Research Paper

1
Research Paper
Course 60-592 Instructor Dr. Aggrawal
2
PAPERS

• Active Vulnerability Assessment of Computer
  Networks by Simulation of Complex Remote Attacks
• Igor Kotenko
• St. Petersburg Institute for Informatics and
  Automation, 39, 14th Liniya, Russia
• Formal Framework for Modeling and Simulation of
  DDoS Attacks Based on Teamwork of Hackers-Agents
• Igor Kotenko, Alexey Alexeev, Evgeny
  Mankov
• St. Petersburg Institute for Informatics
  and Automation, 39, 14th Liniya, Russia

3
Network Security

• Security Assurance
• We Have seen
• Practical tools
• We will see
• Underlying approach
• Theoretical Concepts
• With reference to Attack Simulator

4
Goal Of Paper

• Development
• Of General Approach
• Mathematical Models
• Software Simulation Tool
• For active analysis of computer network
• vulnerabilities

5
Security Assurance

• Important Problem
• Increasing Significance of information
• Potentially devastating Consequences
• Complex
• Growing Size
• Inter-Connectivity of Networks
• Number of Users
• Availability of Information

6
Attack Modeling and Simulation Approach

• Malefactors intention and attack task
  specification
• Application Ontology Computer Network Attacks
• Formal Grammar Based Framework
• State Machine based representation of attack
  generation
• Formal Model of Attacked Computer Network

7
Malefactors Intentions

• R - Reconnaissance
• Aiming at getting information about the network
  (host)
• I Implantation And Threat Realization

8
List of Malefactors Intentions 1-6 R type
7-12 I type
9
Attack Task Specification

• A Top Level attack Goal
• Specified as ltNetwork (host) address, Malefactors
  Intention, Known Data, Attack Object gt
• Known Data specifies the information about
  attacked computer network.
• Attack Object corresponds to optional variable
  defining more exactly attack target

10
Hierarchy of Attacks

• Two Subsets
• Upper Level ( Macro-level attacks)
• Lower Level (Micro Level attacks)

11
Relations

• Part Of decomposition relationship
• Kind Of specialization relationship
• Seq Of specifying sequence of relationship
• Example Of type of object (specific sample of
  Object)

12
(No Transcript)
13
Mathematical Model of Attack Intentions

• Formal Grammar
• Particular intentions inter-connected through
  substitution operations
• Ma lt Gi, Su gt
• Gi lt Vn, Vt, S, P, A gt
• Gi formal Grammar
• Su substitution

14
State Machines

• States
• First (Initial)
• Intermediate
• End (Final)
• Transition Arcs can be carried out only under
  specific circumstances
• Examples of State Machines
• Implantation and Threat Realization
• Identification of Hosts

15
Factors

• Malefactors Strategy
• Depends on results of intermediate actions
• Reason not possible to generate complete
  sequence of malefactors actions before-hand

16
Attack Simulator Implementation

• Multi Agent System
• Network Agent simulates a attacked computer
  network
• Hacker Agent performs attacks against computer
  networks
• Technology- MASDK (Multi Agent System Development
  Kit)

17
Key Components of Hacker Agent

• Kernel of Hacker Agent
• It calls specification of attack task
• Computes next state machine transition
• Script Component specifies set of scripts that
  can be executed by state machines
• Attack Task Specification Component provides
  user with interface to specify attack attributes
• Probabilistic decision making model used to
  determine hackers agent further action in attack
  generation
• Network Traffic Generator forms flow of network
  packets
• Attack Scenario Visualization for visual
  representation of attack progress

18
Key Component of Network Agent

• Kernel of Network Agent
• Functions used for specification of network
  configuration through user interface
• Computation of networks response to an attacking
  action
• State Machines Model specifies the network
  agent behavior ( communication functionality)
• Network Configuration Specification Component
  is used for a set of user interfaces for
  configuration of network to be attacked
• Firewall Model component determines firewalls
  response to action
• Network response component networks (hosts)
  response messages to attack

19
Component Models of Network Agent and Hacker Agent
20
Experiments with Attack Simulator

• Goals of experiment
• Checking a computer network security policy at
  stages of conceptual and logic design network
  security system.
• Checking security policy of a real life computer
  network

