Research Paper Course 60-592 Instructor: Dr. Aggrawal.
-
Upload
charleen-fowler -
Category
Documents
-
view
220 -
download
0
Transcript of Research Paper Course 60-592 Instructor: Dr. Aggrawal.
![Page 1: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/1.jpg)
Research Paper
Course 60-592Instructor: Dr. Aggrawal
![Page 2: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/2.jpg)
PAPERS
Active Vulnerability Assessment of Computer Networks by Simulation of Complex Remote Attacks
Igor Kotenko St. Petersburg Institute for Informatics and Automation, 39, 14th Liniya, Russia
Formal Framework for Modeling and Simulation of DDoS Attacks Based on Teamwork of Hackers-Agents
Igor Kotenko, Alexey Alexeev, Evgeny Man’kov
St. Petersburg Institute for Informatics and Automation, 39, 14th Liniya, Russia
![Page 3: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/3.jpg)
Network Security
Security Assurance We Have seen
Practical tools We will see
Underlying approach Theoretical Concepts
With reference to Attack Simulator
![Page 4: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/4.jpg)
Goal Of Paper
Development
Of General ApproachMathematical ModelsSoftware Simulation Tool
For active analysis of computer network vulnerabilities
![Page 5: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/5.jpg)
Security Assurance
Important ProblemIncreasing Significance of informationPotentially devastating
Consequences Complex
Growing Size Inter-Connectivity of NetworksNumber of UsersAvailability of Information
![Page 6: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/6.jpg)
Attack Modeling and Simulation Approach Malefactors intention and attack task
specification Application Ontology “Computer Network
Attacks” Formal Grammar Based Framework State Machine based representation of
attack generation Formal Model of Attacked Computer
Network
![Page 7: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/7.jpg)
Malefactors Intentions
R - ReconnaissanceAiming at getting information about
the network (host)
I – Implantation And Threat Realization
![Page 8: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/8.jpg)
List of Malefactor’s Intentions1-6 R type 7-12 I type
![Page 9: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/9.jpg)
Attack Task Specification
A Top Level attack GoalSpecified as <Network (host) address,
Malefactors Intention, Known Data, Attack Object >
Known Data specifies the information about attacked computer network.
Attack Object corresponds to optional variable defining more exactly attack target
![Page 10: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/10.jpg)
Hierarchy of Attacks
Two Subsets
Upper Level ( Macro-level attacks)
Lower Level (Micro Level attacks)
![Page 11: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/11.jpg)
Relations
Part Of – decomposition relationship Kind Of – specialization relationship Seq Of – specifying sequence of
relationship Example Of – type of object (specific
sample of Object)
![Page 12: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/12.jpg)
![Page 13: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/13.jpg)
Mathematical Model of Attack Intentions
Formal GrammarParticular intentions inter-connected
through substitution operationsMa = < {Gi}, {Su} >Gi = < Vn, Vt, S, P, A >{Gi} – formal Grammar{Su} – substitution
![Page 14: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/14.jpg)
State Machines
States First (Initial) Intermediate End (Final)
Transition Arcs – can be carried out only under specific circumstances
Examples of State Machines Implantation and Threat Realization Identification of Hosts
![Page 15: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/15.jpg)
Factors
Malefactors Strategy
Depends on results of intermediate actions
Reason – not possible to generate complete sequence of malefactor’s actions before-hand
![Page 16: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/16.jpg)
Attack Simulator Implementation
Multi Agent SystemNetwork Agent – simulates a attacked
computer networkHacker Agent – performs attacks
against computer networks Technology- MASDK (Multi Agent
System Development Kit)
![Page 17: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/17.jpg)
Key Components of Hacker Agent
Kernel of Hacker Agent It calls specification of attack task Computes next state machine transition
Script Component – specifies set of scripts that can be executed by state machines
Attack Task Specification Component – provides user with interface to specify attack attributes
Probabilistic decision making model – used to determine hackers agent further action in attack generation
Network Traffic Generator – forms flow of network packets
Attack Scenario Visualization – for visual representation of attack progress
![Page 18: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/18.jpg)
Key Component of Network Agent
Kernel of Network Agent Functions used for specification of network configuration
through user interface Computation of network’s response to an attacking action
State Machines Model – specifies the network agent behavior ( communication functionality)
Network Configuration Specification Component – is used for a set of user interfaces for configuration of network to be attacked
Firewall Model component – determines firewall’s response to action
Network response component – network’s (host’s) response messages to attack
![Page 19: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/19.jpg)
Component Models of Network Agent and Hacker Agent
![Page 20: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/20.jpg)
Experiments with Attack Simulator
Goals of experiment
Checking a computer network security policy at stages of conceptual and logic design network security system.
