1 / 37

Developing Active Vulnerability Assessment Tools for Network Security Assurance

Explore formal frameworks for modeling DDoS attacks, attack modeling and simulation approaches, hierarchical attack structures, and mathematical models of malicious intentions using the Attack Simulator system. Experiment with the system to evaluate network security policies and factors affecting attack efficacy.

ismet
Download Presentation

Developing Active Vulnerability Assessment Tools for Network Security Assurance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Research Paper Course 60-592 Instructor: Dr. Aggrawal

  2. PAPERS • Active Vulnerability Assessment of Computer Networks by Simulation of Complex Remote Attacks Igor Kotenko St. Petersburg Institute for Informatics and Automation, 39, 14th Liniya, Russia • Formal Framework for Modeling and Simulation of DDoS Attacks Based on Teamwork of Hackers-Agents Igor Kotenko, Alexey Alexeev, Evgeny Man’kov St. Petersburg Institute for Informatics and Automation, 39, 14th Liniya, Russia

  3. Network Security • Security Assurance • We Have seen • Practical tools • We will see • Underlying approach • Theoretical Concepts • With reference to Attack Simulator

  4. Goal Of Paper • Development • Of General Approach • Mathematical Models • Software Simulation Tool For active analysis of computer network vulnerabilities

  5. Security Assurance • Important Problem • Increasing Significance of information • Potentially devastating Consequences • Complex • Growing Size • Inter-Connectivity of Networks • Number of Users • Availability of Information

  6. Attack Modeling and Simulation Approach • Malefactors intention and attack task specification • Application Ontology “Computer Network Attacks” • Formal Grammar Based Framework • State Machine based representation of attack generation • Formal Model of Attacked Computer Network

  7. Malefactors Intentions • R - Reconnaissance • Aiming at getting information about the network (host) • I – Implantation And Threat Realization

  8. List of Malefactor’s Intentions 1-6 R type 7-12 I type

  9. Attack Task Specification • A Top Level attack Goal • Specified as <Network (host) address, Malefactors Intention, Known Data, Attack Object > • Known Data specifies the information about attacked computer network. • Attack Object corresponds to optional variable defining more exactly attack target

  10. Hierarchy of Attacks • Two Subsets • Upper Level ( Macro-level attacks) • Lower Level (Micro Level attacks)

  11. Relations • Part Of – decomposition relationship • Kind Of – specialization relationship • Seq Of – specifying sequence of relationship • Example Of – type of object (specific sample of Object)

  12. Mathematical Model of Attack Intentions • Formal Grammar • Particular intentions inter-connected through substitution operations • Ma = < {Gi}, {Su} > • Gi = < Vn, Vt, S, P, A > • {Gi} – formal Grammar • {Su} – substitution

  13. State Machines • States • First (Initial) • Intermediate • End (Final) • Transition Arcs – can be carried out only under specific circumstances • Examples of State Machines • Implantation and Threat Realization • Identification of Hosts

  14. Factors • Malefactors Strategy • Depends on results of intermediate actions • Reason – not possible to generate complete sequence of malefactor’s actions before-hand

  15. Attack Simulator Implementation • Multi Agent System • Network Agent – simulates a attacked computer network • Hacker Agent – performs attacks against computer networks • Technology- MASDK (Multi Agent System Development Kit)

  16. Key Components of Hacker Agent • Kernel of Hacker Agent • It calls specification of attack task • Computes next state machine transition • Script Component – specifies set of scripts that can be executed by state machines • Attack Task Specification Component – provides user with interface to specify attack attributes • Probabilistic decision making model – used to determine hackers agent further action in attack generation • Network Traffic Generator – forms flow of network packets • Attack Scenario Visualization – for visual representation of attack progress

  17. Key Component of Network Agent • Kernel of Network Agent • Functions used for specification of network configuration through user interface • Computation of network’s response to an attacking action • State Machines Model – specifies the network agent behavior ( communication functionality) • Network Configuration Specification Component – is used for a set of user interfaces for configuration of network to be attacked • Firewall Model component – determines firewall’s response to action • Network response component – network’s (host’s) response messages to attack

