NRT: Collaborative Research: Testing and Benchmarking Methodologies for Future Network Security Mechanisms

NRT：协作研究：未来网络安全机制的测试和基准测试方法

• 批准号: 0335290
• 负责人: Vern Paxson
• 金额: --
• 依托单位: International Computer Science Institute
• 依托单位国家: 美国
• 项目类别: Cooperative Agreement
• 财政年份: 2003
• 资助国家: 美国
• 起止时间: 2003-09-01 至 2007-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0335290&HistoricalAwards=false
• 关键词: NRT; Collaborative; Research; Testing; Benchmarking

Networks and computer systems are becoming increasingly attractive targets to large-scale programmedattacks such as worms and Distributed Denial of Service attacks (DDoS), which can compromise a vastnumber of vulnerable targets in a few minutes. Critical end-user applications vulnerable to such attacksinclude e-commerce, e-medicine, command-and-control applications, video surveillance and tracking, andmany other applications. While there is a growing body of research techniques, prototypes, and commercialproducts that purport to protect these applications and the network infrastructure on which they rely, thereis little existing scientific methodology by which to objectively evaluate the merits of such claims. Moreover,thorough testing of a defense system for worms or for attacks on the infrastructure cannot be evaluatedsafely on a live network without affecting its operation.To make rapid advancements in defending against these and future attacks, the state of the art in theevaluation of network security mechanisms must be improved. This will require the emergence of large-scalesecurity testbeds coupled with new standards for testing and benchmarking that can make these testbedstruly useful. Current shortcomings and impediments to evaluating network security mechanisms include lackof scientific rigor;lack of relevant and representative network data;inadequate models of defense mechanisms;and inadequate models of both the network and the transmitted data (benign and attack traffic). The latteris challenging because of the complexity of interactions among traffic, topology and protocols.The researchers propose to develop thorough, realistic,and scientifically rigorous testing frameworks and methodologies for particular classes of network attacks and defense mechanisms. These testing frameworks will be adapted for different kinds of testbeds, including simulators such as NS, emulation facilities such as Emulab, and both small and large hardware testbeds. They will include attack scenarios; attack simulators;generators for topology and background traffic; data sets derived from live traffic; and tools to monitor andsummarize test results. These frameworks will allow researchers to experiment with a variety of parameters representing the network environment, attack behaviors, and the configuration of the mechanisms under test.In addition to developing testing frameworks, the researchers propose to validate them by conducting tests on representative network defense mechanisms. Defense mechanisms of interest include network-based Intrusion Detection Systems (IDS); automated attack traceback mechanisms;t raffic rate-limiting to control DDoS attacks; and mechanisms to detect large-scale worm attacks. Conducting these tests will require incorporating real defense mechanisms into a testbed, and applying and evaluating frameworks and methodologies. Conducting these tests will also help us to ensure that the testbed framework allows other researchers to easily integrate and test network defense echanisms of their own.The research team includes experts in security, networking, data analysis, software engineering, and operating systems who are committed to developing these challenging integrated testing frameworks.Intellectual Merit: The development of testing methodologies for network defense mechanisms requiressignificant advances in our understanding of network attacks and the interactions between attacks and theirenvironment including:deployed defense technology, traffic, topology, protocols, and applications. It willalso require advances in our understanding of metrics for evaluating defenses.Education: The research into testing methodologies for network defense mechanisms will involve graduate students and provide new curriculum material for universities.Broader Impact: By providing new testing frameworks, the work will accelerate improvements innetwork defense mechanisms and facilitate their evaluation and deployment. The researchers will hold yearly workshops to disseminate results and obtain community feedback.

网络和计算机系统正成为越来越有吸引力的大规模程序攻击目标，如蠕虫和分布式拒绝服务攻击（DDoS），这些攻击可以在几分钟内危害大量易受攻击的目标。易受此类攻击的关键终端用户应用程序包括电子商务、电子医疗、命令和控制应用程序、视频监控和跟踪以及许多其他应用程序。虽然有越来越多的研究技术、原型和商业产品声称要保护这些应用程序及其所依赖的网络基础设施，但几乎没有现有的科学方法来客观地评估这些主张的价值。此外，对蠕虫或基础设施攻击的防御系统的彻底测试无法在不影响其运行的情况下在真实网络上进行安全评估。为了在防御这些和未来攻击方面取得快速进步，必须改进网络安全机制评估的最新技术。这将需要出现大规模的安全测试平台，以及新的测试和基准测试标准，使这些测试平台变得非常有用。目前评估网络安全机制的缺陷和障碍包括缺乏科学严谨性;缺乏相关和代表性的网络数据;防御机制模型不足;网络和传输数据（良性和攻击流量）模型不足。后者是具有挑战性的，因为流量，拓扑结构和协议之间的相互作用的复杂性。研究人员建议为特定类别的网络攻击和防御机制开发全面，现实和科学严格的测试框架和方法。这些测试框架将适用于不同类型的测试平台，包括NS等模拟器，Emulab等仿真设施，以及小型和大型硬件测试平台。它们将包括攻击场景;攻击模拟器;拓扑和背景流量生成器;来自实时流量的数据集;以及监控和总结测试结果的工具。这些框架将允许研究人员对代表网络环境、攻击行为和被测机制配置的各种参数进行实验。除了开发测试框架外，研究人员还建议通过对代表性网络防御机制进行测试来验证它们。 感兴趣的防御机制包括基于网络的入侵检测系统（IDS）;自动攻击追溯机制;控制DDoS攻击的速率限制;以及检测大规模蠕虫攻击的机制。进行这些测试将需要将真实的防御机制纳入测试平台，并应用和评估框架和方法。进行这些测试也将帮助我们确保测试床框架允许其他研究人员轻松地集成和测试他们自己的网络防御机制。研究团队包括安全、网络、数据分析、软件工程和操作系统方面的专家，他们致力于开发这些具有挑战性的集成测试框架。网络防御机制的测试方法的发展需要我们对网络攻击以及攻击和它们之间的相互作用的理解有显著的进步，包括：部署的防御技术、流量、拓扑、协议和应用。教育：网络防御机制测试方法的研究将涉及研究生，并为大学提供新的课程材料。更广泛的影响：通过提供新的测试框架，这项工作将加速网络防御机制的改进，并促进其评估和部署。研究人员将每年举办研讨会，传播研究结果并获得社区反馈。