Network Attack and Defence: State-of- Art, Challenges, and Opportunities

Transcription

1 Network Attack and Defence: State-of- Art, Challenges, and Opportunities Dr Shui Yu ( 余水 ) School of Information Technology Deakin University, Melbourne, Australia syu@deakin.edu.au

2 About Deakin, SIT, and Melbourne Deakin University is ranked 214 worldwide by ARWU. School of IT is ranked 123 worldwide by ARWU. At SIT, we are very good at cybersecurity. Melbourne is the most liveable city in the world. We welcome outstanding students for various scholarship applications and visits.

3 Outline Introduction Cybersecurity: detection Cybersecurity: mitigation Cybersecurity: traceback Cybersecurity: privacy Q&A

4 1. Cyberspace, a not well understood space What does the cyberspace look like? What are the features of cyberspace? Many more questions than answers

5 1. Cyberspace: a heaven for intelligent criminals Cyber crime statistics ( Source of Attack Number of Attacks Russia 2,402,722 Taiwan 907,102 Germany 780,425 US Navy sees 110,000 cyber-attacks every hour, or more than 30 every single second. Top 15 Countries/Areas Where Cyber Attacks Originate in February (right table). Ukraine 566,531 Hungary 367,966 USA 355,341 Romania 350,948 Brazil 337,977 Italy 288,607 Australia 255,777 Argentina 185,720 China 168,146 Poland 162,235 Israel 143,943 Japan 133,908

6 1. Cyberspace: a heaven for intelligent criminals Why so many cyber attacks or crimes? - Extraordinary financial or political reward. - Easy to organize attacks. - Hard to be caught.

7 1. Cyberspace: a heaven for intelligent criminals Reasons for the heaven - No-security original design of the Internet. - Limited understanding of the cyberspace. - Shallow understanding of hackers.

8 1. Cybersecurity: a big deal A few recent DDoS attacks - DDoS attacks at USA before the election - DDoS attacks at Australia census night -

9 1. Cybersecurity: a big deal

10 1. Cybersecurity: a big deal

11 1. Cybersecurity, our current understanding Our understanding of the world. Englishman : What is the name of the animal? Aboriginal: Kangaroo

12 1. Cybersecurity, our current understanding Vincent Van Gogh ( ) : see the world in his own eyes.

13 1. Cybersecurity, the problems Current problems Who How Where When What Why

14 1. Cybersecurity, the problems There are three categories in cybersecurity Detection Mitigation Traceback Attack and counter-attack is an endless loop between hackers and defenders

15 2. Cybersecurity: Detection The essential issues in detection Hackers try their best to hide themselves. We need to understand our opponents Detect anomaly by unique features

16 2. Cybersecurity: Detection Malware distribution in large-scale networks - Exponential distribution at the early stage. - Power law distribution with a short exponential tail at the late stage - Power law distribution at the final stage. Shui Yu, Guofei Gu, Ahmed Barnawi, Song Guo, and Ivan Stojmenovic, "Malware Propagation in Large-Scale Networks," IEEE Transactions on Knowledge and Data Engineering, Vol. 27, Issue 1, 2015, pp

17 2. Cybersecurity: Detection We need to improve the old tools, even invent new tools, for detection. We extended the flat one layer epidemic model to two layer to better model malware propagation.

18 2. Cybersecurity: Detection Hackers are exhausting their energy to fly under the radar. - mimicking legitimate behavior to disable our detection. - e.g., DDoS attack vs Flash crowd (11.11 festival)

19 2. Cybersecurity: Detection Discriminate mimicking attack from flash crowd - It is hard to deal with mimicking attacks - The resources that hackers have usually limited - It is critical to find the features to differentiate them Shui Yu, Wanlei Zhou, Weijia Jia, Song Guo, Yong Xiang, and Feilong Tang, Discriminating DDoS Attacks from Flash Crowds Using Flow Correlation Coefficient, IEEE Transactions on Parallel and Distributed Systems, Vol. 23, Issue 6, June 2012, pp

20 2. Cybersecurity: Detection There is an essential fact - Active bots of a botnet are around 1k - Legitimate computers of a flash crowd has about 10k concurrent users We used a second order statistics method to discriminate mimicking attack from flash crowd

21 3. Cybersecurity: mitigation Mitigation is important for counter attacks. - What are the critical factors in mitigation - Is it possible? Is it affordable? - How to implement mitigation if it is possible?

