network defence using attacker defender interaction
play

NETWORK DEFENCE USING ATTACKER-DEFENDER INTERACTION MODELLING - PowerPoint PPT Presentation

Jan 26, 2024 •95 likes •463 views

NETWORK DEFENCE USING ATTACKER-DEFENDER INTERACTION MODELLING Wednesday 22 nd June, 2016 Jana Medkov Pavel eleda Research Problem Automated selection of response actions Network Defence Using Interaction Modelling Page 2 / 12 Research

  1. NETWORK DEFENCE USING ATTACKER-DEFENDER INTERACTION MODELLING Wednesday 22 nd June, 2016 Jana Medková Pavel Čeleda

  2. Research Problem Automated selection of response actions Network Defence Using Interaction Modelling Page 2 / 12

  3. Research Problem Automated selection of response actions The cyber attacks grow both in number and speed Network Defence Using Interaction Modelling Page 2 / 12

  4. Research Problem Automated selection of response actions The cyber attacks grow both in number and speed Network security still lacks an efficient attack response system capable of running autonomously Network Defence Using Interaction Modelling Page 2 / 12

  5. Research Problem Automated selection of response actions The cyber attacks grow both in number and speed Network security still lacks an efficient attack response system capable of running autonomously Cyber attack and defence is very complex We are always uncertain about the state of the network We don’t know the attacker’s objectives and previous actions (and whether he is an attacker at all) The number of attack vectors is ever growing Network Defence Using Interaction Modelling Page 2 / 12

  6. Attack Response Network Defence Using Interaction Modelling Page 3 / 12

  7. Attack Response Network Defence Using Interaction Modelling Page 3 / 12

  8. Attack Response History Knowlegde Logs security event Network Defence Using Interaction Modelling Page 3 / 12

  9. Attack Response History Knowlegde Logs security event Network Defence Using Interaction Modelling Page 3 / 12

  10. Attack Response History Knowlegde Logs security reconfiguration event Network Defence Using Interaction Modelling Page 3 / 12

  11. Attack Response Decide Orient History Knowlegde Logs security reconfiguration event Act Observe Network Defence Using Interaction Modelling Page 3 / 12

  12. Attack Response Decide Orient History Knowlegde Logs security reconfiguration event IDS Act Observe Network Defence Using Interaction Modelling Page 3 / 12

  13. Attack Response Decide Orient History Knowlegde SIEM Logs security reconfiguration event IDS Act Observe Network Defence Using Interaction Modelling Page 3 / 12

  14. Attack Response Decide Orient History Knowlegde SIEM Logs security reconfiguration event SDN IDS Act Observe Network Defence Using Interaction Modelling Page 3 / 12

  15. Attack Response Decide Orient History Knowlegde ? SIEM Logs security reconfiguration event SDN IDS Act Observe Network Defence Using Interaction Modelling Page 3 / 12

  16. Research Goal Utilizing a model of interaction between an attacker and a defender to create more refined network defence strategy Network Defence Using Interaction Modelling Page 4 / 12

  17. Research Goal Utilizing a model of interaction between an attacker and a defender to create more refined network defence strategy Select response based on received security events and knowledge of the network Include the attacker’s motivation in the decision process Network Defence Using Interaction Modelling Page 4 / 12

  18. Research Topics Research Question I How can we model the interaction between an attacker and a defender? Network Defence Using Interaction Modelling Page 5 / 12

  19. Research Topics Research Question I How can we model the interaction between an attacker and a defender? Research areas Modelling the interaction between an attacker and a defender model the interaction reasonable input parameters optimal actions for defender and attacker computational feasibility for large networks Network Defence Using Interaction Modelling Page 5 / 12

  20. Research Topics Research Question II How can we use the model to form a network defence strategy? Network Defence Using Interaction Modelling Page 6 / 12

  21. Research Topics Research Question II How can we use the model to form a network defence strategy? Research areas Network defence strategy response action based on observed security alerts unknown state of the network unknown objective and past actions of an attacker Network Defence Using Interaction Modelling Page 6 / 12

  22. Research Topics Research Question II How can we use the model to form a network defence strategy? Research areas Network defence strategy response action based on observed security alerts unknown state of the network unknown objective and past actions of an attacker Strategy verification KYPO - cloud-based testbed for simulation of cyber attacks Network Defence Using Interaction Modelling Page 6 / 12

  23. Research Topics Research Question III Can the human instinct and experience be included in the defence strategy? Network Defence Using Interaction Modelling Page 7 / 12

  24. Research Topics Research Question III Can the human instinct and experience be included in the defence strategy? Research areas How can the response selection benefit from human input what in the model or strategy can be made more accurate Network Defence Using Interaction Modelling Page 7 / 12

