texas a&m university page 1 10/10/2014 5:19:49 pm real-time traffic modeling and its application...
TRANSCRIPT
Texas A&M UniversityPage 1 04/11/23 01:16 AM
Real-Time Traffic Modeling and its Application in Network
Camouflaging
Wei Zhao, Riccardo Bettati, Nitin VaidyaDepartment of Computer Science
Texas A&M UniversityCollege Station, TX 77843-3112
[email protected] 845-5098
Texas A&M UniversityPage 2 04/11/23 01:16 AM
Outline
1. Project Overview
2. Real-Time Traffic Modeling
3. Design and Implementation of NetCamo
4. Camouflaging Other Network Entities
5. Summary
Texas A&M UniversityPage 3 04/11/23 01:16 AM
1. Project Overview
• Objectives
• Characteristics
• Major Results
Texas A&M UniversityPage 4 04/11/23 01:16 AM
Project Objectives
• Development of countermeasures for generalized
traffic analysis
• Development of countermeasures for denial of services
Texas A&M UniversityPage 5 04/11/23 01:16 AM
Characteristics of our Work
• Based on real-time traffic modeling
• Countermeasures for generalized traffic analysis:Camouflaging the network activities whileguaranteeing end-to-end delays
• Countermeasures for denial of services:Detecting DoS attacks in real-time
• Our solutions intended for wired and wireless networks
• Our solutions are upward and downward compatible
Texas A&M UniversityPage 6 04/11/23 01:16 AM
Major Results
• Developed a prototype of NetCamo/M
A middle-ware solution for dealing with traffic analysis
+ No change to current network architecture+ Efficient
• Developed a prototype of NetCamo/N
Using independent “mini routers” for camouflaging
+ No disturbance to application hosts+ To be used by Navy HiPer-D 2000
Texas A&M UniversityPage 7 04/11/23 01:16 AM
Faculty Members Wei Zhao, Riccardo Bettati, and Nitin Vaidya
Previous Results• Our bandwidth allocation method has been officially
adopted by DoD SAFENET• Two releases of NetEx tool kit:
NetEx/Basic and NetEx/Adaptation• Two best paper awards• Two U.S. patents• Support from DoD and industry: Nortel, Networks, Cisco, Myricom, Packet Engine,
and XYLAN.
The Team
Texas A&M UniversityPage 8 04/11/23 01:16 AM
The Collaborators
Government
Navy Surface Warfare Center
HiPer-D Project (Dave Marlow and Mike Masters)
Navy SPAWAR
Distributed real-time combat systems (Russell Johnston)
West Point
Camouflaging technology (Daniel Ragsdale)
Texas A&M UniversityPage 9 04/11/23 01:16 AM
Industry
Alcatel (Packet Engines and XYLAN)
High speed routers (Kim Stearns and Dennis Majeski)
Intrusion.Com
Real-time intrusion and camouflaging devices (Joe Head)
3INet
Real-time intrusion and camouflaging devices (Mike Wang)
The Collaborators
Texas A&M UniversityPage 10 04/11/23 01:16 AM
TAMU Internal
Texas Transportation Institute
ALERT Project (Cedric J. Sims)
Texas Center for Applied Technology
University XXI Project (James Wall)
The Collaborators
Texas A&M UniversityPage 11 04/11/23 01:16 AM
2. Real-Time Traffic Modeling
Motivations
To gain information on payload traffic in orderto predict the behavior of the applications and systems
* Predict the worst-case delay
* Provide profile information of payload
- on-line verification
- on-line masking
Texas A&M UniversityPage 12 04/11/23 01:16 AM
Traffic Modeling
I
I)t(t, intervalin arrived bits of #max(I)
t
1. Peak rate methodpessimistic; over-estimating delay
2. Average rate methodoptimistic; under-estimating delay
3. Timing history methodimpractical, too much information
4. Our method: the maximum rate function:
(I) can also be randomized to deal with statistical rate bounds
Texas A&M UniversityPage 13 04/11/23 01:16 AM
Traffic Modeling
Features of (I):
* It covers a wide range of applications
* It is mathematically analyzable
* It is enforceable
* It is holographic
Texas A&M UniversityPage 14 04/11/23 01:16 AM
(I) is Mathematically Analyzable
(I) (I) = ?
