1 / 46

‧ 指導教授:林永松 博士

國立台灣大學 ‧ 資訊管理研究所 碩士論文口試審查. A Near-Optimal Redundancy Allocation Policy to Minimize System Vulnerability against Hazardous Events and Malicious Attacks 考量危害事件與惡意攻擊下系統脆弱度最小化之 近似最佳化冗餘配置策略. ‧ 指導教授:林永松 博士. ‧ 研究生:江坤道. 【Master Thesis】 Oral Examination. Outline. Introduction

aolani
Download Presentation

‧ 指導教授:林永松 博士

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 國立台灣大學‧資訊管理研究所碩士論文口試審查國立台灣大學‧資訊管理研究所碩士論文口試審查 A Near-Optimal Redundancy Allocation Policy to Minimize System Vulnerability against Hazardous Events and Malicious Attacks 考量危害事件與惡意攻擊下系統脆弱度最小化之 近似最佳化冗餘配置策略 ‧指導教授:林永松 博士 ‧研究生:江坤道 【Master Thesis】 Oral Examination

  2. Outline • Introduction • Problem Description & Formulation • Solution Approach • Computational Experiments • Conclusion & Future Work

  3. Outline • Introduction • Background • Motivation Introduction Problem Solution Experiments Conclusion

  4. Introduction Problem Solution Experiments Conclusion Background • We are in an environment where hazardous events occur frequently and malicious attacks emerge in an endless stream. • Hazardous events • Natural disasters • Man-made • Modern organizations have become increasingly reliant on information technology.

  5. Total losses for 2006 = $52,494,290 CSI/FBI 2006 Computer Crime and Security Survey 2006: 313 respondents Source: Computer Security Institute

  6. Introduction Problem Solution Experiments Conclusion Motivation • How to develop a solid redundancy allocation policywhich supports continuous services. • Related researches considering hazardous events and targeted malicious attacks at the same time are scant.

  7. Introduction Problem Solution Experiments Conclusion Outline • Problem • Description • Formulation • RAPMA Model • ARS Model Redundancy Allocation Problem considering Malicious Attacks Attacking Redundancy Strategy

  8. Introduction Problem Solution Experiments Conclusion Description Objective: maximize the vulnerability of the network when hazardous events occurring. Uncompromised Node (Primary) Attacked Node (Primary) Compromised Node (Primary) Secondary Component Attacked Secondary Component Non-attacked Secondary Component Unreachable Link Reachable Link Link upon the Attack Tree

  9. Introduction Problem Solution Experiments Conclusion Description • Two scenarios in the real world • Software • Malicious attacks: manipulation of configuration files • Hazardous events: power cut incurred by natural disasters • Hardware • Malicious attacks: malicious program making CPU overheated • Hazardous events: breakdown of air conditioner in the server room

  10. Introduction Problem Solution Experiments Conclusion Description • Two antithesis metrics • Vulnerability of the network • Total node vulnerability • Node vulnerability = Total component vulnerability • The network is compromised if no component is functional. • Survivability of the network • (1 - Vulnerability of the network)

  11. Introduction Problem Solution Experiments Conclusion Description • Assumptions • The attacker’s objective is to maximize the total vulnerability of the network against hazardous events. • The defender’s objective is to minimize the total vulnerability by redundancy allocation. • Both attacker and defender have complete information about the network topology. • Both attacker and defender have resource budget limitations. • Only node attack is considered. • Only malicious attacks are considered.

  12. Introduction Problem Solution Experiments Conclusion Description • Only AS-level networks are considered. • A node is only subject to attack if a path exists from attacker’s position to that node, and all the intermediate nodes on the path have been compromised. • “A node is compromised” if and only if the primary component deployed to it is compromised by allocating more attack power than the minimum level. • Failures of individual components are independent. • All redundant components are in a hot-standby state. • All redundant components which are compromised by attacker are never repaired or detected.

  13. Introduction Problem Solution Experiments Conclusion Description • Given • Defense resource budget B. • Attack resource budge A. • The minimum attack power required to compromise a component. • Attacker’s position s, which is connected to the target network • The network topology and the network size • The estimated probability of hazardous event d occurring • All available redundant components for node i to support operating function and provide failure tolerance.

  14. Introduction Problem Solution Experiments Conclusion Description • Objective • For attacker, to maximize the vulnerability against hazardous events. • For defender, to minimize the maximized vulnerability against hazardous events. • Subject to • The total defense cost must be no more than B. • The total attack cost most be no more than A. • The node to be attacked must be connected to the existing attack tree. • To determine • Defender: redundancy allocation policy. • Attacker: which nodes to attack, and attack power.

  15. Introduction Problem Solution Experiments Conclusion Formulation

  16. Introduction Problem Solution Experiments Conclusion Formulation (RAPMA) “A node is compromised” if and only if the primary component deployed to it is compromised by allocating more attack power than the minimum level.