  25. Research Topics Research Question III Can the human instinct and experience be included in the defence strategy? Research areas How can the response selection benefit from human input what in the model or strategy can be made more accurate Merging the human intuition into decision output how can we make it more accurate Network Defence Using Interaction Modelling Page 7 / 12

  26. Proposed Approach Modelling the interaction between an attacker and a defender Game theory toolset Use existing or modified model Optimal attacker’s and defender’s strategy Network Defence Using Interaction Modelling Page 8 / 12

  27. Proposed Approach Modelling the interaction between an attacker and a defender Game theory toolset Use existing or modified model Optimal attacker’s and defender’s strategy Estimating model parameters Formal network description the topology of the network the hosts and services present in the network the required levels of confidentiality, availability and integrity interdependence of services Formal description of attacks and responses Network Defence Using Interaction Modelling Page 8 / 12

  28. Proposed Approach Network defence strategy Maintain beliefs to manage uncertainty the current state of the network the attacker’s past actions the attacker’s objective Precomputed optimal responses Best response action in a given situation Network Defence Using Interaction Modelling Page 9 / 12

  29. Proposed Approach Strategy veri fi cation Cloud-based testbed for simulating cyber attacks Computer Security Incident Response Team (CSIRT) training exercises Network Defence Using Interaction Modelling Page 10 / 12

  30. Proposed Approach Strategy veri fi cation Cloud-based testbed for simulating cyber attacks Computer Security Incident Response Team (CSIRT) training exercises Adding human intuition to decision output Black-Litterman model in economy Formal description of human input Updating beliefs based on input Network Defence Using Interaction Modelling Page 10 / 12

  31. Summary Network security requires an efficient autonomous system which would select a response action based on observed security events Network Defence Using Interaction Modelling Page 11 / 12

  32. Summary Network security requires an efficient autonomous system which would select a response action based on observed security events Currently automated network defence systems react only in unambiguous situations and the rest of the events must be investigated by security experts Network Defence Using Interaction Modelling Page 11 / 12

  33. Summary Network security requires an efficient autonomous system which would select a response action based on observed security events Currently automated network defence systems react only in unambiguous situations and the rest of the events must be investigated by security experts Network Defence Using Interaction Modelling Page 11 / 12

  34. Summary Network security requires an efficient autonomous system which would select a response action based on observed security events Currently automated network defence systems react only in unambiguous situations and the rest of the events must be investigated by security experts We propose to model the interaction between an attacker and a defender to comprehend how the attacker’s goals affect his actions and use the model as a basis for a more refined network defence strategy Network Defence Using Interaction Modelling Page 11 / 12

  35. THANK YOU FOR YOUR ATTENTION! Jana Medková medko va@ics.muni.cz

Recommend

The Network Network Security Secure against what/whom Security goals Attacker model Same

The Network Network Security Secure against what/whom Security goals Attacker model Same

The Network Network Security Secure against what/whom Security goals Attacker model Same hub `trusted LAN Internet Eavesdrop / block messages / insert messages / ... Typical attacker model security protocol analysis: Attacker

780 views • 63 slides
CSE484/CSE584 BASIC WEB SECURITY MODEL Dr. Benjamin Livshits Web Security Web Attacker Sets up

CSE484/CSE584 BASIC WEB SECURITY MODEL Dr. Benjamin Livshits Web Security Web Attacker Sets up

CSE484/CSE584 BASIC WEB SECURITY MODEL Dr. Benjamin Livshits Web Security Web Attacker Sets up malicious site visited by victim; no control of network Alice Network Security Network Attacker Intercepts and controls network communication

907 views • 44 slides
Advanced Network Inference Techniques Based on Network Protocol Stack Information Leaks Roya

Advanced Network Inference Techniques Based on Network Protocol Stack Information Leaks Roya

Advanced Network Inference Techniques Based on Network Protocol Stack Information Leaks Roya Ensafi October 2013 Still A Peach Attacker Still A Peach Attacker Zombie Victim Attacker What if we could? Scan a firewall port or a hidden

651 views • 40 slides
New Defence Perspective New Defence Perspective New Defence Perspective New Defence Perspective

New Defence Perspective New Defence Perspective New Defence Perspective New Defence Perspective

New Defence Perspective New Defence Perspective New Defence Perspective New Defence Perspective Innovative technology, knowledge, problem solving are critical for Canada and its allies to mitigate new threats, stay ahead of potential

469 views • 18 slides
NETWORK DEFENCE STRATEGY EVALUATION: SIMULATION VS. LIVE NETWORK Tuesday 9 th May, 2017 Jana

