Cooperative Response Strategies for Large Scale Attack Mitigation - PowerPoint PPT Presentation

About This Presentation
Title:

Cooperative Response Strategies for Large Scale Attack Mitigation

Description:

Cooperative Response Strategies for Large Scale Attack Mitigation D. Nojiri, J. Rowe, K. Levitt Univ of California Davis DARPA Info Survivability Conference and ... – PowerPoint PPT presentation

Number of Views:123
Avg rating:3.0/5.0
Slides: 21
Provided by: csUcfEduc9
Learn more at: http://www.cs.ucf.edu
Category:

less

Transcript and Presenter's Notes

Title: Cooperative Response Strategies for Large Scale Attack Mitigation


1
Cooperative Response Strategies for Large Scale
Attack Mitigation
D. Nojiri, J. Rowe, K. LevittUniv of California
DavisDARPA Info Survivability Conference and
Exposition2003Presented by Hao Cheng, 2006.01
2
Contribution
  • Build a mathematical model for the cooperation
    defense model.
  • Simulation results sound reasonable and confirm
    some meaningful understandings.

3
Architecture
malicious
Internet
block
alerted
friend protocol
alerted
P2P Cooperative Structure
4
Why Cooperation P2P?
  • Large-scale Internet worm attack
  • attack- overwhelming, distributed
  • local knowledge- useless
  • hierarchical control- localized region

5
What Problems?
  • Propagation of information- slow
  • Security issues
  • Responses- expensive
  • False alarms
  • A formal study on automated mitigation control
    mechanism is necessary.
  • Mathematical model Simulation

6
Assumption
  • Direct cooperation- limited number of friend
    organizations
  • Two States.
  • if (detect/alerted suspicious attacks)
  • follow local policy
  • blocking and sharing info with its own set of
    friends.
  • Rate of propagation
  • R(mitigating response) gt R(worm attacks)

7
Modeling
  • Stanifords Virus Propagation Model 2

8
Cont
  • Kepharts Virus Infection Model 3

9
Mitigation Response
Cumulative severity of messages in the entire
system
10
Infection Rate
  • Attacks from Inside/Outside
  • Local Infection Rate
  • Global Infection Rate

short comments not all hosts are controlled in
cooperation network.
11
Numerical Solution
Differential Equation, solve in numerical way.
12
Plots
propagation rate
time step
Analysis need to have enough number of
cooperating members or friends.
13
Simulation
  • base on Swarm simulation package.
  • http//www.swarm.org/wiki/Main_Page
  • Biological science- population dynamics.

14
Experimental Settings
  • Internet Topology flat network.
  • 5832 vulnerable hosts, 729 cooperating members
    (controlling 8 hosts).
  • Responce device keeps an alert level and will
    become alerted if receiving enough alert
    messages.
  • Alerted block informs friends.

15
Plots
propagation rate
varied number of friends
time step
16
Analysis Results
  • Greater number of friends, Greater suppression of
    the worm, Shorter the time to recover, More false
    alarms.
  • Higher severity threshold, Lower false alarms.
  • Optimal friend lists.- graph theory problem,
    reduce the diameter of a directed graph with
    limited number of edges.

17
Weakness
  • The mitigation response cost.
  • Unclear in Presentation.
  • Not very realistic in Math modeling.
  • already pointed during presentation.
  • A peer can go into alerted, not only by receiving
    the warning information.
  • Modeling results not totally convincing.
  • Security problem.

18
Improvement
  • study pointed problems.
  • Optimal friend list need to be considered more
    seriously.

19
Reference
  1. D. Nojiri, J. Rowe, K. Levitt. Cooperative
    Response Strategies for Large Scale Attack
    Mitigation. DARPA Info Survivability Conference
    and Exposition, 2003.
  2. Jeffrey O. Kephart, Steve R. White. Directed
    Graph Epidemiological Models of Computer Viruses.
    IEEE Computer Society Symposium on Research in
    Security and Privacy. 1991.
  3. Stuart Staniford, V. Paxon, N. Weaver. How to Own
    the Internet in Your Spare Time. Usenix Security
    Symposium 2002.
  4. http//www.swarm.org/wiki/Main_Page

20
  • Questions?
Write a Comment
User Comments (0)
About PowerShow.com