NRT: Collaborative research: Testing and Benchmarking Methodologies for Future Network Security Mechanisms

NRT：协作研究：未来网络安全机制的测试和基准测试方法

• 批准号: 0335241
• 负责人: George Kesidis
• 金额: --
• 依托单位: Pennsylvania State Univ University Park
• 依托单位国家: 美国
• 项目类别: Cooperative Agreement
• 财政年份: 2003
• 资助国家: 美国
• 起止时间: 2003-09-01 至 2008-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0335241&HistoricalAwards=false
• 关键词: NRT; Collaborative; research; Testing; Benchmarking

Networks and computer systems are becoming increasingly attractive targets to large-scale programmedattacks such as worms and Distributed Denial of Service attacks (DDoS), which can compromise a vastnumber of vulnerable targets in a few minutes. Critical end-user applications vulnerable to such attacksinclude e-commerce, e-medicine, command-and-control applications, video surveillance and tracking, andmany other applications. While there is a growing body of research techniques, prototypes, and commercialproducts that purport to protect these applications and the network infrastructure on which they rely, thereis little existing scientific methodology by which to objectively evaluate the merits of such claims. Moreover,thorough testing of a defense system for worms or for attacks on the infrastructure cannot be evaluatedsafely on a live network without affecting its operation.To make rapid advancements in defending against these and future attacks, the state of the art in theevaluation of network security mechanisms must be improved. This will require the emergence of large-scalesecurity testbeds coupled with new standards for testing and benchmarking that can make these testbedstruly useful. Current shortcomings and impediments to evaluating network security mechanisms include lackof scientific rigor;lack of relevant and representative network data;inadequate models of defense mechanisms;and inadequate models of both the network and the transmitted data (benign and attack traffic). The latteris challenging because of the complexity of interactions among traffic, topology and protocols.The researchers propose to develop thorough, realistic,and scientifically rigorous testing frameworks and methodologies for particular classes of network attacks and defense mechanisms. These testing frameworks will be adapted for different kinds of testbeds, including simulators such as NS, emulation facilities such as Emulab, and both small and large hardware testbeds. They will include attack scenarios; attack simulators;generators for topology and background traffic; data sets derived from live traffic; and tools to monitor andsummarize test results. These frameworks will allow researchers to experiment with a variety of parameters representing the network environment, attack behaviors, and the configuration of the mechanisms under test.In addition to developing testing frameworks, the researchers propose to validate them by conducting tests on representative network defense mechanisms. Defense mechanisms of interest include network-based Intrusion Detection Systems (IDS); automated attack traceback mechanisms;t raffic rate-limiting to control DDoS attacks; and mechanisms to detect large-scale worm attacks. Conducting these tests will require incorporating real defense mechanisms into a testbed, and applying and evaluating frameworks and methodologies. Conducting these tests will also help us to ensure that the testbed framework allows other researchers to easily integrate and test network defense echanisms of their own.The research team includes experts in security, networking, data analysis, software engineering, and operating systems who are committed to developing these challenging integrated testing frameworks.Intellectual Merit: The development of testing methodologies for network defense mechanisms requiressignificant advances in our understanding of network attacks and the interactions between attacks and theirenvironment including:deployed defense technology, traffic, topology, protocols, and applications. It willalso require advances in our understanding of metrics for evaluating defenses.Education: The research into testing methodologies for network defense mechanisms will involve graduate students and provide new curriculum material for universities.Broader Impact: By providing new testing frameworks, the work will accelerate improvements innetwork defense mechanisms and facilitate their evaluation and deployment. The researchers will hold yearly workshops to disseminate results and obtain community feedback.

网络和计算机系统正越来越有吸引力的目标对大规模编程的目标（例如蠕虫和分布式拒绝服务攻击（DDOS）），这可能会在几分钟内损害大量的弱势目标。关键的最终用户应用程序很容易受到此类攻击的攻击，包括电子商务，电子商务，指挥和控制应用程序，视频监视和跟踪，其他应用程序。尽管越来越多的研究技术，原型和商业生产旨在保护这些应用程序以及它们所依赖的网络基础架构，但几乎没有现有的科学方法来客观地评估此类主张的优点。此外，对防御系统的蠕虫或对基础设施的攻击的彻底测试不能在不影响其运营的情况下在实时网络上进行评估。要在防御这些和未来的攻击方面取得快速的进步，必须改善网络安全机制的最新技术。这将需要大规模测试床的出现，再加上用于测试和基准测试标准的新标准，这些标准可以使这些测试床位有用。当前评估网络安全机制的缺点和障碍包括缺乏科学严谨性；缺乏相关和代表性的网络数据；防御机制模型不足；网络模型和传输数据（良性和攻击流量）的模型不足。由于流量，拓扑和协议之间相互作用的复杂性，后来的挑战。研究人员建议为特定类别的网络攻击和防御机制开发彻底，现实和科学严格的测试框架和方法。这些测试框架将适用于不同类型的测试台，包括NS，仿真设施（例如Emulab）以及小型和大型硬件测试台。它们将包括攻击方案；攻击模拟器；用于拓扑和背景流量的发电机；来自实时流量的数据集；以及监视测试结果的工具。这些框架将使研究人员可以尝试各种代表网络环境，攻击行为以及正在测试的机制的配置的参数。在开发测试框架的外，研究人员建议通过对代表性网络防御机制进行测试来验证它们。 感兴趣的防御机制包括基于网络的入侵检测系统（IDS）；自动攻击追溯机制；限制限制DDOS攻击；以及检测大规模蠕虫攻击的机制。进行这些测试将需要将实际的防御机制纳入测试床，并应用和评估框架和方法论。 Conducting these tests will also help us to ensure that the testbed framework allows other researchers to easily integrate and test network defense echanisms of their own.The research team includes experts in security, networking, data analysis, software engineering, and operating systems who are committed to developing these challenging integrated testing frameworks.Intellectual Merit: The development of testing methodologies for network defense mechanisms requiressignificant advances in our understanding of network attacks and the interactions between attacks and他们的环境包括：部署国防技术，交通，拓扑，协议和应用程序。 WillaLSO需要我们对评估防御的指标的理解的进步。研究人员将举办年度研讨会，以传播结果并获得社区反馈。