NETWORK DEFENCE STRATEGY EVALUATION: SIMULATION VS. LIVE NETWORK Tuesday 9 th May, 2017 Jana

NETWORK DEFENCE STRATEGY EVALUATION: SIMULATION VS. LIVE NETWORK Tuesday 9 th May, 2017 Jana Medkov Martin Husk, Martin Draar Introduction optimal strategy to defend network infrastructure no standard for benchmarking Network Defence

574 views • 18 slides
Dragos, Inc. | May 2019 Student Student Officer Student Officer Network Defender Student

Dragos, Inc. | May 2019 Student Student Officer Student Officer Network Defender Student

Joe Slowik / @jfslowik Dragos, Inc. | May 2019 Student Student Officer Student Officer Network Defender Student Officer Network Defender ICS Defender

725 views • 46 slides
E XAMPLE 1 Suppose a defender is 3 yards in front of the receiver. This means the defender is 37

E XAMPLE 1 Suppose a defender is 3 yards in front of the receiver. This means the defender is 37

D AY 123 D OMAIN AND RANGE OF A QUADRATIC FUNCTION E XAMPLE 1 Suppose a defender is 3 yards in front of the receiver. This means the defender is 37 yards from the quarterback. Will he able to deflect or catch the ball? S OLUTION The answer

573 views • 10 slides
WELCOME Les Shearn Alliance Facilitator Defence Teaming Centre Defence Industry Liaison

WELCOME Les Shearn Alliance Facilitator Defence Teaming Centre Defence Industry Liaison

WELCOME Les Shearn Alliance Facilitator Defence Teaming Centre Defence Industry Liaison Officer - Defence SA 1 DEFENCE SA A SOUTH AUSTRALIAN GOVERNMENT AGENCY MISSION Facilitate the growth of Defence and sustainable defence industries in

457 views • 13 slides
2018 Annual Progress Report Public Defender of Consumers Salome Vardiashvili Interests

2018 Annual Progress Report Public Defender of Consumers Salome Vardiashvili Interests

2018 Annual Progress Report Public Defender of Consumers Salome Vardiashvili Interests Competence of Defender The Defender is entitled to present the Consumer. To evaluate the influence of tariffs or other regulation changes for consumers.

957 views • 27 slides
CSE 127: Introduction to Security Lecture 15: TLS Nadia Heninger and Deian Stefan UCSD Fall

CSE 127: Introduction to Security Lecture 15: TLS Nadia Heninger and Deian Stefan UCSD Fall

CSE 127: Introduction to Security Lecture 15: TLS Nadia Heninger and Deian Stefan UCSD Fall 2019 Some material from Dan Boneh, Stefan Savage Reminder: Network Attacker Threat Model Network Attacker: Controls infrastructure: Routers, DNS

1.36k views • 67 slides
CSE 127: Introduction to Security Lecture 15: TLS Deian Stefan UCSD Fall 2019 Material from

CSE 127: Introduction to Security Lecture 15: TLS Deian Stefan UCSD Fall 2019 Material from

CSE 127: Introduction to Security Lecture 15: TLS Deian Stefan UCSD Fall 2019 Material from Nadia Heninger, Dan Boneh, Stefan Savage Reminder: Network Attacker Threat Model Network Attacker: Controls infrastructure: Routers, DNS

1.29k views • 76 slides
FY 2018-19 MOE BUDGET April 10, 2018 Presented By: Brendon D. Woods, Public Defender

FY 2018-19 MOE BUDGET April 10, 2018 Presented By: Brendon D. Woods, Public Defender

1 FY 2018-19 MOE BUDGET April 10, 2018 Presented By: Brendon D. Woods, Public Defender acgov.org/defender 2 To zealously protect and defend the rights of our clients through compassionate and MISSION inspired legal representation of the

574 views • 39 slides
FY 2020-21 MOE BUDGET April 14, 2020 Presented By: Brendon D. Woods, Public Defender

FY 2020-21 MOE BUDGET April 14, 2020 Presented By: Brendon D. Woods, Public Defender

1 FY 2020-21 MOE BUDGET April 14, 2020 Presented By: Brendon D. Woods, Public Defender acgov.org/defender 2 MISSION To zealously protect and defend the rights of our clients through compassionate and inspired legal representation of the

276 views • 14 slides
Japan: Defence and Security Strategic Aim: to be the second closest international defence

Japan: Defence and Security Strategic Aim: to be the second closest international defence

Japan: Defence and Security Strategic Aim: to be the second closest international defence equipment partner with Japan after the United States How? create a genuine two-way street of defence equipment cooperation including direct

910 views • 18 slides
ASPI-UNISYS Defence and Security Luncheon 26 May 2011 The 2011-12 Defence Budget Mark

