survivability analysis of a computer system under an
play

Survivability Analysis of a Computer System under an Advanced - PowerPoint PPT Presentation

Dec 22, 2022 •145 likes •420 views

Survivability Analysis of a Computer System under an Advanced Persistent Threat Attack guez , Xiaolin Chang , Xiaodan Li , Kishor S. Trivedi Ricardo J. Rodr rjrodriguez@unizar.es , xlchang@bjtu.edu.cn , { xiaodan.li,ktrivedi }

  1. Survivability Analysis of a Computer System under an Advanced Persistent Threat Attack ıguez † , Xiaolin Chang ‡ , Xiaodan Li § , Kishor S. Trivedi § Ricardo J. Rodr´ rjrodriguez@unizar.es , xlchang@bjtu.edu.cn , { xiaodan.li,ktrivedi } @duke.edu � All wrongs reversed † University of Zaragoza ‡ Beijing Jiaotong University § Duke University † Second University of Naples June 27, 2016 3rd International Workshop on Graphical Models for Security Lisbon, Portugal

  2. Introduction (I) Cyberattacks are rapidly increasing + 38 % in 2015 a Cybercrime is a growing (and quite wealthy) industry High cost for companies (estimated cost of $ 575 B ) Service downtime and cleanup of compromised systems Loss of customer confidence, even data theft a https://news.sap.com/ pwc-study-biggest-increase-in-cyberattacks-in-over-10-years/ R.J. Rodr´ ıguez et al. Survivability Analysis of a Computer System under an APT Attack GraMSec 2016 2 / 19

  3. Introduction (I) Cyberattacks are rapidly increasing + 38 % in 2015 a Cybercrime is a growing (and quite wealthy) industry High cost for companies (estimated cost of $ 575 B ) Service downtime and cleanup of compromised systems Loss of customer confidence, even data theft a https://news.sap.com/ pwc-study-biggest-increase-in-cyberattacks-in-over-10-years/ Just a little bit scared. . . Critical infrastructures: provide essential services to the society Examples: power distribution, water treatment, financial services. . . Discontinuity of service may lead to fatalities or injuries Different nature, from unintended acts of nature to intentional attacks (e.g., sabotage, terrorism) Cyberattacks to these systems have an increasing trend R.J. Rodr´ ıguez et al. Survivability Analysis of a Computer System under an APT Attack GraMSec 2016 2 / 19

  4. Introduction (II) Malware Specially crafted software with one goal: achieve malicious activities Different types of malware, depending on their behaviour Viruses, worms, keyloggers, ransomware, etc. R.J. Rodr´ ıguez et al. Survivability Analysis of a Computer System under an APT Attack GraMSec 2016 3 / 19

  5. Introduction (II) Malware Specially crafted software with one goal: achieve malicious activities Different types of malware, depending on their behaviour Viruses, worms, keyloggers, ransomware, etc. Advanced Persistent Threat (APT) Advanced : sophisticated attack Involves a previous reconnaissance of the target Persistent : long-term staying The longer they stay in the system, the more data are exfiltrated R.J. Rodr´ ıguez et al. Survivability Analysis of a Computer System under an APT Attack GraMSec 2016 3 / 19

  6. Introduction (II) Malware Specially crafted software with one goal: achieve malicious activities Different types of malware, depending on their behaviour Viruses, worms, keyloggers, ransomware, etc. Advanced Persistent Threat (APT) Advanced : sophisticated attack Involves a previous reconnaissance of the target Persistent : long-term staying The longer they stay in the system, the more data are exfiltrated Knowledge is power R.J. Rodr´ ıguez et al. Survivability Analysis of a Computer System under an APT Attack GraMSec 2016 3 / 19

  7. Introduction (III) APT examples Operation Aurora : attributed to China, in 2010 a lot of companies from different domains (such as Google, Yahoo, Morgan Stanley, or Dow Chemicals) were attacked Stuxnet : attributed to US-Israel and discovered in 2010, affected to Siemens PLCs of SCADA networks in Iran nuclear facilities Others: GhostNet , Duqu , Flame , . . . R.J. Rodr´ ıguez et al. Survivability Analysis of a Computer System under an APT Attack GraMSec 2016 4 / 19

