IU-ATC Network Security and Resilience Monitoring (Theme 4)



Similar documents
Service Level AgreementMonitoring for Resilience in Computer Networks

Network Resilience. From Concepts to Experimentation. FIRE Research Workshop - May 16 th 2011

Distack. Towards Understanding the Global Behavior of DDoS Attacks A Framework for Distributed Attack Detection and Beyond

Network Resilience & DDoS attacks

Justifying a Policy Based Approach for DDoS Remediation: A Case Study

Security Challenges & Opportunities in Software Defined Networks (SDN)

Testing Network Security Using OPNET

A Multilevel Approach Towards Challenge Detection in Cloud Computing

Network Virtualization Network Admission Control Deployment Guide

Large-scale Evaluation of Distributed Attack Detection

Chapter 2 TOPOLOGY SELECTION. SYS-ED/ Computer Education Techniques, Inc.

A Novel Packet Marketing Method in DDoS Attack Detection

Experimentation driven traffic monitoring and engineering research

A System for in-network Anomaly Detection

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst

A REPORT ON ANALYSIS OF OSPF ROUTING PROTOCOL NORTH CAROLINA STATE UNIVERSITY

Tools for Peer-to-Peer Network Simulation

Management Patterns: SDN-Enabled Network Resilience Management

Ashok Kumar Gonela MTech Department of CSE Miracle Educational Group Of Institutions Bhogapuram.

Cisco Application Networking for IBM WebSphere

Intelligent. Data Sheet

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

On Ubiquitous Network Security and Anomaly Detection *

spirent Test the security, performance and scalability of your app-aware infrastructure

Socket = an interface connection between two (dissimilar) pipes. OS provides this API to connect applications to networks. home.comcast.

Software Development Kit

Architectural Overview

Nemea: Searching for Botnet Footprints

DoS: Attack and Defense

Lab 1: Evaluating Internet Connection Choices for a Small Home PC Network

CTS2134 Introduction to Networking. Module Network Security

SANE: A Protection Architecture For Enterprise Networks

How To. Instreamer to Exstreamer connection. Project Name: Document Type: Document Revision: Instreamer to Exstreamer connection. How To 1.

Security Advisory. Some IPS systems can be easily fingerprinted using simple techniques.

ADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY

Introducing Performance Engineering by means of Tools and Practical Exercises

Analysis and Simulation of VoIP LAN vs. WAN WLAN vs. WWAN

Monitoring Infrastructure (MIS) Software Architecture Document. Version 1.1

DDoS-blocker: Detection and Blocking of Distributed Denial of Service Attack

Course Outline. Course 20336B: Core Solutions of Microsoft Lync Server Duration: 5 Days

Course Outline. Core Solutions of Microsoft Lync Server 2013 Course 20336B: 5 days Instructor Led. About this Course.

A Layperson s Guide To DoS Attacks

DDoS Protection Technology White Paper

Cisco Application Networking for BEA WebLogic

USING MOBILE AGENTS TO IMPROVE PERFORMANCE OF NETWORK MANAGEMENT OPERATIONS

Cisco IPS 4200 Series Sensors

Current and Future Research into Network Security Prof. Madjid Merabti

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

OPNET Network Simulator

International Journal of Enterprise Computing and Business Systems ISSN (Online) :

SURE 5 Zone DDoS PROTECTION SERVICE

Castelldefels Project: Simulating the Computer System that Gives Support to the Virtual Campus of the Open University of Catalonia

Exploiting peer group concept for adaptive and highly available services

Network & Agent Based Intrusion Detection Systems

Introduction to Sun ONE Application Server 7

UNMASKCONTENT: THE CASE STUDY

Core Solutions of Microsoft Lync Server 2013

Lab 3: Evaluating Application Performance across a WAN

Internet Firewall CSIS Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS net15 1. Routers can implement packet filtering

Monitoring WAAS Using Cisco Network Analysis Module. Information About NAM CHAPTER

Performance Evaluation of VANETs with Multiple Car Crashes in Different Traffic Conditions

A Multi-Objective Optimisation Approach to IDS Sensor Placement

Analysis of IP Network for different Quality of Service

How To Communicate With A Notification System

Birdstep Intelligent Mobile IP Client v2.0, Universal Edition. Seamless secure mobility across all networks. Copyright 2002 Birdstep Technology ASA

Implementing the Application Control Engine Service Module

The flow back tracing and DDoS defense mechanism of the TWAREN defender cloud

Including Real Networking Hardware in the Modeling and Simulation (M&S) Environment.