ASPI-UNISYS Defence and Security Luncheon 26 May 2011 The 2011-12 Defence Budget Mark

ASPI-UNISYS Defence and Security Luncheon 26 May 2011 The 2011-12 Defence Budget Mark Thomson This years defence budget caused considerable alarm in some quarters. One commentator said that cuts to the defence budget announced

599 views • 13 slides
FY 2018-19 PROPOSED BUDGET June 26, 2018 Presented By: Brendon D. Woods, Public Defender

FY 2018-19 PROPOSED BUDGET June 26, 2018 Presented By: Brendon D. Woods, Public Defender

1 FY 2018-19 PROPOSED BUDGET June 26, 2018 Presented By: Brendon D. Woods, Public Defender acgov.org/defender 2 To zealously protect and defend the rights of our clients through compassionate and MISSION inspired legal representation of the

302 views • 9 slides
ED EDA A Defence ence Pr Procureme curement nt Ga Gate teway ED EDA Defence ence

ED EDA A Defence ence Pr Procureme curement nt Ga Gate teway ED EDA Defence ence

ED EDA A Defence ence Pr Procureme curement nt Ga Gate teway ED EDA Defence ence Procurem rocurement ent Ga Gateway EDA Defence Procurement Gateway Defence Procurement Defence Procurement Information Hub Opportunities Hub EU

325 views • 4 slides
DNA Interaction Follow Network Network User-Product Network Nonuniform network comm costs

DNA Interaction Follow Network Network User-Product Network Nonuniform network comm costs

Social Network Social Network Web Network DNA Interaction Follow Network Network User-Product Network Nonuniform network comm costs Nonuniform comp requirement Contentiousness of the memory Nonuniform comm requirement

861 views • 50 slides
DEFENCE PRODUCTI ON, SALES AND PROCUREMENT: I NTERNATI ONAL BEST PRACTI CES: DEFENCE I NDUSTRI

DEFENCE PRODUCTI ON, SALES AND PROCUREMENT: I NTERNATI ONAL BEST PRACTI CES: DEFENCE I NDUSTRI

DEFENCE PRODUCTI ON, SALES AND PROCUREMENT: I NTERNATI ONAL BEST PRACTI CES: DEFENCE I NDUSTRI AL COOPERATI ON W I TH FOREI GN COUNTRI ES PROFESSOR ADRI AN KENDRY FORMER NATO SENI OR DEFENCE ECONOMI ST AND ADVI SER TO THE 1 2 TH NATO SECRETARY

537 views • 31 slides
SQL Injection: Summary Target: web server that uses a back-end database Attacker goal:

SQL Injection: Summary Target: web server that uses a back-end database Attacker goal:

SQL Injection: Summary Target: web server that uses a back-end database Attacker goal: inject or modify database commands to either read or alter web-site information Attacker tools: ability to send requests to web server (e.g.,

89 views • 4 slides
ISS TRAINING & EDUCATION SERVICES PROJECT (ITESP) OVERVIEW The Defence Core Network Services

ISS TRAINING & EDUCATION SERVICES PROJECT (ITESP) OVERVIEW The Defence Core Network Services

ISS TRAINING & EDUCATION SERVICES PROJECT (ITESP) OVERVIEW The Defence Core Network Services (DCNS) programme was established to develop and deliver a portfolio of Information Communications Technology (ICT) services that are cheaper, better

394 views • 6 slides
S ENTENCING THEORIES & S TOR YTELLING Bill Raymond, Assistant Federal Defender Tim

S ENTENCING THEORIES & S TOR YTELLING Bill Raymond, Assistant Federal Defender Tim

S ENTENCING THEORIES & S TOR YTELLING Bill Raymond, Assistant Federal Defender Tim Burdick, Assistant Federal Defender hould Not Be entencing S What S DO YOUR HOMEWORK Know the law Options Available Cases that S upport Y

643 views • 32 slides
implementing solutions on skills in defence Launch of the European Defence Skills Partnership -

implementing solutions on skills in defence Launch of the European Defence Skills Partnership -

The way forward in implementing solutions on skills in defence Launch of the European Defence Skills Partnership - EDSP Brussels 19 June 2018 Elektra Tsigaridas European Commission, DG GROW ENTR F GROW i.4 Structure Defence Skills

223 views • 7 slides
Analytical support to European defence developments - the Swedish experience Tomas Eriksson

Analytical support to European defence developments - the Swedish experience Tomas Eriksson

Analytical support to European defence developments - the Swedish experience Tomas Eriksson Swedish Defence Research Agency (FOI) Division of Defence Analysis Filnamn Background: Defence-related issues within the European Union Creation

421 views • 10 slides

More recommend