  8. Introduction (IV) APT life-cycle EXPLOIT INFECT LMOV EFIL Entry point/exploitation: 0-days or known but not fixed vulnerabilities 1 Infection: make persistence. Normally, also installs RAT tools 2 Lateral movement: move through the network, looking data of interest 3 and other hosts to compromise Exfiltration: modify or send out network boundaries sensitive data 4 R.J. Rodr´ ıguez et al. Survivability Analysis of a Computer System under an APT Attack GraMSec 2016 5 / 19

  9. Introduction (IV) APT life-cycle EXPLOIT INFECT LMOV EFIL Entry point/exploitation: 0-days or known but not fixed vulnerabilities 1 Infection: make persistence. Normally, also installs RAT tools 2 Lateral movement: move through the network, looking data of interest 3 and other hosts to compromise Exfiltration: modify or send out network boundaries sensitive data 4 Survivability System’s ability to withstand malicious attacks and support the system’s mission even when parts of the system are damaged Assessing the impact of an APT allows to characterize a system against those intended failures and evaluate mitigation techniques R.J. Rodr´ ıguez et al. Survivability Analysis of a Computer System under an APT Attack GraMSec 2016 5 / 19

  10. Introduction (V) Contribution Survivability assessment of a computer system under an APT attack Security model (as a Stochastic Reward Net) Integrates defender + attacker actions Assumptions made: event times are exponentially distributed Four survivability metrics System recovery 1 System availability 2 Data confidentiality loss 3 Data integrity loss 4 . . . after a vulnerability is announced, and during vulnerability mitigation strategy is being deployed R.J. Rodr´ ıguez et al. Survivability Analysis of a Computer System under an APT Attack GraMSec 2016 6 / 19

  11. Related Work Survivability metrics Little research on quantitative evaluation metrics Survivability of a resilient database system against intrusions, modeled with CTMC. Later, extended to semi-Markov processes (Wang et al., 2006, 2010) General approach for survivability quantification of networked systems using SRNs (Trivedi and Xia, 2015) Survivability assessment of Saudi Arabia crude-oil pipeline network (Rodr´ ıguez et al., 2015) Our model allows us. . . Not only availability analysis, also confidentiality and integrity (loss) Investigate security attributes during the transient period that: Starts after a vulnerability is publicly announced Ends when the vulnerability is fully removed Quantitative assessment of these attributes Insights on cost/benefit trade-offs of investments R.J. Rodr´ ıguez et al. Survivability Analysis of a Computer System under an APT Attack GraMSec 2016 7 / 19

  12. Background Petri nets – explanation simplified Underlying Markov-chain Places (circles, p X ) Transitions (bars, t X ) Time interpretation Tokens (black dots) R.J. Rodr´ ıguez et al. Survivability Analysis of a Computer System under an APT Attack GraMSec 2016 8 / 19

  13. Background Petri nets – explanation simplified Underlying Markov-chain Places (circles, p X ) Transitions (bars, t X ) Time interpretation Tokens (black dots) Extensions Stochastic PNs: exponentially distributed firing time in transitions Generalized SPNs: immediate + timed transitions (any distribution) Also inhibitor arcs Stochastic Reward Nets : GSPN + reward functions at net level R.J. Rodr´ ıguez et al. Survivability Analysis of a Computer System under an APT Attack GraMSec 2016 8 / 19

  14. Starts exploit implementation Starts vulnerability mitigation deployment System Description and Model (I) * Not known vulnerabilities * Not skill enough to find 0-day vulnerabilities R.J. Rodr´ ıguez et al. Survivability Analysis of a Computer System under an APT Attack GraMSec 2016 9 / 19

  15. System Description and Model (I) * Not known vulnerabilities * Not skill enough to find 0-day vulnerabilities Starts exploit implementation Starts vulnerability mitigation deployment R.J. Rodr´ ıguez et al. Survivability Analysis of a Computer System under an APT Attack GraMSec 2016 9 / 19

