outline problem approach integration with idss demo
play

Outline Problem Approach Integration with IDSs Demo 1 Attack - PDF document

Dec 17, 2023 •110 likes •309 views

Combinatorial Analysis Utilizing Logical Dependencies Residing On Networks (CAULDRON) Outline Problem Approach Integration with IDSs Demo 1 Attack 160 158 47 Target Vulns Vulns Vulns 107 Vulns Vulnerability Scanner 60

  1. Combinatorial Analysis Utilizing Logical Dependencies Residing On Networks (CAULDRON) Outline • Problem • Approach • Integration with IDSs • Demo 1

  2. Attack 160 158 47 Target Vulns Vulns Vulns 107 Vulns Vulnerability Scanner 60 Vulns External Attacker Vulnerability Scanner 41 Vulns 15 Vulns 3 Limitations of Vulnerability Scanners • Generate overwhelming amount of data • Example Nessus scan – Elapsed time: 00:48:07 – Total security holes found: 255 – High severity: 40 – Low severity: 117 – Informational: 98 • No indication of how vulnerabilities can be combined • Can an outside attacker obtain access to the Crown Jewels? • Where does a security administrator start? 2

  3. Limitations of IDSs • Generate overwhelming number of alerts • Many false alerts – normal traffic or failed attacks • Alerts are isolated • No indication of how alerts can be combined • Incomplete alert information • Where does a security administrator start? • Is the attacker trying to obtain access to Crown Jewels? • Require extensive human intervention Summary • Current security measures largely independent • Little synergy among tools • Vulnerabilities considered in isolation may seem acceptable risks, but attackers can combine them to produce devastating results 3

  4. What is lacking? • Context for total network security • How outsiders penetrate firewalls and launch attacks from compromised hosts • Insider attacks The reality – security concerns are highly interdependent. Simply Listing Problems 8 Misses the Big Picture! 4

  5. Penetration Testing • Few experts available • Red teams can be expensive • Tedious • Error-prone • Impractical for large networks • No formal claims Attack Graphs • An attacker breaks into a network through a chain of exploits where each exploit lays the groundwork for subsequent exploits • Chain is called an attack path • Set of all possible attack paths form an attack graph • Generate attack graphs to mission critical resources • Report only those vulnerabilities associated with the attack graphs 5

  6. Linux attack tools Attacker 10.10.101.10 NT4.0 Firewall Linux IIS wu_ftpd Hub Web Server Mail Server 10.10.100.20 10.10.100.10 6

  7. 7

  8. 8

  9. Reference • Sushil Jajodia, Steve Noel, Brian O’Berry, “Topological analysis of network attack vulnerability,” in Managing Cyber Threats: Issues, Approaches and Challenges , Vipin Kumar, Jaideep Srivastava, and Aleksandar Lazarevic, eds., Springer, 2005, pages 248-266. Minimal-Cost Network Hardening 9

  10. Solution 1 Solution 1 Solution 1 Solution 1 Solution 1 Solution 1 Solution 2 Solution 2 Solution 2 Solution 2 10

  11. No impact No impact Reference • Lingyu Wang, Steven Noel, Sushil Jajodia, "Minimum-cost network hardening using attack graphs," Computer Communications , 2006. 11

  12. Attack Graph Visualization Problem Even small networks can yield complex attack graphs! 23 Attack Target External Attacker 24 12

  13. 25 26 13

  14. 27 Limitations of IDSs • Generate overwhelming number of alerts • Many false alerts – normal traffic or failed attacks • Alerts are isolated • No indication of how alerts can be combined • Incomplete alert information • Where does a security administrator start? • Is the attacker trying to obtain access to Crown Jewels? • Require extensive human intervention 14

  15. Alert Correlation • Correlate alerts to build attack scenarios • For efficient response, this must be done in real time Attack Graph Approach • Provides context for alarms • Can help with forensic analysis, attack response, attack prediction 15

