagnosis Ins Domingues Breast Cancer Workshop April 7th 2015 Outline Outline Outline Outline Outline Outline Outline Outline Outline Outline Outline Outline Pectoral muscle

589 views • 45 slides
Presentation Preparation Outline Speech Outline Template ***Use this outline to guide you in

Presentation Preparation Outline Speech Outline Template ***Use this outline to guide you in

Presentation Preparation Outline Speech Outline Template ***Use this outline to guide you in preparing for your presentation; this outline is required. Title: I. Introduction (The speech actually starts here.) A. Attention Getter:

479 views • 3 slides
PT1 TMP Presentation Outline 1 Group Members: ___________________________________ Use this outline

PT1 TMP Presentation Outline 1 Group Members: ___________________________________ Use this outline

PT1 TMP Presentation Outline 1 Group Members: ___________________________________ Use this outline to organize your argument to create a logical flow of information and plan your presentation layout. This outline is worth a group grade (one copy

506 views • 3 slides
1 Web Application Development 2 3 Web Application Development CSS Outline An outline is a

1 Web Application Development 2 3 Web Application Development CSS Outline An outline is a

1 Web Application Development 2 3 Web Application Development CSS Outline An outline is a line that is drawn around elements, OUTSIDE the borders, to make the element "stand out". CSS has the following outline properties:

1.76k views • 117 slides
Outline Outline Background of the Network Vision Vision Aims Activities

Outline Outline Background of the Network Vision Vision Aims Activities

Asia Pacific Adaptation Network (APAN)- A k A key regional Initiative i l I iti ti Puja Sawhney Coordinator, APAN , Institute for Global Environmental Strategies Thimpu, Bhutan p 16 th November, 2011 Outline Outline Background of the

441 views • 9 slides
When (Low ) Pow er Really Matters When (Low ) Pow er Really Matters When (Low ) Pow er Really

When (Low ) Pow er Really Matters When (Low ) Pow er Really Matters When (Low ) Pow er Really

When (Low ) Pow er Really Matters When (Low ) Pow er Really Matters When (Low ) Pow er Really Matters When (Low ) Pow er Really Matters Yogesh K. Ramadass, AnanthaGroup Microsystems Technology Laboratory Outline Outline Outline Outline

507 views • 36 slides
Presentation Outline Worksheet You can use part or all of this outline to help you. This is YOUR

Presentation Outline Worksheet You can use part or all of this outline to help you. This is YOUR

Presentation Outline Worksheet You can use part or all of this outline to help you. This is YOUR personal presentation so you can create it however you want. These are just suggestions to help you get started. The purpose is to educate your

618 views • 3 slides
Outline 2 Outline 2 ZSim core simulation techniques Outline 2 ZSim core simulation

Outline 2 Outline 2 ZSim core simulation techniques Outline 2 ZSim core simulation

ZSim Tutorial MICRO 2015 S TATS AND C ONFIGURATION Core Models Po-An Tsai Outline 2 Outline 2 ZSim core simulation techniques Outline 2 ZSim core simulation techniques ZSim core structure I1D I1I Simple IPC 1 core

1.96k views • 120 slides
Outline Outline Motivation Motivation 1 1. Email Speech Acts 2. Modeling textual intention

Outline Outline Motivation Motivation 1 1. Email Speech Acts 2. Modeling textual intention

Modeling Intention in Email : Speech Acts, Information Leaks and User Ranking Methods p g Vitor R. Carvalho Carnegie Mellon University William Cohen Ramnath a at Tom Tom Jon Jon Balasubramanyan Mitchell Elsas Outline Outline

1.09k views • 65 slides
Session Outline Course themes imperative problem solving (think: outline form) C

Session Outline Course themes imperative problem solving (think: outline form) C

Session Outline Course themes imperative problem solving (think: outline form) C programming (close to the machine) storage and processing of data Linux operating system control of robots Demo Course Web site

780 views • 9 slides
Outline : Outline : Our method to perform periodicity search Candidates of the next Geminga The

Outline : Outline : Our method to perform periodicity search Candidates of the next Geminga The

Periodicity Sear Periodicity Search of ch of the the Geming Geminga-lik -like Pulsar e Pulsars Lupin Chun-Che Lin () Institute of Astronomy, National Central University, Taiwan Outline : Outline : Our method to perform periodicity

654 views • 19 slides
Outline for St Outline for St Outline for

Outline for St Outline for St Outline for

Outline for St Outline for St Outline for St Outline for St Francis Participation Francis Participation Francis Participation Francis Participation St Francis Overview Current Work on

120 views • 10 slides
RDF Beyond RDF Beyond Outline Outline RDFa RDFa Microformat Schema.org S h RDFa

RDF Beyond RDF Beyond Outline Outline RDFa RDFa Microformat Schema.org S h RDFa

RDF Beyond RDF Beyond Outline Outline RDFa RDFa Microformat Schema.org S h RDFa RDFa RDFa RDFa RDFa: A collection of attributes and processing p g rules for extending XHTML to support RDF. HTML contains structured data,