Checking security policy of a real life computer network
![Page 21: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/21.jpg)
Factors affecting attack efficacy
Protection Degree of Network firewall (PNF)
Protection degree of Personal Firewall (PPF)
Protection Parameters of attacked host(PP)
Hackers Knowledge of Network (KN)
![Page 22: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/22.jpg)
Attack outcome parameters
Number of Attack steps (NS) Percentage of Intent realization (PIR) Percentage of Attack realization(PAR) Percentage of Firewall Blocking(PFB) Percentage of Reply Absence (PRA)
![Page 23: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/23.jpg)
Example
Realization of Intention CVR
Protection of attacked host – Strong
Hacker’s Knowledge – Good
![Page 24: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/24.jpg)
Changes of Attack Outcome Parameters
![Page 25: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/25.jpg)
Conclusion (Paper I)
Paper presents formal approach to active vulnerability assessment based on modeling and simulation of remote computer network attacks
Multi agent system Tries to give a standard procedure for
security assurance
![Page 26: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/26.jpg)
PAPER IIFormal Framework for Modeling and Simulation of DDoS Attacks Based on Teamwork of Hackers-Agents Igor Kotenko, Alexey Alexeev, Evgeny Man’kov St. Petersburg Institute for Informatics and Automation, 39, 14th Liniya, Russia
ConcernGrowth of
• Number• Capacity of DDOS attacks
![Page 27: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/27.jpg)
Goals of Paper
Goals Of PaperDevelopment for formal
framework for modelingElaboration of Formal
Specification of a representative spectrum
Implementation of software development tools
![Page 28: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/28.jpg)
Teamwork
Joint Intention Theory
Shared Plans theory
Combined theory of Agents
![Page 29: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/29.jpg)
Creation of Hackers Agent
Forming the subject domain ontology Determining the agents team structure Defining the agents interaction-and-
coordination mechanisms Specifying the agents actions plans Assigning roles and allocating plans
between agents Realizing the teamwork by set of state-
machines
![Page 30: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/30.jpg)
Structure
Client Supervises a sub-team of masters
MastersEach master supervises a group of
demons Demons
Execute immediate attack actions against victim hosts
![Page 31: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/31.jpg)
Suggested Mechanisms
Maintenance and Action coordination Monitoring and restoration of agent
functionality Maintenance of Communication
Selectivity
![Page 32: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/32.jpg)
Plan Of DDoS
PreliminaryReconnaissance and Installation of
Agents Basic
Realization of DDoS attack by joint action of agents
FinalVisualization of attack results
![Page 33: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/33.jpg)
Formal Model of Attacked Networks
Represented as Quadruple MA = <Mcn,{Mhi}, Mp, Mhr> Mcn – model of computer network structure {Mhi} – model of host resources Mp – model of computation of success
probablilites Mhr – model of host reaction in response to
attacks Input -> Output [& post condition]
![Page 34: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/34.jpg)
Attack Simulation Tool Implementation
MASDK – Multi-Agent System Development Kit
Why Use Attack SimulatorChecking a computer network security
policy at stages of conceptual and logical design.
Checking security of real life computer network
![Page 35: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/35.jpg)
Conclusion (Paper II)
Paper presents formal paradigm for modeling and simulation
Presents a structure of team of agents Above approach used for evaluation
of computer network security Analysis of both efficiency and
effectiveness of security policy against DDoS attacks
![Page 36: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/36.jpg)
References
F.Cohen, “Simulating Cyber Attacks, Defenses, and Consequences”, IEEE Symposium on Security and Privacy,Berkeley, CA, 1999
V.Gorodetski, and I.Kotenko, “Attacks against Computer Network: Formal Grammar-based Framework and Simulation Tool”, Lecture
V.Gorodetski, O.Karsayev, I.Kotenko, and A.Khabalov, “Software Development Kit for Multi-agent Systems Design and Implementation”, Lecture Notes in Artificial Intelligence, Vol. 2296, Springer Verlag, 2002.
M.Tambe, “Towards Flexible Teamwork”, Journal ofArtificial Intelligence Research, No.7, 1997.
M.Tambe, and D.V.Pynadath, “Towards Heterogeneous Agent Teams”, Lecture Notes in Artificial Intelligence,Vol.2086, 2001
![Page 37: Research Paper Course 60-592 Instructor: Dr. Aggrawal.](https://reader035.fdocuments.us/reader035/viewer/2022062322/56649ec85503460f94bd4e3a/html5/thumbnails/37.jpg)
Questions and Comments
THANK YOU
Presented By Ashutosh Sood