  18. Component Models of Network Agent and Hacker Agent

  19. Experiments with Attack Simulator • Goals of experiment • Checking a computer network security policy at stages of conceptual and logic design network security system. • Checking security policy of a real life computer network

  20. Factors affecting attack efficacy • Protection Degree of Network firewall (PNF) • Protection degree of Personal Firewall (PPF) • Protection Parameters of attacked host(PP) • Hackers Knowledge of Network (KN)

  21. Attack outcome parameters • Number of Attack steps (NS) • Percentage of Intent realization (PIR) • Percentage of Attack realization(PAR) • Percentage of Firewall Blocking(PFB) • Percentage of Reply Absence (PRA)

  22. Example • Realization of Intention CVR • Protection of attacked host – Strong • Hacker’s Knowledge – Good

  23. Changes of Attack Outcome Parameters

  24. Conclusion (Paper I) • Paper presents formal approach to active vulnerability assessment based on modeling and simulation of remote computer network attacks • Multi agent system • Tries to give a standard procedure for security assurance

  25. PAPER IIFormal Framework for Modeling and Simulation of DDoS Attacks Based on Teamwork of Hackers-Agents Igor Kotenko, Alexey Alexeev, Evgeny Man’kov St. Petersburg Institute for Informatics and Automation, 39, 14th Liniya, Russia • Concern • Growth of • Number • Capacity of DDOS attacks

  26. Goals of Paper • Goals Of Paper • Development for formal framework for modeling • Elaboration of Formal Specification of a representative spectrum • Implementation of software development tools

  27. Teamwork • Joint Intention Theory • Shared Plans theory • Combined theory of Agents

  28. Creation of Hackers Agent • Forming the subject domain ontology • Determining the agents team structure • Defining the agents interaction-and-coordination mechanisms • Specifying the agents actions plans • Assigning roles and allocating plans between agents • Realizing the teamwork by set of state-machines

  29. Structure • Client • Supervises a sub-team of masters • Masters • Each master supervises a group of demons • Demons • Execute immediate attack actions against victim hosts

  30. Suggested Mechanisms • Maintenance and Action coordination • Monitoring and restoration of agent functionality • Maintenance of Communication Selectivity

  31. Plan Of DDoS • Preliminary • Reconnaissance and Installation of Agents • Basic • Realization of DDoS attack by joint action of agents • Final • Visualization of attack results

  32. Formal Model of Attacked Networks • Represented as Quadruple • MA = <Mcn,{Mhi}, Mp, Mhr> • Mcn – model of computer network structure • {Mhi} – model of host resources • Mp – model of computation of success probablilites • Mhr – model of host reaction in response to attacks Input -> Output [& post condition]

  33. Attack Simulation Tool Implementation • MASDK – Multi-Agent System Development Kit • Why Use Attack Simulator • Checking a computer network security policy at stages of conceptual and logical design. • Checking security of real life computer network

  34. Conclusion (Paper II) • Paper presents formal paradigm for modeling and simulation • Presents a structure of team of agents • Above approach used for evaluation of computer network security • Analysis of both efficiency and effectiveness of security policy against DDoS attacks

  35. References • F.Cohen, “Simulating Cyber Attacks, Defenses, and Consequences”, IEEE Symposium on Security and Privacy,Berkeley, CA, 1999 • V.Gorodetski, and I.Kotenko, “Attacks against Computer Network: Formal Grammar-based Framework and Simulation Tool”, Lecture • V.Gorodetski, O.Karsayev, I.Kotenko, and A.Khabalov, “Software Development Kit for Multi-agent Systems Design and Implementation”, Lecture Notes in Artificial Intelligence, Vol. 2296, Springer Verlag, 2002. • M.Tambe, “Towards Flexible Teamwork”, Journal ofArtificial Intelligence Research, No.7, 1997. • M.Tambe, and D.V.Pynadath, “Towards Heterogeneous Agent Teams”, Lecture Notes in Artificial Intelligence,Vol.2086, 2001

  36. Questions and Comments THANK YOU Presented By Ashutosh Sood

More Related