  16. System Description and Model (II) PATCH GOOD IMPLEMENTATION REPAIRED FAIL CRASH F C VULN FOUND EXPLOIT CODE EXPLOIT INFECT LMOV EFIL IMPLEMENTATION VULN Survivability metrics defined m 1 Probability that the vulnerable system has been patched at time t m 2 Probability that the system is unavailable at time t m 3 Mean accumulated time that the system is unavailable in ( 0 , t ] m 4 Mean accumulated loss of system confidentiality and integrity in ( 0 , t ] R.J. Rodr´ ıguez et al. Survivability Analysis of a Computer System under an APT Attack GraMSec 2016 10 / 19

  17. System Description and Model (III) p prepare T prepare p ready p deploy T deploy p good t 2 t 3 t 4 t 5 t 6 t 1 T efil [ g vul ] p efil T bugfound p infect T infect p exploit p lmov T lmov T exploit t vul 1 p tvul p vul p bugfound T vul T f1 T c1 T f2 T f3 T c3 T c2 T c4 p exploit2 t 7 p repair p crash T r1 T r2 [ g f5 ] T f4 p fail p vul_s T f5 g vuln if ( #( p vuln s ) == 1) then 1 else 0 if ( #( p vuln ) == 1) then 1 else 0 g f 5 m 1 Expected number of tokens of p good at time t m 2 Expected number of tokens of ( p crash + p fail + p deploy ) at time t m 3 Expected accumulated reward of ( p crash + p fail + p deploy ) by time t m 4 Expected accumulated reward of p exfil by time t R.J. Rodr´ ıguez et al. Survivability Analysis of a Computer System under an APT Attack GraMSec 2016 11 / 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Utilization of in vitro gastro intestinal system to check the survivability of free and

Utilization of in vitro gastro intestinal system to check the survivability of free and

Utilization of in vitro gastro intestinal system to check the survivability of free and encapsulated bacteria under gastro intestinal stress conditions Dr. R. Jayabalan Research Training: Dr. Kamila Goderska Department of Fermentation and

484 views • 15 slides
NOSCAM : NOSCAM : Sequential System Snapshot Service Sequential System Snapshot Service Ashish

NOSCAM : NOSCAM : Sequential System Snapshot Service Sequential System Snapshot Service Ashish

NOSCAM : NOSCAM : Sequential System Snapshot Service Sequential System Snapshot Service Ashish Gehani and Gershon Kedem Duke University Computer Science Introduction Internet survivability design Security of single node Growth of

435 views • 19 slides
ReSIST NoE ReSIST Resilience for Survivability in IST Resilient Computing: a multi-disciplinary

ReSIST NoE ReSIST Resilience for Survivability in IST Resilient Computing: a multi-disciplinary

ReSIST NoE ReSIST Resilience for Survivability in IST Resilient Computing: a multi-disciplinary MSc Curriculum Luca Simoncini Professor of Computer Engineering Faculty of Engineering, University of Pisa, Italy 2009/10/8-9 Paris, France

215 views • 17 slides
The Survivable Network Analysis Method: Assessing Survivability of Critical Systems

The Survivable Network Analysis Method: Assessing Survivability of Critical Systems

Carnegie Mellon University Software Engineering Institute The Survivable Network Analysis Method: Assessing Survivability of Critical Systems CERT/Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA

243 views • 20 slides
Dependability and Survivability Evalution of a Water Distribution Process with Arcade Stephan

Dependability and Survivability Evalution of a Water Distribution Process with Arcade Stephan

Outline Water distribution model Arcade Survivability in Arcade Conclusions References Dependability and Survivability Evalution of a Water Distribution Process with Arcade Stephan Roolvink, Anne Remke, Mari elle Stoelinga Performability

574 views • 39 slides
Enhancing the Internet Survivability using IP Fast Rerouting Kang Xi and H. Jonathan Chao Dept.

Enhancing the Internet Survivability using IP Fast Rerouting Kang Xi and H. Jonathan Chao Dept.