768 views • 37 slides
Appendix J: Capstone Presentation Outline Revised Spring 2016 CAPSTONE PRESENTATION OUTLINE This

Appendix J: Capstone Presentation Outline Revised Spring 2016 CAPSTONE PRESENTATION OUTLINE This

Appendix J: Capstone Presentation Outline Revised Spring 2016 CAPSTONE PRESENTATION OUTLINE This is a suggested outline only. Students should work closely with their Faculty Advisors to adapt this format the presentation to the needs of the

418 views • 4 slides
1 Course Outline Course Outline Course Outline Course Outline 3D Graphics Pipeline 3D

1 Course Outline Course Outline Course Outline Course Outline 3D Graphics Pipeline 3D

Goals Goals Foundations of Computer Graphics Foundations of Computer Graphics Systems: Write complex 3D graphics programs (Spring 2010) (Spring 2010) (real-time in OpenGL, offline raytracer, animation) CS 184, Lecture 1: Overview and

176 views • 5 slides
Outline Outline 1. About Cambodia 1. About Cambodia 2. Overview of disaster Hazards &

Outline Outline 1. About Cambodia 1. About Cambodia 2. Overview of disaster Hazards &

Sophak PHOEUN, National DRR Forum Coordinat or & Executive Assistant to Vice President of NCDM , National Committee for Disaster Management. Outline Outline 1. About Cambodia 1. About Cambodia 2. Overview of disaster Hazards &

346 views • 15 slides
Website fingerprinting on Tor: attacks and defenses Claudia Diaz KU Leuven Joint work with: Marc

Website fingerprinting on Tor: attacks and defenses Claudia Diaz KU Leuven Joint work with: Marc

Website fingerprinting on Tor: attacks and defenses Claudia Diaz KU Leuven Joint work with: Marc Juarez , Sadia Afroz, Gunes Acar, Rachel Greenstadt, Mohsen Imani, Mike Perry, Matthew Wright Post-Snowden Cryptography Workshop Brussels, December

754 views • 52 slides
The material below presents the briefing slide text accompanied by recommended oral comments for

The material below presents the briefing slide text accompanied by recommended oral comments for

The material below presents the briefing slide text accompanied by recommended oral comments for people interested in military reform to give to audiences. While the presentation was created in the 1980s, it is remarkably relevant to the defense

521 views • 22 slides
The case for dynamic defenses against adversarial examples Ian Goodfellow SafeML ICLR Workshop

The case for dynamic defenses against adversarial examples Ian Goodfellow SafeML ICLR Workshop

The case for dynamic defenses against adversarial examples Ian Goodfellow SafeML ICLR Workshop 2019-05-06 New Orleans Based on https://arxiv.org/pdf/1903.06293.pdf Definition Adversarial examples are inputs to machine learning models that

411 views • 22 slides
Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples Anish Athalye* 1 , Nicholas Carlini * 2 , and David Wagner 3 1 Massachusetts Institute of Technology 2 University of California, Berkeley (now

540 views • 50 slides
Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches Menghao Zhang 1 , Guanyu

Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches Menghao Zhang 1 , Guanyu

Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches Menghao Zhang 1 , Guanyu Li 1 , Shicheng Wang 1 , Chang Liu 1 , Ang Chen 2 , Hongxin Hu 3 , Guofei Gu 4 , Qi Li 1 , Mingwei Xu 1 , Jianping Wu 1 1 4 2 3 DDoS Attacks are

480 views • 23 slides
Fragmentation Considered Vulnerable Yossi Gilad & Amir Herzberg Computer Science Department,

Fragmentation Considered Vulnerable Yossi Gilad & Amir Herzberg Computer Science Department,

Fragmentation Considered Vulnerable Yossi Gilad & Amir Herzberg Computer Science Department, Bar Ilan University Overview IP fragmentation recap `Easy case fragment miss -association attacks Fragmentation attacks in tunnels

238 views • 23 slides
On the Feasibility of Rerouting-based DDoS Defenses Muoi Tran , Min Suk Kang, Hsu-Chun Hsiao,

On the Feasibility of Rerouting-based DDoS Defenses Muoi Tran , Min Suk Kang, Hsu-Chun Hsiao,

On the Feasibility of Rerouting-based DDoS Defenses Muoi Tran , Min Suk Kang, Hsu-Chun Hsiao, Wei-Hsuan Chiang, Shu-Po Tung, Yu-Su Wang May 2019 | San Francisco, CA Transit-link DDoS attack: a powerful type of volumetric DDoS attack

438 views • 25 slides
Distributed Denial of Service Attacks & Defenses Guest Lecture by: Vamsi Kambhampati Fall

Distributed Denial of Service Attacks & Defenses Guest Lecture by: Vamsi Kambhampati Fall

Distributed Denial of Service Attacks & Defenses Guest Lecture by: Vamsi Kambhampati Fall 2011 Distributed Denial of Service (DDoS) Exhaust resources of a target, or the resources it depends on Resources: CPU, Memory, Bandwidth

427 views • 23 slides

More recommend