A New Paradigm For Network Security Through Experiences From - PowerPoint PPT Presentation

A New Paradigm For Network Security Through Experiences From Reality (ANPFNSTEFR) Mohit Lad, UCLA Mohit Lad, Outrageous 06

Structure of the talk • Background and motivation • Gibberish • More Gibberish • A slide with the text “Questions?” written in big font. Mohit Lad, Outrageous 06

Background 1 Alice, Do you want to have dinner? , e c i l A 2 t u ? o r e b e a b t Alice e t u Bob g o r o b F a w o ! h l a p 3 g n i h t e r u S Frank Mohit Lad, Outrageous 06

Motivation • Defense through defense • Defense through offense new • ANPFNSTEFR newer Mohit Lad, Outrageous 06

What is ANPFNSTEFR? • Security through passive non-violent non- cooperation – Influenced by seminal work by Gandhi in early part of 1900s. • If the attacker attacks one machine, then give him another machine to attack. • Tell an attacker “I am protesting against your attack, but through peaceful and non-violent means” Mohit Lad, Outrageous 06

Why it works better Guilt What the !@#!@#$ ? Oh, You have opened my eyes, I want to travel to the peak of Himalayas I know you are attacking and meditate for the rest machine A, here are the of my life details of machine B Attack Good guy Attacker Mohit Lad, Outrageous 06

Why it works better Fear What the !@#!@#$ ? Seems like a trap, he must be a genius. Instead I am going to I know you are attacking attack somebody willing machine A, here are the to use offense details of machine B Attack Good guy Attacker Mohit Lad, Outrageous 06

Why it works better Lack of challenge My fellow hackers will look down on me. Instead I am going to I know you are attacking attack somebody willing machine A, here are the to use offense details of machine B Attack Good guy Attacker Mohit Lad, Outrageous 06

Evaluation Setup • Our hypothesis “Attackers are consciously unaware of their wrong doings”. – Our goal: Make them realize they are doing wrong and see how they change • Pick 4 professors from our department • Tell them to run scripts that attack our machines without their knowledge. Mohit Lad, Outrageous 06

Evaluation • Tell them “You just attacked our machines, and we are protesting in a non-violent manner” • Give them a one page questionnaire asking “Do you feel guilty?” • 75 % cases, answer was “yes” • 25 % cases, student lost funding and had to go back to his country Mohit Lad, Outrageous 06

Evaluation Setup II • Our hypothesis “Defenders prefer non- violence rather than offense”. • Pick 4 professors from our department • Attack their machines without their knowledge. Mohit Lad, Outrageous 06

Evaluation II • Tell them “We just attacked your machines” • Give them a one page questionnaire asking “Would you use offense to respond?” • 25 % cases, answer was “no” • 75 % cases, student lost funding and had to go back to his country Mohit Lad, Outrageous 06

Mathematical Evaluation Why it works? Mohit Lad, Outrageous 06

Conclusion • Breakthrough philosophy in security • Comprehensive evaluation – 75% feel guilty after attacking – 25% want to use offense as defenders • Thus, our approach 3 times (or 300%) better than using offense • Using our approach will reduce – 75% of attackers in the Internet – 25% of students in grad schools Mohit Lad, Outrageous 06

Future Work • The role of CURRY in network diagnosis • Spamming the Spammer to Shut the Spam using Offense (SSSSO) Mohit Lad, Outrageous 06

Questions? Mohit Lad, Outrageous 06