F*(I) = Output between t and t + I
< Input between t - d and t+I
= F(I+d) = (I+d) * (I+d)
(I) = F*(I)/I = (I+d) * (I+d)/I
Texas A&M UniversityPage 15 04/11/23 01:16 AM
(I) is Enforceable
(I) = ( + I)/ILeaky Bucket
Any traffic
I
Size of tokenbucket
Line rate
F*(I)
Texas A&M UniversityPage 16 04/11/23 01:16 AM
(I) is Holographic
(I) can be approximated by any number of points.
Assume that (I1) = then (I) is approximated by
+ min(I1, I - I
Formula can be used recursively if more points areknown.
Texas A&M UniversityPage 17 04/11/23 01:16 AM
Traffic Modeling
H1 H 2
M
Sender Receiver
ATM Switch
Protocol Analyzer
VC
M: ATM Module H: Host VC: Virtual Channel
An experiment: A workstation (H1) sends 16Mbit data per second.
Texas A&M UniversityPage 18 04/11/23 01:16 AM
Traffic Modeling
. .
Time interval I (microseconds)
0
20
40
60
80
100
120
140
160
1 10 100 1,000 10,000 100,000 1,000,000
observed
app[6]
(I)
(I)
v
alu
es in
meg
abit
s p
er s
econ
d
Peak Rate
Average Rate
Derived by our method
Observed
Texas A&M UniversityPage 19 04/11/23 01:16 AM
Applications ofReal-Time Traffic Modeling
* NetEx: Providing Delay-Guaranteed Communications
A Quorum project
Integrated with Honeywell RTARM system
* Countermeasure for Traffic Analysis
* Countermeasure for Denial Services
Texas A&M UniversityPage 20 04/11/23 01:16 AM
Preventing Traffic Analysis by RTTM
Traffic Analysis:
Obtain the mission status by observing network traffic
Our objectives:
» Camouflaging the traffic density
» Camouflaging the connectivity
Texas A&M UniversityPage 21 04/11/23 01:16 AM
Countermeasure for Traffic Analysis
Approaches
» Network flooding
» Traffic rerouting
Texas A&M UniversityPage 22 04/11/23 01:16 AM
Network Flooding
Flooding the network at right place and right time to make it appear to be constant rate network
Challenge: How much?
For link j,
i Fi,j( I ) + Sj( I ) = I
?
?
?
Texas A&M UniversityPage 23 04/11/23 01:16 AM
Traffic Rerouting
Indirect delivery of packets
Challenge: Can we still guarantee real-time delay bound?
For for connection j,
i di,,j, < Dj
Texas A&M UniversityPage 24 04/11/23 01:16 AM
Objectives
• Camouflage network activities
• Provide QoS-guaranteed communication services
• Be upward and downward compatible with existing
operating systems, applications, and network technologies
• Be scalable and evolvable
3. Design and Implementation of NetCamo
Texas A&M UniversityPage 25 04/11/23 01:16 AM
• Traffic camouflaging: rerouting and traffic padding based on real-time traffic modeling theory.