Enhancing the Internet Survivability using IP Fast Rerouting Kang Xi and H. Jonathan Chao Dept. of Electrical & Computer Engineering Polytechnic University {kang,chao}@poly.edu 1 Basics of IP Routing Find the src/dst paths for packet

527 views • 24 slides
Dependability and Survivability Evalution of a Water Distribution Process with Arcade Stephan

Dependability and Survivability Evalution of a Water Distribution Process with Arcade Stephan

Outline Water distribution model Arcade Survivability in Arcade Arcade to Prism Conclusions & future work References Dependability and Survivability Evalution of a Water Distribution Process with Arcade Stephan Roolvink, Anne Remke,

613 views • 45 slides
A New Approach to System-Level Single Event Survivability Prediction Melanie Berg 1 , Kenneth

A New Approach to System-Level Single Event Survivability Prediction Melanie Berg 1 , Kenneth

A New Approach to System-Level Single Event Survivability Prediction Melanie Berg 1 , Kenneth LaBel 2 , Michael Campola 2 , Michael Xapsos 2 Melanie.D.Berg@NASA.gov 1.AS&D in support of NASA/GSFC 2. NASA/GSFC P resented by Melanie Berg at

336 views • 20 slides
CS 147: Computer Systems Performance Analysis Examples Using a Distributed File System 1 / 37

CS 147: Computer Systems Performance Analysis Examples Using a Distributed File System 1 / 37

CS147 2015-06-15 CS 147: Computer Systems Performance Analysis Examples Using a Distributed File System CS 147: Computer Systems Performance Analysis Examples Using a Distributed File System 1 / 37 Velilinds Laws of Experimentation

534 views • 37 slides
System Zoo (work-in-progress) Kwangkeun Yi Research On Program Analysis System National

System Zoo (work-in-progress) Kwangkeun Yi Research On Program Analysis System National

System Zoo (work-in-progress) Kwangkeun Yi Research On Program Analysis System National Creative Research Initiative Center Dept. of Computer Science KAIST 11/11/2002@SNU System Zoo a software tool to make softwares safe 1 A Shame

1.36k views • 43 slides
Modelling Security of Critical Infrastructures: A Survivability Assessment guez , Jos e

Modelling Security of Critical Infrastructures: A Survivability Assessment guez , Jos e

Modelling Security of Critical Infrastructures: A Survivability Assessment guez , Jos e Merseguer , Simona Bernardi Ricardo J. Rodr { rjrodriguez, jmerse, simonab } @unizar.es All wrongs reversed Dpto. de Inform

983 views • 39 slides
Sustainability and survivability for the creative sector RIGA 09 tom fleming / creative

Sustainability and survivability for the creative sector RIGA 09 tom fleming / creative

Sustainability and survivability for the creative sector RIGA 09 tom fleming / creative consultancy / These things we know In tough economic times the ability to innovate, diversify, spot unmet needs and new markets is key to survival

596 views • 22 slides
Computer System Administration Computer Center, CS, NCTU What System Administrator Should do? (1)

Computer System Administration Computer Center, CS, NCTU What System Administrator Should do? (1)

Computer System Administration Computer Center, CS, NCTU What System Administrator Should do? (1) Ordinary list Install new system, programs and OS updates Monitoring system and trying to Tune performance Adding and removing users

762 views • 22 slides
Survivor: an Enhanced Controller Placement Strategy for Improving SDN Survivability Lucas F.

Survivor: an Enhanced Controller Placement Strategy for Improving SDN Survivability Lucas F.

Survivor: an Enhanced Controller Placement Strategy for Improving SDN Survivability Lucas F. Mller , Rodrigo R. Oliveira, Marcelo C. Luizelli, Luciano P. Gaspary, Marinho P. Barcellos Federal University of Rio Grande do Sul (UFRGS), Brazil

434 views • 32 slides
Access: Ensuring Access & Improving Survivability For The

Access: Ensuring Access & Improving Survivability For The

Access: Ensuring Access & Improving Survivability For The Underserved Bonnie J. Addario, Founder & Chair Bonnie J. Addario Lung Cancer FoundaDon