  17. Introduction Problem Solution Experiments Conclusion Formulation (RAPMA)

  18. Introduction Problem Solution Experiments Conclusion Formulation (RAPMA)

  19. Introduction Problem Solution Experiments Conclusion Formulation (ARS)

  20. Introduction Problem Solution Experiments Conclusion Formulation (ARS)

  21. Introduction Problem Solution Experiments Conclusion Outline • Solution • Solution Approach • Lagrangean Relaxation • Approach to ARS Model • Approach to RAPMA Model

  22. Solution Approach • Lagrangean relaxation is applied to the ARS model. • Attacking strategy • Attack power • Target components • Defender adjusts redundancy allocation according to the attacking strategy to satisfy RAPMA model. • Redundancy allocation policy • Components

  23. LBOptimal Objective Function ValueUB Introduction Problem Solution Experiments Conclusion Lagrangean Relaxation Primal Problem Upper Bound Adjust Lagrangean Multipliers Lower Bound Lagrangean Relaxation Problem Lagrangean Dual Problem Subproblem Subproblem ‧‧‧‧‧‧‧

  24. Subproblem 1 ‧ Related to Xp (Attack Tree) ‧ Time Complexity: O(|N|2), where N is the number of nodes. Subproblem 2 ‧ Related to yi (Target) ‧ Time Complexity: O(|N|), where N is the number of nodes. Introduction Problem Solution Experiments Conclusion Approach to ARS Model Subproblem 3 ‧ Related to gim (Attack Power) ‧ Time Complexity: O(A|C|2), where C is the number of components, A is total attack power.

  25. Introduction Problem Solution Experiments Conclusion Approach to ARS Model Getting Primal Feasible Solution Step 1: Utilize the attack policyderived from Sub- problem 1 as the initial solution. Step 2: If the attack tree is available, go to Step 4, otherwise, go to Step 3. Step 3: “Recycle” the wasted attack power, which is allocated to the leaf node, and re-allocate the recycled power to the uncompromised nodes according to the associated weight, . . Go to Step 2. Step 4: Allocate residual power to reachable components according to its side effect. W=5 W=2 W=1 W=1 W=1

  26. Redundancy Allocation Policy Step 1: Sort the nodes according to the associated weight, , in descending order. Step 2: If the node is survival, degrade and recycle allocated defense resources; otherwise, upgrade its protection level. Step 3: Allocate residual resourcesto secondary components according to its side effect. Step 4: A practical redundancy allocation policy is found. Introduction Problem Solution Experiments Conclusion Approach to RAPMA Model W=5 W=2 W=1 W=1 W=0 W=1 W=0

  27. Introduction Problem Solution Experiments Conclusion Outline • Experiments • Environment • Simple Algorithm • Result

  28. Introduction Problem Solution Experiments Conclusion Environment (Scalability of ARS)

  29. Introduction Problem Solution Experiments Conclusion Environment (Applicability of ARS)

  30. Introduction Problem Solution Experiments Conclusion Environment (Scalability of RAPMA)

  31. Introduction Problem Solution Experiments Conclusion Environment (Applicability of RAPMA)

  32. Introduction Problem Solution Experiments Conclusion Simple Algorithm • Minimum cost spanning tree (SA1) • Applying prim’s algorithm to construct the attack tree • Edge weight: • Similar to DFS algorithm 1/2 1 1/4 1/2 1 1/4 1/2 1/3 1/2 1/3

  33. Introduction Problem Solution Experiments Conclusion Simple Algorithm • Greedy-based algorithm (SA2) • Hill climbing • Using only local information to obtain local optimal solution

  34. Introduction Problem Solution Experiments Conclusion Result (Scalability of ARS)

  35. Introduction Problem Solution Experiments Conclusion Result (Scalability of ARS)

  36. Introduction Problem Solution Experiments Conclusion Result (Scalability of ARS)

  37. Introduction Problem Solution Experiments Conclusion Result (Applicability of ARS)

  38. Introduction Problem Solution Experiments Conclusion Result (Scalability of RAPMA)

  39. Introduction Problem Solution Experiments Conclusion Result (Scalability of RAPMA)

  40. Result (Scalability of RAPMA)

  41. Result (Applicability of RAPMA)

  42. Introduction Problem Solution Experiments Conclusion Outline • Conclusion • Conclusion • Contribution • Future Work

  43. Introduction Problem Solution Experiments Conclusion Conclusion • A practical approach is proposed to effectively solve RAP; therefore, continuous service can be realized. • As a whole, anetwork with higher average degree is more robust. • Defense-in-depths might be the best strategy in designing a robust network.

  44. Introduction Problem Solution Experiments Conclusion Contribution • We propose a more robustframework which assists organization in providing continuous service via redundant allocation. • From our survey of literature, we might be the pioneer to consider malicious attacks and hazardous events at the same time. • Besides, RAP is extended to the realm of network management.

  45. Introduction Problem Solution Experiments Conclusion Future Work • Hazardous events occurred round by round. • The sequential hazardous events can be extended to multiple rounds. • Hazardous events occurred prior to targeted malicious attacks. • Issue: how to determine which nodes will survive after the occurrence of hazardous events, such as fire, flood, and blizzard.

  46. Thanks for your listening

More Related