Salvatore D'Antonio INTERSECTION_EU-Canadax

decisioncrunchΔίκτυα και Επικοινωνίες

20 Νοε 2013 (πριν από 3 χρόνια και 7 μήνες)

73 εμφανίσεις

Effective
Countermeasures
Against Emerging
Threats in the Future
Internet

Salvatore
D’Antonio

Consorzio Interuniversitario Nazionale per l’Informatica

Canada
-
EU

Future Internet Workshop

March 23
-
24, 2011


Waterloo, Canada


EC Grant Agreement n. 216585

Project overview



IN
-
TE
-
R
-
SE
-
C
-
T
-
I
-
O
-
N

:
IN
frastructure

for
he
TE
rogeneous
,
R
esilient,
SE
cure
,
C
omplex,
T
ightly
I
nter
-
O
perating
N
etworks


ICT
Call

1
of

Seventh

Framework

Programme

(FP7)


Work programme topic addressed



Challenge 1: Pervasive and Trusted Network and Service
Infrastructures


Objective
ICT
-
2007.1.4: Secure, dependable and trusted
infrastructures


Start date: January 1st, 2008


Duration: 24 months

EC Grant Agreement n. 216585


Security and resilience in network infrastructures


Design of scalable, secure and resilient network architectures
in order to enable


dynamic management policies ensuring end

to
-
end secure data
transmission and service provisioning across heterogeneous
infrastructures and networks;


real time detection and recovery capabilities against intrusions,
malfunctions and failures


Trusted computing infrastructures


Design of computing infrastructures enabling interoperability
and end
-
to
-
end security in order to ensure the design and
development of trustworthy applications and services


Context

EC Grant Agreement n. 216585

The Consortium

ACADEMY


Consorzio Interuniversitario Nazionale per
l’Informatica [Italy]


Lancaster University [UK]


Fraunhofer Gesellschaft Zur Foerderung Der
Angewandten Forschung [Germany]


Eidgenoessische Technische Hochschule
Zuerich [Switzerland]


INDUSTRY


Elsag Datamat (Coordinator) [Italy]


Thales Research and Technology [UK]


ITTI
(SME)

[Poland]


END USERS


Telefonica ID Investigación y Desarollo [Spain]


Telespazio [Italy]


Polska Telefonia Cyfrowa [Poland]

EC Grant Agreement n. 216585

Project motivation

EC Grant Agreement n. 216585


Identify and classify the vulnerabilities of heterogeneous and
interconnected network infrastructures (wired, wireless,
satellite, mobile networks)


Create and maintain a network vulnerability database


Design and implement an integrated network security
framework including different components and tools:


detecting anomalous events


reacting to well
-
known, as well as new kinds of anomalies


deploying truly distributed countermeasures against ongoing
attacks


providing systems with mechanisms for intrusion tolerance, i.e.
preventing intrusions from generating a system failure





Main

objectives

EC Grant Agreement n. 216585


INTERSECTION Vulnerability Database

EC Grant Agreement n. 216585

The INTERSECTION
framework

EC Grant Agreement n. 216585

Remediation

Reaction

Detection

Visualization

Network

Monitoring

The real
-
time intrusion detection and tolerance
system

EC Grant Agreement n. 216585


The INTERSECTION Intrusion Detection System

E

v

e

n

t

B

u

s

EC Grant Agreement n. 216585


Stealth

attacks



“minimize the cost to and visibility of the attacker but
which are about as harmful as brute force attacks”
(wireless)


M.
Jakobsson

et al., Stealth Attacks on Ad
Hoc Wireless Networks, 2003


“become invisible (or at least very difficult to detect) to
network
-
based defences”


A. D.
Keromytis

et al.,
Defending Against Next Generation through
Network/Endpoint Collaboration and Interaction, 2007

Use

case: detection
of

stealth

attacks

EC Grant Agreement n. 216585


Good candidate as Stealth Attack


“The low
-
rate attack raises serious concern because it
can be significantly harder to detect than more traditional
brute
-
force, flooding style attacks”



H. Sun et al.,
Defending Against Low
-
rate TCP Attacks: Dynamic
Detection and Protection, 2004


“low
-
rate denial of service attacks, unlike high
-
rate
attacks, are difficult for routers and counter
-
DoS

mechanisms to detect”



E. Knightly et al., Low
-
rate TCP
-
targeted denial of service attacks and counter strategies,
2006


Low
-
rate

DoS

attack

EC Grant Agreement n. 216585


Short traffic bursts


maliciously chosen duration


maliciously chosen low frequency


Evade rate
-
controlling detection mechanisms


Periodically keeps the network very busy


Influences the TCP congestion control mechanisms of hosts
sharing network segments between the attacker and the
attack target


Throttles other TCP flows' rate far below their ideal value


Detection of stealth attacks

EC Grant Agreement n. 216585


Generate traffic traces including low
-
rate attacks


Shrew attack tools


Define traffic metrics for behavioural modelling


Statistical parameters


Extract behaviour patterns for attack classification


Machine learning algorithms


Detection approach

EC Grant Agreement n. 216585


Feature vectors computation through traces processing


Ad
-
hoc developed Snort plug
-
in


Feature vectors classification


Traffic model extraction by means of several supervised
machine learning algorithms


Decision Tree J48


SVM


Bayesian Network


Boosting


Model extraction

EC Grant Agreement n. 216585

The INTERSECTION
demonstrator

EC Grant Agreement n. 216585

Contacts


Website :
http://www.intersection
-
project.eu


Information :
info@intersection
-
project.eu

Project Coordinator: Stefano
Vertechi

svertechi@selex
-
si.com

Technical
Coordinator :
Salvatore
D’Antonio

salvatore.dantonio@uniparthenope.it


Networking Station 29 @ EU
-
Canada Future Internet Workshop