Improving Web Application Firewall Testing (WAF) for better Deployment in Production Networks January 2009 OWASP Israel

WiMAX System-Level Simulation for Application Performance Analysis

Decomposition into Parts. Software Engineering, Lecture 4. Data and Function Cohesion. Allocation of Functions and Data. Component Interfaces

Huawei One Net Campus Network Solution

How To Understand The History Of The Network And Network (Networking) In A Network (Network) (Netnet) (Network And Network) (Dns) (Wired) (Lannet) And (Network Network)

Cisco IOS Flexible NetFlow Technology

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Suricata IDS. What is it and how to enable it

Distributed Systems. 23. Content Delivery Networks (CDN) Paul Krzyzanowski. Rutgers University. Fall 2015

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise hours teaching time

IPTV AND VOD NETWORK ARCHITECTURES. Diogo Miguel Mateus Farinha

Open-Source Software Toolkit for Network Simulation and Modeling

packet retransmitting based on dynamic route table technology, as shown in fig. 2 and 3.

DiDDeM: A System for Early Detection of TCP SYN Flood Attacks

Strengths and Limitations of Nagios as a Network Monitoring Solution

SBSCET, Firozpur (Punjab), India

Agenda. Understanding of Firewall s definition and Categorization. Understanding of Firewall s Deployment Architectures

IP SLAs Overview. Finding Feature Information. Information About IP SLAs. IP SLAs Technology Overview

Home Networking Evaluating Internet Connection Choices for a Small Home PC Network

MPLS provides multi-site solution

EXPERIENCES PARALLELIZING A COMMERCIAL NETWORK SIMULATOR

A STUDY OF THE BEHAVIOUR OF THE MOBILE AGENT IN THE NETWORK MANAGEMENT SYSTEMS

Cisco Network Foundation Protection Overview

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

Service Description DDoS Mitigation Service

Microsegmentation Using NSX Distributed Firewall: Getting Started

Core Solutions of Microsoft Lync Server 2013

SWOON: A Testbed for Secure Wireless Overlay Networks

Software Defined Networking to Improve Mobility Management Performance

Specific recommendations

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

Transcription:

IU-ATC Network Security and Resilience Monitoring (Theme 4) Policy-driven Resilience Simulator Alberto Schaeffer-Filho, Paul Smith and Andreas Mauthe Lancaster University India-UK Centre of Excellence in Next Generation Networks EPSRC-DST Project Workshop, Mysore January 25 th -26 th, 2011

Introduction Basic idea Difficult to evaluate resilience strategies Involve the interplay between a number of detection and remediation mechanisms Must be activated on demand, according to events observed in the network Integrate network simulator and Policy framework Simulation of policy-based resilience strategies Policies applied based on conditions observed during run-time High link utilisation Malicious attacks Equipment failures Observe how policies affect operation of simulated components Understand how real policies affect the operation of resilience mechanisms Evaluate resilience strategies before deployment in the network, e.g. routers Gamer & Mayer, 2009: Integrated detection mechanisms into network simulator Our work is complementary, but focuses on remediation 2

Policy-based Management Management of network components in the infrastructure Decouple hard-wired implementation from the management strategy Modify management strategy without interrupting system operation Reconfiguration of operational parameters Dynamic activation/deactivation of mechanisms P. Smith, A. Schaeffer-Filho, A. Ali, M. Schöller, N. Kheir, A. Mauthe and D. Hutchison. "Strategies for Network Resilience: Capitalising on Policies". In: 4th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2010), Springer, ser. LNCS. Zurich, Switzerland. June 2010. 3