22 3. Cybersecurity: mitigation The essential factors in cyber battle (e.g., in DDoS case). - It is a competition of resources - the winner is the party who has relatively more resources than the other party. Shui Yu, Song Guo, and Ivan Stojmenovic, "Fool Me If You Can: Mimicking Attacks and Anti-attacks in Cyberspace," IEEE Transactions on Computers, Vol. 64 Issue 1, 2015, pp

23 3. Cybersecurity: mitigation Following the previous finding, can we beat DDoS attacks or not? - It is very hard in the traditional Internet - But, we can in clouds. Shui Yu, Yonghong Tian, Song Guo, and Dapeng Oliver Wu, "Can We Beat DDoS Attacks in Clouds?" IEEE Transactions on Parallel and Distributed Systems, vol 25, no 9, 2014, pp

24 3. Cybersecurity: mitigation We can beat DDoS attacks in clouds in terms of resource and cost

25 4. Cybersecurity: traceback Finding the attack sources or hackers are the critical solution to remove threats. - It is hard in the non-cooperative environment of the Internet - It is hard in the heterogeneous complex systems Shui Yu, Wanlei Zhou, Robin Doss, and Weijia Jia, Traceback DDoS Attacks using Entropy Variations, IEEE Transactions on Parallel and Distributed Systems, vol. 22, No. 3, March, 2011,

26 4. Cybersecurity: traceback - The mainstream of traceback is packet marking, but it suffers a scalability problem, and therefore not feasible - We invented a flow entropy based traceback method - New methodology besides packet marking - But hard to implement in the Internet environment Shui Yu, Wanlei Zhou, Robin Doss, and Weijia Jia, Traceback DDoS Attacks using Entropy Variations, IEEE Transactions on Parallel and Distributed Systems, vol. 22, No. 3, March, 2011, pp

27 4. Cybersecurity: traceback A flow entropy based traceback method

28 4. Cybersecurity: traceback Packet marking is an effective method, but not practical due to the scalability problem. - We need to identify the problems? (How to addressed the scalability problem of packet marking?) - Study the problem deeply, and offer solutions Shui Yu, Wanlei Zhou, Song Guo, and Minyi Guo, "A Feasible IP Traceback Framework through Dynamic Deterministic Packet Marking," IEEE Transactions on Computers, Vol 65, No 5, pp

29 4. Cybersecurity: traceback We found that - Not every internet router is evolved in an attack. - Using a round-robin method to utilize the marking space resource. Shui Yu, Wanlei Zhou, Song Guo, and Minyi Guo, "A Feasible IP Traceback Framework through Dynamic Deterministic Packet Marking," IEEE Transactions on Computers, Vol 65, No 5, pp

30 4. Cybersecurity: traceback Attack source traceback in social networks. - Reverse traceback - Effective distance Jiaojiao Jiang, Sheng Wen, Shui Yu, Yang Xiang, and Wanlei Zhou, "K-center: An Approach on the Multi-source Identification of Information Diffusion," IEEE Transactions on Information Forensics and Security, vol 10, no 12, 2015, pp

31 5. Cybersecurity: privacy in big data era Privacy is new critical issue - Big data, big problem (Science, 2014) - The end of privacy in big data era (Science, 2015 January)

32 5. Cybersecurity: privacy in big data era Six blind men and an elephant our current understanding of privacy

33 5. Cybersecurity: privacy in big data era Shui Yu, Big Privacy: Challenges and Opportunities in Privacy Study in the Age of Big Data, IEEE Access, no. 4, 2016, pp

34 5. Cybersecurity: privacy in big data era Shui Yu, Big Privacy: Challenges and Opportunities in Privacy Study in the Age of Big Data, IEEE Access, no. 4, 2016, pp

35 5. Cybersecurity: privacy in big data era First Challenge: privacy measurement. I can calculate the movement of stars, but cannot measure the madness (privacy) of men

36 5. Cybersecurity: privacy in big data era Other challenges in big data privacy - personalized privacy - theoretical tools for privacy (mathematical tools, models) - privacy for trading -

37 Thank you & Questions The mentioned papers can be downloaded from the website