Intelligent network survivability tools

智能网络生存工具

• 批准号: 227441-2009
• 负责人: Ghorbani, AliAkbar
• 金额: $ 2.19万
• 依托单位: University of New Brunswick
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2012
• 资助国家: 加拿大
• 起止时间: 2012-01-01 至 2013-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=503276
• 关键词: Intelligent; network; survivability; tools

Most medium and large-scale network infrastructures include multiple high-speed connections to the Internet and support many customer collaborative networks; thousands of internal users and various web servers. Many of these systems are faced with an ever-increasing likelihood of unplanned downtime due to various attacks and security breaches. In order to adequately protect these networks there is a critical need to be able to deliver systems that can automatically detect intrusion patterns and performance bottlenecks, and automatically defend themselves. Due to the exponential growth in size, distribution, and complexity of communication networks, current intrusion detection/prevention technologies are not very effective against new attacks and have severe limitations as far as performance, scalability, and flexibility are concerned. Moreover, the improvements to these systems are often too slow and too little to keep up with the innovations by the attackers. The main drawbacks of the current intrusion detection systems are: 1) the large number of false positives; 2) the inability to detect unknown attacks; and, 3) the inability to properly assess the relative danger of the misuse and provide an appropriate response. There is a general consensus that the primary focus of the intrusion detection technologies must be: a) to reduce the rate of false positives; b) to develop non-signature-based intrusion detection methods; and, c) work on prevention instead of detection. The primary objective of our research work is to identify a bank of models/tools/techniques that are well suited to address the above shortcomings. We will focus on developing: 1) algorithms for automatically detecting anomalies in flow or event streams; 2) automated rules tuning, learning and adaptation; 3) alert correlation and creation of graphs for multi-stage attacks; 4) automatic discovery of network applications; and, 5) simulation of network attacks. A tool which allows simulation of attacks and `what-if' and `did you know' scenarios to identify security loopholes and assess preparedness, and is of great interest to network administrators.

大多数中型和大型网络基础设施都包括多个到互联网的高速连接，并支持许多客户协作网络;数千名内部用户和各种Web服务器。由于各种攻击和安全漏洞，这些系统中的许多都面临着不断增加的计划外停机的可能性。 为了充分保护这些网络，迫切需要能够提供能够自动检测入侵模式和性能瓶颈并自动进行自我保护的系统。由于通信网络的规模、分布和复杂性呈指数级增长，当前的入侵检测/预防技术对新的攻击不是非常有效，并且就性能、可扩展性和灵活性而言具有严重的限制。此外，对这些系统的改进往往太慢，太少，无法跟上攻击者的创新。当前入侵检测系统的主要缺点是：1）大量的误报; 2）无法检测未知的攻击;以及3）无法正确地评估误用的相对危险并提供适当的响应。人们普遍认为，入侵检测技术的主要重点必须是：a）降低误报率; B）开发非基于特征的入侵检测方法;以及c）致力于预防而不是检测。我们的研究工作的主要目标是确定一个银行的模型/工具/技术，非常适合解决上述缺点。我们将重点发展：1）用于自动检测流或事件流中的异常的算法; 2）自动规则调整、学习和自适应; 3）警报关联和针对多阶段攻击的图的创建; 4）网络应用的自动发现;以及，5）网络攻击的模拟。 一种工具，允许模拟攻击和“假设”和“你知道吗"的情况，以确定安全漏洞和评估准备情况，网络管理员对此非常感兴趣。