Policy-driven Network Simulation Objects in simulation can be manipulated Setting flags, dropping connections, adding extra delay to packets, etc Evaluate effects of remediation mechanisms Integration techniques (Mayer & Gamer, 2008) Socket connection Sockets in simulation connect to third-party app No source code changes CPU/synchronisation problems Source code integration Only for simple applications No time distortions Difficult due to build dependencies Shared libraries Similar to source code integration Separated building environments Thread scheduling problems A. Schaeffer-Filho, P. Smith and A. Mauthe. Policy-driven Network Simulation: a Resilience Case Study. To appear in: 26th ACM Symposium on Applied Computing (SAC 2011), ACM, Taichung, Taiwan. March 2011. 4

Network Simulators NS-2 High coupling between C++ and Otcl, steep learning curve, poor scalability Extensible library of public available network models NS-3 Major revision, focus on scalability, extensibility and modularity Still short of network models OMNeT++ Modular, extensible Good scalability and large library of network models SSFNet Implementations both in Java and C++, large number of models Discontinued in 2004 OPNET Source code of simulator is not publicly available Hard to extend to implement resilience mechanisms 5

Prototype Integration between OMNeT++/SSFNet and Ponder2 framework Ponder2 Both obligation and authorisation policies Policies written in terms of managed objects, kept in a domain structure Different communication protocols supported, e.g. RMI, HTTP Command interpreter and PonderTalk for configuration and control OMNeT++ Modelling and simulation of networks at and above link layer Realistic topologies, generation of background and attack traffic (ReaSE) Self-similar behaviour: different traffic profiles, such as Web traffic, name server traffic, and streaming traffic Resilience mechanisms: instrumented objects in the simulation Link monitor, flow exporter, rate limiter, IDS, etc Mechanisms export a management interface as a call-back proxy 6

Prototype Integration between OMNeT++/SSFNet and Ponder2 framework Instrumented objects in the simulation Most are additions to the standard Router module Integration based on XMLRPC Simulation platform that permits Experiment different topologies Analysis of anomaly scenarios Implement resilience strategies adapttohigh := factory/ecapolicy create. adapttohigh event: event/highutil. adapttohigh condition: [ :value value >= 75 ]. adapttohigh action: [rate_limiter_xyz setbitrate: 0.001. ]. 7

Prototype Policy-based DDoS remediation Topology: 2 stub Autonomous Systems connected by 1 transit AS Victim AS attacked by 35 DDoSZombie hosts 1000 hosts generate background traffic to a number of other servers Resilience functions carried out at the edge of the AS network Progressive detection and tailored remediation of the attack Attack starts Rate limit the entire link Rate limit all traffic towards the victim Rate limit only the attack flow All attack flows is successfully classified 8

Demonstration Instructions online Download, installation, running (OMNeT++ & Ponder2) Straightforward to change policies in Ponder2 Activate/deactivate policies Adapt their thresholds Observe how these different policies adapt the network behaviour More interesting extensions Development of additional policy-enabled modules Available at: https://forge.comp.lancs.ac.uk/ hosted/resilience/policy-resilience-simulator/ 9

Related Publications C. Peoples, G. Parr, A. Schaeffer-Filho and A. Mauthe, Towards the Simulation of Energy- Efficient Resilience Management. To appear in: 4th International ICST Conference on Simulation Tools and Techniques (SIMUTools 2011), ACM/ICST, Barcelona, Spain. March 2011. A. Schaeffer-Filho, P. Smith and A. Mauthe. Policy-driven Network Simulation: a Resilience Case Study. To appear in: 26th ACM Symposium on Applied Computing (SAC 2011), ACM, Taichung, Taiwan. March 2011. P. Smith, A. Schaeffer-Filho, A. Ali, M. Schöller, N. Kheir, A. Mauthe and D. Hutchison. "Strategies for Network Resilience: Capitalising on Policies". In: 4th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2010), Springer, ser. LNCS. Zurich, Switzerland. June 2010. A. Ali, A. Schaeffer-Filho, P. Smith and D. Hutchison. "Justifying a Policy Based Approach for DDoS Remediation: A Case Study". In: 11th Annual PostGraduate Symposium on the Convergence of Telecommunications, Networking and Broadcasting (PGNet 2010), Liverpool, UK. June 2010. 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information