A Biologically Inspired Approach to Network Vulnerability Identification



Similar documents
Network Mission Assurance

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement... 2

National Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement Exit Conference...

CyberNEXS Global Services

GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Information Security Attack Tree Modeling for Enhancing Student Learning

SANS Top 20 Critical Controls for Effective Cyber Defense

The SIEM Evaluator s Guide

Technical Testing. Network Testing DATA SHEET

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

Critical Controls for Cyber Security.

Penetration Testing Services. Demonstrate Real-World Risk

Lumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

Footprinting and Reconnaissance Tools

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Critical Security Controls

Penetration Testing. Types Black Box. Methods Automated Manual Hybrid. oless productive, more difficult White Box

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

Security and Access Control Lists (ACLs)

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro)

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Information Security Services

Metrics Suite for Enterprise-Level Attack Graph Analysis

Obtaining Enterprise Cybersituational

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CRYPTUS DIPLOMA IN IT SECURITY

Commissioners Irving A. Williamson, Chairman Daniel R. Pearson Shara L. Aranoff Dean A. Pinkert David S. Johanson Meredith M.

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Technical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments

Penetration Testing //Vulnerability Assessment //Remedy

NETWORK PENETRATION TESTING

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

Understanding Security Testing

Virtual Learning Tools in Cyber Security Education

How To Test For Security On A Network Without Being Hacked

Hackers are here. Where are you?

Passive Vulnerability Detection

When Recognition Matters THE COMPARISON OF PROGRAMS FOR NETWORK MONITORING.

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

Complete Web Application Security. Phase1-Building Web Application Security into Your Development Process

Extreme Networks Security Analytics G2 Risk Manager

Penetration Testing. Presented by

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur

TOPOLOGIES NETWORK SECURITY SERVICES

Defending Against Data Beaches: Internal Controls for Cybersecurity

Goals. Understanding security testing

Ethical Hacking Course Layout

Advanced Threat Protection with Dell SecureWorks Security Services

Protecting against cyber threats and security breaches

Need for Database Security. Whitepaper

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #50

CEH Version8 Course Outline

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

Course Title: Penetration Testing: Network & Perimeter Testing

13 Ways Through A Firewall

Practical Steps To Securing Process Control Networks

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Cyber R &D Research Roundtable

INTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE:

Vulnerability management lifecycle: defining vulnerability management

Visualization, Modeling and Predictive Analysis of Internet Attacks. Thermopylae Sciences + Technology, LLC

Detecting rogue systems

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

How To Manage Security On A Networked Computer System

Penetration Testing Report Client: Business Solutions June 15 th 2015

IBM QRadar Security Intelligence April 2013

Triangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace

CHAPTER 20 CRYPTOLOGIC TECHNICIAN (CT) NAVPERS K CH-63

Wasting Money on the Tools? Automating the Most Critical Security Controls. Mason Brown Director, The SANS Institute

Cisco Advanced Services for Network Security

13 Ways Through A Firewall What you don t know will hurt you

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Attack Intelligence: Why It Matters

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

A Review on Zero Day Attack Safety Using Different Scenarios

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Tk20 Network Infrastructure

Information Technology Risk Management

Concierge SIEM Reporting Overview

Vinny Hoxha Vinny Hoxha 12/08/2009

EC-Council Certified Security Analyst (ECSA)

Transcription:

A Biologically Inspired Approach to Network Vulnerability Identification Evolving CNO Strategies for CND Todd Hughes, Aron Rubin, Andrew Cortese,, Harris Zebrowitz Senior Member, Engineering Staff Advanced Technology Laboratories

Presentation Outline 1. Cyber Attack Workstation 2. Problem Description 3. Rule Discovery Engine 4. Virtual Network Simulator 5. Approach 6. Experiment 7. Results 8. Conclusion and Future Work 10/30/03 2

Cyber Attack Workstation Reconnaissance Reconnaissance and Attack Tool Automation Automates the process of monitoring and attacking network Provides library of intelligence gathering, penetration, and denial of service tools for use through single interface Allows user with little experience in hacking to test attack mechanisms Tool Options Account for for Risk Exploit Options Defense through Understanding of the Offense 10/30/03 3

Cyber Attack Workstation Is it possible to learn robust cyber reconnaissance campaigns? 10/30/03 4

Problem Description Learn robust cyber reconnaissance campaigns Use genetic algorithm and network simulation to evolve reconnaissance campaigns Facilitate automated covert reconnaissance of unknown network Benefit Automate discovery of vulnerabilities of known network Leveraged technology Virtual Network Simulator Rule Discovery Engine 10/30/03 5

Virtual Network Simulator Developed by ATL and Atlantic Consulting Services for US Army CECOM Information assurance specialist training Operational planning and vulnerability assessment Exercise support and situation awareness Capabilities Provides real-time, interactive, visual simulation to exhibit attack effects and user reconfigurations Simulates up to 50,000 node networks Faster than and equal to real-time Easy to configure and operate Simulates actual security management systems Logs, reports, and allows after action review 10/30/03 6

VNS Overall Architecture SQL Database Attack, software, OS, etc. descriptions Selects and initiates attacks Instructor VNS Attack Launcher Configures scenario Student Configures and monitors network Responds to attacks VNS Network Simulator Runtime Infrastructure (RTI) Rapidly configures and simulates tactical network scenarios Capable of modeling operationally specific layouts and displays 10/30/03 7

VNS Models Hosts Routers Bridges Relays Services Ports Firewalls IDS Attacks Wired Wireless Traffic 10/30/03 8

Rule Discovery Engine Uses genetic algorithms to evolve rules that define a control strategy Given a pool of sensory inputs and elementary behavior units, generates and catalogs behavior rules for complex situations Rules are then arbitrated and used depending on the conditions of a simulated environment Rules evolve over a series of generations, guided by a fitness function Based on ECJ (Java-based Evolutionary Computation and Genetic Programming Research System) from George Mason University 10/30/03 9

RDE-VNS Framework Behavior Pool VNS Attack Launcher RDE VNS Network Simulator Evolved Recon Strategies RDE interfaced with VNS Filled instructor role Runtime Infrastructure (RTI) RDE selected behavior rules, calculated fitness for rules, evolved subsequent rules 10/30/03 10

Approach For genetic algorithm, we developed a novel representation and sequential macro replacement scheme Each individual rule contained a series of actions Port scan Traceroute Fingerprint Time delay Network Discovered Initial IP GA Data Actions Detection Rate VNS As campaign progressed, macros dynamically replaced with network data as it was discovered 10/30/03 11

Representation Technique Each individual represented a series of action types, including time delays Use 4-bit opcodes (16 possible values) to represent each action An individual is then simply a bit string made up of a series of opcodes Each action contained macros that were dynamically replaced with data specific to the current individual i.e., network data already discovered 10/30/03 12

Fitness Assumptions Less time for an individual is better Lower detection rate is better More network information is better Higher score given for port than node information Fitness = Network Discovered Time of Run + Detection 10/30/03 13

Experiment 180 trials Two variables Three simulated networks Three intrusion detection sensitivity levels Trained GA on each network individually Trained on one, tested on other two 10/30/03 14

Results TBD 10/30/03 15

Conclusion and Future Work Conclusion Successfully demonstrated an architecture which can automatically generate an effective reconnaissance campaign Future Work Experiment with penetration attack campaigns exploiting vulnerabilities on victim network Experiment with alternative fitness function 10/30/03 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information