  16. Hypothesizing and Predicting Alerts • Correlation based on the prepare-for relationship is vulnerable to alerts missed by IDSs - Reassembling a broken attack scenario is expensive and error-prone • By reasoning about the inconsistency between the knowledge (encoded in attack graph) and the facts (represented by received alerts), missing alerts can be hypothesized • By extending the facts in a way that is consistent with the knowledge, possible consequences of current attacks can be predicted Protect What-If Detect Network 32 16

  17. Security Metrics Network Hardening CAULDRON has Numerous Applications Alarm Sensor Correlation Placement And Attack Response 33 CAULDRON Has Wide Customer Base DHS NSA FAA AFOSR NRO AFRL JIOC DISA 34 17

  18. FAA CSIRC Deployment, Leesburg, VA FAA CSIRC Deployment, Leesburg, VA FAA Headquarters 35 Summary of CAULDRON • Automated analysis of all possible attack paths through a network – Resulting attack “roadmap” provides context for optimal defenses – Transforms volumes of isolated facts into manageable, actionable results • Integrates with existing tools for capturing network configuration • Your network is provably secure, with minimum effort • Best tool for making informed decisions about network security 36 18

  19. Further Information: Sushil Jajodia jajodia@gmu.edu (703) 993-1653 http://csis.gmu.edu/ 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Jan Stypka Outline of the talk 1. Problem description 2. Initial approach and its problems 3. A

Jan Stypka Outline of the talk 1. Problem description 2. Initial approach and its problems 3. A

Jan Stypka Outline of the talk 1. Problem description 2. Initial approach and its problems 3. A neural network approach (and its problems) 4. Potential applications 5. Demo & Discussion Initial project definition Extracting keywords

763 views • 45 slides
Connector Integration SALESFORCE CONNECTOR INTEGRATION Share data to and from Salesforce

Connector Integration SALESFORCE CONNECTOR INTEGRATION Share data to and from Salesforce

Platform Demo Salesforce Connector Integration SALESFORCE CONNECTOR INTEGRATION Share data to and from Salesforce Enabled progressive profiling Technical expertise not required SFDC Demo BRIEF OVERVIEW OF CROWNPEAK

595 views • 5 slides
Session Outline Course themes imperative problem solving (think: outline form) C

Session Outline Course themes imperative problem solving (think: outline form) C

Session Outline Course themes imperative problem solving (think: outline form) C programming (close to the machine) storage and processing of data Linux operating system control of robots Demo Course Web site

780 views • 9 slides
Will it blend ? Java agents and OSGi Slides revision : 20190923- ea 7 c 311 1 Welcome 2 About

Will it blend ? Java agents and OSGi Slides revision : 20190923- ea 7 c 311 1 Welcome 2 About

Will it blend ? Java agents and OSGi Slides revision : 20190923- ea 7 c 311 1 Welcome 2 About me 3 Outline Quick demo Java agents primer Usage scenarios OSGi integration Integration testing Testing demo 4 Quick demo 5 Java agents

694 views • 30 slides
Non-Stationary Reinforcement Learning Ruihao Zhu MIT IDSS Joint work with Wang Chi Cheung (NUS)

Non-Stationary Reinforcement Learning Ruihao Zhu MIT IDSS Joint work with Wang Chi Cheung (NUS)

Non-Stationary Reinforcement Learning Ruihao Zhu MIT IDSS Joint work with Wang Chi Cheung (NUS) and David Simchi-Levi (MIT) 1 / 18 Epidemic Control A DM iteratively: 1. Pick a measure to contain the virus. 2. See the corresponding outcome.

