NRT: Collaborative research: Testing and Benchmarking Methodologies for Future Network Security Mechanisms

NRT：协作研究：未来网络安全机制的测试和基准测试方法

• 批准号: 0335241
• 负责人: George Kesidis
• 金额: --
• 依托单位: Pennsylvania State Univ University Park
• 依托单位国家: 美国
• 项目类别: Cooperative Agreement
• 财政年份: 2003
• 资助国家: 美国
• 起止时间: 2003-09-01 至 2008-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0335241&HistoricalAwards=false
• 关键词: NRT; Collaborative; research; Testing; Benchmarking

Networks and computer systems are becoming increasingly attractive targets to large-scale programmedattacks such as worms and Distributed Denial of Service attacks (DDoS), which can compromise a vastnumber of vulnerable targets in a few minutes. Critical end-user applications vulnerable to such attacksinclude e-commerce, e-medicine, command-and-control applications, video surveillance and tracking, andmany other applications. While there is a growing body of research techniques, prototypes, and commercialproducts that purport to protect these applications and the network infrastructure on which they rely, thereis little existing scientific methodology by which to objectively evaluate the merits of such claims. Moreover,thorough testing of a defense system for worms or for attacks on the infrastructure cannot be evaluatedsafely on a live network without affecting its operation.To make rapid advancements in defending against these and future attacks, the state of the art in theevaluation of network security mechanisms must be improved. This will require the emergence of large-scalesecurity testbeds coupled with new standards for testing and benchmarking that can make these testbedstruly useful. Current shortcomings and impediments to evaluating network security mechanisms include lackof scientific rigor;lack of relevant and representative network data;inadequate models of defense mechanisms;and inadequate models of both the network and the transmitted data (benign and attack traffic). The latteris challenging because of the complexity of interactions among traffic, topology and protocols.The researchers propose to develop thorough, realistic,and scientifically rigorous testing frameworks and methodologies for particular classes of network attacks and defense mechanisms. These testing frameworks will be adapted for different kinds of testbeds, including simulators such as NS, emulation facilities such as Emulab, and both small and large hardware testbeds. They will include attack scenarios; attack simulators;generators for topology and background traffic; data sets derived from live traffic; and tools to monitor andsummarize test results. These frameworks will allow researchers to experiment with a variety of parameters representing the network environment, attack behaviors, and the configuration of the mechanisms under test.In addition to developing testing frameworks, the researchers propose to validate them by conducting tests on representative network defense mechanisms. Defense mechanisms of interest include network-based Intrusion Detection Systems (IDS); automated attack traceback mechanisms;t raffic rate-limiting to control DDoS attacks; and mechanisms to detect large-scale worm attacks. Conducting these tests will require incorporating real defense mechanisms into a testbed, and applying and evaluating frameworks and methodologies. Conducting these tests will also help us to ensure that the testbed framework allows other researchers to easily integrate and test network defense echanisms of their own.The research team includes experts in security, networking, data analysis, software engineering, and operating systems who are committed to developing these challenging integrated testing frameworks.Intellectual Merit: The development of testing methodologies for network defense mechanisms requiressignificant advances in our understanding of network attacks and the interactions between attacks and theirenvironment including:deployed defense technology, traffic, topology, protocols, and applications. It willalso require advances in our understanding of metrics for evaluating defenses.Education: The research into testing methodologies for network defense mechanisms will involve graduate students and provide new curriculum material for universities.Broader Impact: By providing new testing frameworks, the work will accelerate improvements innetwork defense mechanisms and facilitate their evaluation and deployment. The researchers will hold yearly workshops to disseminate results and obtain community feedback.

网络和计算机系统正成为蠕虫和分布式拒绝服务攻击(DDoS)等大规模程序攻击的越来越有吸引力的目标，这些攻击可以在几分钟内危及大量易受攻击的目标。易受此类攻击的关键最终用户应用包括电子商务、电子医疗、指挥和控制应用、视频监控和跟踪以及许多其他应用。虽然越来越多的研究技术、原型和商业产品声称要保护这些应用程序及其所依赖的网络基础设施，但现有的科学方法几乎没有用来客观评估这种说法的优点。此外，彻底测试一个防御系统的蠕虫或对基础设施的攻击，不可能在不影响其运行的情况下在实时网络上进行安全评估。要在防御这些攻击和未来攻击方面取得快速进展，必须提高网络安全机制评估的最新水平。这将需要出现大规模的安全试验台，并辅之以新的测试和基准标准，使这些试验台非常有用。目前评估网络安全机制的缺陷和障碍包括缺乏科学严谨性；缺乏相关和代表性的网络数据；防御机制模型不足；网络和传输的数据(良性流量和攻击流量)模型不足。后者具有挑战性，因为流量、拓扑和协议之间相互作用的复杂性。研究人员建议针对特定类别的网络攻击和防御机制开发全面、现实和科学严格的测试框架和方法。这些测试框架将适用于不同类型的试验台，包括NS等模拟器、Emulab等仿真设施以及小型和大型硬件试验台。它们将包括攻击场景；攻击模拟器；拓扑和背景流量生成器；从实时流量派生的数据集；以及监控和汇总测试结果的工具。这些框架将允许研究人员使用代表网络环境、攻击行为和被测机制配置的各种参数进行实验。除了开发测试框架外，研究人员还建议通过对典型的网络防御机制进行测试来验证它们。重要的防御机制包括基于网络的入侵检测系统(IDS)；自动攻击回溯机制；用于控制DDoS攻击的流量速率限制；以及检测大规模蠕虫攻击的机制。进行这些测试将需要将真正的防御机制纳入试验台，并应用和评估框架和方法。进行这些测试还将帮助我们确保试验台框架允许其他研究人员轻松地集成和测试他们自己的网络防御机制。研究团队包括安全、网络、数据分析、软件工程和操作系统方面的专家，他们致力于开发这些具有挑战性的集成测试框架。智力优势：网络防御机制测试方法的发展要求我们在理解网络攻击以及攻击与其环境之间的相互作用方面取得重大进展，包括：部署的防御技术、流量、拓扑、协议和应用。教育：网络防御机制测试方法的研究将涉及研究生，并为大学提供新的课程材料。广泛影响：通过提供新的测试框架，这项工作将加速网络防御机制的改进，并促进其评估和部署。研究人员将每年举办研讨会，传播成果并获得社区反馈。