Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22–25, 2017, Proceedings

Research Article

TH : Topology-Based Host-Level Attribution for Multi-stage Attacks in Enterprise Systems Using Software Defined Networks

Download
191 downloads
Cite
BibTeX Plain Text
  • @INPROCEEDINGS{10.1007/978-3-319-78813-5_36,
    author={Subramaniyam Kannan and Paul Wood and Larry Deatrick and Patricia Beane and Somali Chaterji and Saurabh Bagchi},
    title={TH : Topology-Based Host-Level Attribution for Multi-stage Attacks in Enterprise Systems Using Software Defined Networks},
    proceedings={Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22--25, 2017, Proceedings},
    proceedings_a={SECURECOMM},
    year={2018},
    month={4},
    keywords={Multi-stage attacks Attack attribution Software defined network Moving target defense},
    doi={10.1007/978-3-319-78813-5_36}
}
  • Subramaniyam Kannan
    Paul Wood
    Larry Deatrick
    Patricia Beane
    Somali Chaterji
    Saurabh Bagchi
    Year: 2018
    TH : Topology-Based Host-Level Attribution for Multi-stage Attacks in Enterprise Systems Using Software Defined Networks
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-78813-5_36
Subramaniyam Kannan1,*, Paul Wood1,*, Larry Deatrick2,*, Patricia Beane2,*, Somali Chaterji1,*, Saurabh Bagchi1,*
  • 1: Purdue University
  • 2: Northrop Grumman
*Contact email: kannan5@purdue.edu, pwood@purdue.edu, larry.deatrick@ngc.com, Patricia.Beane@ngc.com, schaterji@purdue.edu, sbagchi@purdue.edu

Abstract

Multi-layer distributed systems, such as those found in corporate systems, are often the target of multi-stage attacks. Such attacks utilize multiple victim machines, in a series, to compromise a target asset deep inside the corporate network. Under such attacks, it is difficult to identify the upstream attacker’s identity from a downstream victim machine because of the mixing of multiple network flows. This is known as the attribution problem in security domains. We present , a system that solves such attribution problems for multi-stage attacks. It does this by using moving target defense, , shuffling the assignment of clients to server replicas, which is achieved through software defined networking. As alerts are generated, maintains state about the level of risk for each network flow and progressively isolates the malicious flows. Using a simulation, we show that can identify single and multiple attackers in a variety of systems with different numbers of servers, layers, and clients.

Keywords
Multi-stage attacks Attack attribution Software defined network Moving target defense
Published
2018-04-26
Appears in
SpringerLink
http://dx.doi.org/10.1007/978-3-319-78813-5_36
Copyright © 2017–2024 EAI
EAI Logo

About EAI

Community

Publish with EAI