21
Factors affecting attack efficacy

• Protection Degree of Network firewall (PNF)
• Protection degree of Personal Firewall (PPF)
• Protection Parameters of attacked host(PP)
• Hackers Knowledge of Network (KN)

22
Attack outcome parameters

• Number of Attack steps (NS)
• Percentage of Intent realization (PIR)
• Percentage of Attack realization(PAR)
• Percentage of Firewall Blocking(PFB)
• Percentage of Reply Absence (PRA)

23
Example

• Realization of Intention CVR
• Protection of attacked host Strong
• Hackers Knowledge Good

24
Changes of Attack Outcome Parameters
25
Conclusion (Paper I)

• Paper presents formal approach to active
  vulnerability assessment based on modeling and
  simulation of remote computer network attacks
• Multi agent system
• Tries to give a standard procedure for security
  assurance

26
PAPER IIFormal Framework for Modeling and
Simulation of DDoS Attacks Based on Teamwork of
Hackers-Agents Igor Kotenko, Alexey Alexeev,
Evgeny Mankov St. Petersburg Institute for
Informatics and Automation, 39, 14th Liniya,
Russia

• Concern
• Growth of
• Number
• Capacity of DDOS attacks

27
Goals of Paper

• Goals Of Paper
• Development for formal framework for modeling
• Elaboration of Formal Specification of a
  representative spectrum
• Implementation of software development tools

28
Teamwork

• Joint Intention Theory
• Shared Plans theory
• Combined theory of Agents

29
Creation of Hackers Agent

• Forming the subject domain ontology
• Determining the agents team structure
• Defining the agents interaction-and-coordination
  mechanisms
• Specifying the agents actions plans
• Assigning roles and allocating plans between
  agents
• Realizing the teamwork by set of state-machines

30
Structure

• Client
• Supervises a sub-team of masters
• Masters
• Each master supervises a group of demons
• Demons
• Execute immediate attack actions against victim
  hosts

31
Suggested Mechanisms

• Maintenance and Action coordination
• Monitoring and restoration of agent functionality
• Maintenance of Communication Selectivity

32
Plan Of DDoS

• Preliminary
• Reconnaissance and Installation of Agents
• Basic
• Realization of DDoS attack by joint action of
  agents
• Final
• Visualization of attack results

33
Formal Model of Attacked Networks

• Represented as Quadruple
• MA ltMcn,Mhi, Mp, Mhrgt
• Mcn model of computer network structure
• Mhi model of host resources
• Mp model of computation of success
  probablilites
• Mhr model of host reaction in response to
  attacks Input -gt Output post condition

34
Attack Simulation Tool Implementation

• MASDK Multi-Agent System Development Kit
• Why Use Attack Simulator
• Checking a computer network security policy at
  stages of conceptual and logical design.
• Checking security of real life computer network

35
Conclusion (Paper II)

• Paper presents formal paradigm for modeling and
  simulation
• Presents a structure of team of agents
• Above approach used for evaluation of computer
  network security
• Analysis of both efficiency and effectiveness of
  security policy against DDoS attacks

36
References

• F.Cohen, Simulating Cyber Attacks, Defenses, and
  Consequences, IEEE Symposium on Security and
  Privacy,Berkeley, CA, 1999
• V.Gorodetski, and I.Kotenko, Attacks against
  Computer Network Formal Grammar-based Framework
  and Simulation Tool, Lecture
• V.Gorodetski, O.Karsayev, I.Kotenko, and
  A.Khabalov, Software Development Kit for
  Multi-agent Systems Design and Implementation,
  Lecture Notes in Artificial Intelligence, Vol.
  2296, Springer Verlag, 2002.
• M.Tambe, Towards Flexible Teamwork, Journal
  ofArtificial Intelligence Research, No.7, 1997.
• M.Tambe, and D.V.Pynadath, Towards Heterogeneous
  Agent Teams, Lecture Notes in Artificial
  Intelligence,Vol.2086, 2001

37
Questions and Comments

• THANK YOU
• Presented By
• Ashutosh Sood