124 views • 11 slides
PATHWAY SURVIVABILITY A PRESENTATION BY AARON D. SMITH MONTGOMERY COUNTY DEPARTMENT OF PERMITTING

PATHWAY SURVIVABILITY A PRESENTATION BY AARON D. SMITH MONTGOMERY COUNTY DEPARTMENT OF PERMITTING

PATHWAY SURVIVABILITY A PRESENTATION BY AARON D. SMITH MONTGOMERY COUNTY DEPARTMENT OF PERMITTING SERVICES BASIC HOUSEKEEPING/CAVEATS I am not NFPA I am not (insert jurisdiction other than MoCo) and yes theyre crazy! I am not the

483 views • 19 slides
Stochastic processes arising from non commutative symmetries Final conference of MADACA Domaine

Stochastic processes arising from non commutative symmetries Final conference of MADACA Domaine

Stochastic processes arising from non commutative symmetries Final conference of MADACA Domaine de Chal` es 23 juin 2016 Philippe Biane CNRS INSTITUT GASPARD MONGE UNIVERSIT E PARIS EST The aim of this talk is to present some

854 views • 40 slides
Invariant, super and quasi-martingale functions of a Markov process Lucian Beznea Simion Stoilow

Invariant, super and quasi-martingale functions of a Markov process Lucian Beznea Simion Stoilow

Invariant, super and quasi-martingale functions of a Markov process Lucian Beznea Simion Stoilow Institute of Mathematics of the Romanian Academy and University of Bucharest Based on joint works with Iulian Cmpean and Michael Rckner

694 views • 26 slides
On the Total Variation Distance of SMPs Giorgio Bacci, Giovanni Bacci, Kim G. Larsen, Radu

On the Total Variation Distance of SMPs Giorgio Bacci, Giovanni Bacci, Kim G. Larsen, Radu

On the Total Variation Distance of SMPs Giorgio Bacci, Giovanni Bacci, Kim G. Larsen, Radu Mardare Aalborg University, Denmark 25-26 September 2014 4 IDEA CPS 1/24 Outline Semi-Markov Processes (SMPs) Total Variation Distance of

1.06k views • 66 slides
Urban Computing Dr. Mitra Baratchi October 5, 2020 Leiden Institute of Advanced Computer Science

Urban Computing Dr. Mitra Baratchi October 5, 2020 Leiden Institute of Advanced Computer Science

Urban Computing Dr. Mitra Baratchi October 5, 2020 Leiden Institute of Advanced Computer Science - Leiden University 1 Recap (Session 2-4) Time-series data Spatial data Geostatistical processes (e.g. temperature) Point processes

1.45k views • 103 slides
Generative Models I Ian Goodfellow, Sta ff Research Scientist, Google Brain MILA Deep Learning

Generative Models I Ian Goodfellow, Sta ff Research Scientist, Google Brain MILA Deep Learning

Generative Models I Ian Goodfellow, Sta ff Research Scientist, Google Brain MILA Deep Learning Summer School Montral, Qubec 2017-06-27 Density Estimation (Goodfellow 2017) Sample Generation Training examples Model samples (Goodfellow

921 views • 57 slides
On the discretization of Feynman-Kac semi-groups. Application to rare events sampling and Di ff

On the discretization of Feynman-Kac semi-groups. Application to rare events sampling and Di ff

On the discretization of Feynman-Kac semi-groups. Application to rare events sampling and Di ff usion Monte Carlo. PhD Seminar Grgoire Ferr Gabriel Stoltz CERMICS - ENPC www.enpc.fr Wednesday, May 10 th , 2017 Outline 1.

748 views • 39 slides
Stochastic Perrons Method in Linear and Nonlinear Problems Mihai S rbu, The University of

Stochastic Perrons Method in Linear and Nonlinear Problems Mihai S rbu, The University of

Stochastic Perrons Method in Linear and Nonlinear Problems Mihai S rbu, The University of Texas at Austin based on joint work with Erhan Bayraktar University of Michigan Division of Applied Mathematics Brown University, March 5th,

958 views • 42 slides
Generative and discriminative classification techniques Machine Learning and Category

Generative and discriminative classification techniques Machine Learning and Category

Generative and discriminative classification techniques Machine Learning and Category Representation 2014-2015 Jakob Verbeek, November 28, 2014 Course website: http://lear.inrialpes.fr/~verbeek/MLCR.14.15 Classification Given training data

295 views • 28 slides

More recommend