1.01k views • 55 slides
Acceptance Test Optimization Optimization Mohamed Mussa, Ferhat Khendek SAM2014 Outline

Acceptance Test Optimization Optimization Mohamed Mussa, Ferhat Khendek SAM2014 Outline

Acceptance Test Optimization Optimization Mohamed Mussa, Ferhat Khendek SAM2014 Outline Outline Background Problem Statement Overall Approach Integration test cases selection Integration test cases selection

490 views • 21 slides
Problem solved: SAP Integration 2 SAP Integration SAPs ability to standardize a range of

Problem solved: SAP Integration 2 SAP Integration SAPs ability to standardize a range of

Problem solved: SAP Integration 2 SAP Integration SAPs ability to standardize a range of Build applications shared business functions has made it a that seamlessly critical component of many enterprises back offjce operations

500 views • 10 slides
Antiderivatives and rules of integration Antiderivatives and rules of integration Problem

Antiderivatives and rules of integration Antiderivatives and rules of integration Problem

Antiderivatives and rules of integration Antiderivatives and rules of integration Problem Antiderivatives and rules of integration Problem A fighter aircraft is launched from a deck of an aircraft carrier with the help of a steam catapult.

393 views • 17 slides
Overview Motivation Problem Definition Data Integration Data Integration Approaches

Overview Motivation Problem Definition Data Integration Data Integration Approaches

Overview Motivation Problem Definition Data Integration Data Integration Approaches Virtual integration Hanna Zhong Data warehouse hzhong@illinois.edu Issues Department of Computer Science University of Illinois,

403 views • 15 slides
OpenBCI what it can do, what weve done Outline Demo of OpenBCI What is BCI? EEG

OpenBCI what it can do, what weve done Outline Demo of OpenBCI What is BCI? EEG

OpenBCI what it can do, what weve done Outline Demo of OpenBCI What is BCI? EEG Toolbox Future Goals Community Demo of OpenBCI What is BCI? Brain-Computer Interface Direct communication pathway between the brain

1.19k views • 19 slides
Problem solved: Salesforce Integration 2 Salesforce Integration Salesforces ease of roll

Problem solved: Salesforce Integration 2 Salesforce Integration Salesforces ease of roll

Problem solved: Salesforce Integration 2 Salesforce Integration Salesforces ease of roll out and low cost Build applications of entry have made it the backbone of that seamlessly many enterprises customer operations but its

349 views • 10 slides
R ESOURCES I NTEGRATION (2) Problem driven approach moving from a problem to the sources (a

R ESOURCES I NTEGRATION (2) Problem driven approach moving from a problem to the sources (a

A NALYSIS AND COMPARISON OF SYSTEMS FOR HETEROGENEOUS INFORMATION RESOURCES INTEGRATION Tenth All-Russian Science Conference Digital Libraries: Advanced Methods and Technologies, Digital Collections Dubna, Russia Session 12 : Informational

740 views • 32 slides
An Approach for Solving the Unfairness Problem in WLANs Martin Heusse * , Yan Grunenberger * ,

An Approach for Solving the Unfairness Problem in WLANs Martin Heusse * , Yan Grunenberger * ,

An Approach for Solving the Unfairness Problem in WLANs Martin Heusse * , Yan Grunenberger * , Elena Lpez-Aguilera ** , Andrzej Duda * * LIG Grenoble Computer Laboratory ** Catalan Institute of Technology Outline WLAN unfairness problem

467 views • 22 slides
The Economic Re-integration of Returnees in Uruguay. A Qualitative Approach to the Reasons behind

The Economic Re-integration of Returnees in Uruguay. A Qualitative Approach to the Reasons behind

The Economic Re-integration of Returnees in Uruguay. A Qualitative Approach to the Reasons behind a Poor Labor Market Integration Introduction The most recent return wave of Uruguayan migrants began in 2008, with the onset of the economic

641 views • 23 slides
Solving a Dirichlet problem for Poissons Equation on a disc is as hard as integration.

Solving a Dirichlet problem for Poissons Equation on a disc is as hard as integration.

