novel information attacks n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Novel Information Attacks PowerPoint Presentation
Download Presentation
Novel Information Attacks

Loading in 2 Seconds...

play fullscreen
1 / 7

Novel Information Attacks - PowerPoint PPT Presentation


  • 62 Views
  • Uploaded on

Novel Information Attacks. From “Carpet Bombings” to “Smart Bombs ”. Motivation. Traditional malware: Developed to create massive computer epidemics At the early stages of epidemics provides plenty of information for attack mitigation Modern anti-virus products:

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Novel Information Attacks' - taji


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
novel information attacks

Novel Information Attacks

From “Carpet Bombings” to “Smart Bombs”

slide2

Motivation

  • Traditional malware:
  • Developed to create massive computer epidemics
  • At the early stages of epidemics provides plenty of information for attack mitigation
  • Modern anti-virus products:
    • Developed for massive attacks leading to epidemics, rather than targeted attacks 
    • Mainly employ binary signatures to detect malware (viruses, network worms etc.).
    • The database of binary signatures is ever increasing due to new attacks and mutating malware
    • Novel malware such as StuxNet worm:
    • Developed to create single attacks against high value target(industrial and government facilities)
    • Does not create epidemics thus do not provide data for attack mitigation: the first instance of attack could also be the last instance
    • The malware is highly specialized for particular environment of the target
slide3

Traditional attack

Novel targeted attack

Attacker

Attacker

Information for

malware analysis

and attack mitigation

High

value

target

Information for

malware analysis

and attack mitigation

comes too late for

the high value target

slide4

What do we know about the StuxNet:

  • Internationally:
  • Majority of attacks happened in Iran [”W32.Stuxnet Dossier” Symantec Corporation, October 2010]
  • On July 7 2010, StuxNet might have shut down an Indian satellite that was operated by vulnerable remote terminal units [Jeffery Carr, “Did The Stuxnet Worm Kill India’s INSAT-4B Satellite?”, Forbes.com, September, 2010]
  • Generally, a targeted attack, such as StuxNet worm represents a threat of a great importance:
      • The mass utilization of remote and automatic control systems at strategic objects as nuclear power plants, gas and oil production and transportation... 
      • Such control systems incorporate a large number of interconnected industrial controllers and operator stations… 
      • Systems that are particularly vulnerable to targeted attacks such as StuxNet worm
slide5

D e p l o y m e n t

Control electronics

(PLC)

Process control computer

Propagation

Activation, execution

Erroneous

control

decisions

Actuators

Control valves

Destructive control

actions

What do we know about the StuxNet:

INTERNET

slide6

Our Current Work

  • Problem :
    • A new trend in computer attacks is a stealthy targeted attack
    • These attacks are aimed at high value targets within the national infrastructure that is much more dangerous and much more difficult to mitigate than traditional computer epidemics  
    • Existing computer security products, by design, fail to prevent targeted, industry oriented attacks. 
  • The proposed solution:
    • We propose a new cyber-security technology that detects attacks by identifying and classifying goals of an attacker (malware).
    • Our technology does not rely on large signature data base that minimizes the use of computer resources and associated costs.  
    • Our technology addresses both traditional massive attacks and low and slow targeted attacks on industrial and government facilities   
slide7

Attacker

Detecting

potential goals

of the attack

Observing

malicious

behaviors

Specifying

malicious

functionalities

Specifying

malicious

functionalities

Immunizing

high value

targets

High

value

target

Preventing

the attack

spread

Developing

functionality

recognition

technology

Utilizing

functionality

recognition

technology

What is done

What we want to do

Attacker