Definitions and examples Complexity of integration Poissons problem on a disc Solving a Dirichlet problem for Poissons Equation on a disc is as hard as integration. Akitoshi Kawamura, Florian Steinberg, Martin Ziegler Technische

725 views • 17 slides
Multimodal Integration Outline Spatial Transformation Motion Correction

Multimodal Integration Outline Spatial Transformation Motion Correction

freesurfer.net Multimodal Integration Outline Spatial Transformation Motion Correction Registration, Automatic and Manual MultiModal Integration DTI Integration fMRI Integration Viewing on Volume and

721 views • 47 slides
Percona Backup for MongoDB Akira Kurogane Percona 3 - 2 - 1 MongoDB Percona Server for

Percona Backup for MongoDB Akira Kurogane Percona 3 - 2 - 1 MongoDB Percona Server for

Percona Backup for MongoDB Akira Kurogane Percona 3 - 2 - 1 MongoDB Percona Server for MongoDB Community Edition MongoDB Enterprise Edition Replica Set Cluster Percona Backup for MongoDB 2 Elements of MongoDB Backups 3 MongoDB oplog

1.43k views • 38 slides
The OMRAS2 project Bringing together semantic audio, music informatics and computational

The OMRAS2 project Bringing together semantic audio, music informatics and computational

The OMRAS2 project Bringing together semantic audio, music informatics and computational musicology Mark Sandler Centre for Digital Music Queen Mary University of London Music Information Retrieval is maturing Components for Beat

251 views • 12 slides
Masher: Mapping Long(er) Reads with Hash-based Genome Indexing on GPUs Anas Abu-Doleh 1,2 , Erik

Masher: Mapping Long(er) Reads with Hash-based Genome Indexing on GPUs Anas Abu-Doleh 1,2 , Erik

Masher: Mapping Long(er) Reads with Hash-based Genome Indexing on GPUs Anas Abu-Doleh 1,2 , Erik Saule 1 , Kamer Kaya 1 and mit V. atalyrek 1,2 1 Department of Biomedical Informatics 2 Department of Electrical and Computer Engineering The

782 views • 28 slides
So Solving geometry problems: co combining text and

So Solving geometry problems: co combining text and

So Solving geometry problems: co combining text and diagram in interpretatio ion Minjoon Seo 1 , Hannaneh Hajishirzi 1 , Ali Farhadi 1,2 , Oren Etzioni 2 ,

717 views • 56 slides
Alert system retirement You are now Building on Bitcoin Bryan Bishop <kanzure@gmail.com>

Alert system retirement You are now Building on Bitcoin Bryan Bishop <kanzure@gmail.com>

Alert system retirement You are now Building on Bitcoin Bryan Bishop <kanzure@gmail.com> 0E4C A12B E16B E691 56F5 40C9 984F 10CC 7716 9FD2 2018-07-03 Talk outline History and background Vulnerabilities Alternatives Key

213 views • 19 slides
Student Success A Journey Best Taken Together (Early

Student Success A Journey Best Taken Together (Early

Student Success A Journey Best Taken Together (Early Alerts-Case Study) Pam Thorburn Director, Student Academic Services Victoria University of Wellington Presenta=on Overview Victoria

377 views • 22 slides
Public warnings on public displays Presentation to the W3C Workshop on Web-based Signage The

Public warnings on public displays Presentation to the W3C Workshop on Web-based Signage The

Public warnings on public displays Presentation to the W3C Workshop on Web-based Signage The Ericsson interest Ericsson has a vision about the networked society Where connectivity helps you make sense and more of your world

105 views • 10 slides
Improvements to in silico predictivity after access to proprietary data Donna Macmillan

Improvements to in silico predictivity after access to proprietary data Donna Macmillan

Improvements to in silico predictivity after access to proprietary data Donna Macmillan Scientist Virtual ICGM - 6 th April 2016 donna.macmillan@lhasalimited.org Agenda (1) Why data sharing is important and how data is used (2) Case study using

252 views • 21 slides

More recommend