• Real-time communication: providing delay guaranteed services to applications while having traffic camouflaged
• NetCamo/M: A middle-ware solution» No change to current network architecture» Efficient
• NetCamo/N: Using independent “routers” for camouflaging» No disturbance to application hosts» To be used by Navy HiPer-D 2000
NetCamo Approaches
Texas A&M UniversityPage 26 04/11/23 01:16 AM
NetCamo/M
PayloadHost
PayloadHost
PayloadHost
PayloadHost
Network
Middle-Ware Middle-WareMiddle-WareMiddle-Ware
Texas A&M UniversityPage 27 04/11/23 01:16 AM
NetCamo/M WorkflowC
lien
tA
pp
lica
tion
s NetCamo Network
Controller
Cli
ent
Ap
pli
cati
ons
NetCamo Host
ControllerNetwork
NetCamo Host
Controller
1
5
444
4
2
3
Texas A&M UniversityPage 28 04/11/23 01:16 AM
NetCamo/M ArchitectureNetCamo Network Controller
Host Agent Host Agent
Router AgentRouter Agent
NetCamo Traffic Manager
Router Router
API
Host Manager
Cli
ent
Ap
pli
cati
ons
Traffic
Controller
H323
NetCamo Host Controller
API
Host Manager
Traffic
Controller
H323
NetCamo Host Controller
Host Host
Network
Cli
ent
Ap
pli
cati
ons
Texas A&M UniversityPage 29 04/11/23 01:16 AM
Texas A&M UniversityPage 30 04/11/23 01:16 AM
Texas A&M UniversityPage 31 04/11/23 01:16 AM
NetCamo/M Host Implementation
Texas A&M UniversityPage 32 04/11/23 01:16 AM
NetCamo/M Host Traffic Controller
Texas A&M UniversityPage 33 04/11/23 01:16 AM
NetCamo/M Testbed
Texas A&M UniversityPage 34 04/11/23 01:16 AM
NetCamo/M Testbed
Texas A&M UniversityPage 35 04/11/23 01:16 AM
NetCamo/M Results
Station 1 Station 2: CBR 250 pps (200 Direct + 50 Re-route via Station 4)
Station 1 Station 4: VBR 40pps (Direct)
Station 4 Station 1: VBR 20pps (Direct)
Station 4 Station 2: VBR 20pps (Direct)
Texas A&M UniversityPage 36 04/11/23 01:16 AM
NetCamo/N
PayloadHost
PayloadHost
PayloadHost
PayloadHost
Network
Mini Router Mini Router Mini Router Mini Router
Texas A&M UniversityPage 37 04/11/23 01:16 AM
NetCamo Mini Router
Texas A&M UniversityPage 38 04/11/23 01:16 AM
Use of NetCamo/N in HiPer-D 2000
Navy SD Base NSWC
Mini Router
Mini Router
Texas A&M UniversityPage 39 04/11/23 01:16 AM
NetCamo/N Testbed
Texas A&M UniversityPage 40 04/11/23 01:16 AM
NetCamo/N Results
Cover Mode
Payload
Dummy
Texas A&M UniversityPage 41 04/11/23 01:16 AM
4. Camouflaging Other Entities
• Camouflaging the topology
So that distributed denial of service attacks
can be prevented or avoided
• Camouflaging servers
No one can attack them anymore
• Camouflaging wireless networks
Be power aware.
Texas A&M UniversityPage 42 04/11/23 01:16 AM
Motivation
Reducing the damage of organized and distributed DoS attacks
Topology Camouflaging
Texas A&M UniversityPage 43 04/11/23 01:16 AM
Topology Camouflaging Approaches
Preventive Camouflaging
• Purposely let a group of routers misunderstandthe topology
Reactive Camouflaging
• Dynamically change routing strategy
Texas A&M UniversityPage 44 04/11/23 01:16 AM
Topology Camouflaging: Challenges
• Consistency: An altered topology should still make sense
• Efficiency: Minimizing the network management effort tolet an altered topology be perceived for a giveneffectiveness measure
• Effectiveness: Minimizing the potential damage of DoN attacksfor a given attack power
Texas A&M UniversityPage 45 04/11/23 01:16 AM
Topology Camouflaging: Realization Methods
Preventive Camouflaging (PC)
• Change Internet Control Message Protocol atsome routers
Reactive Camouflaging (RC)
• Adaptively and autonomously adjust routingtables at some routers
Texas A&M UniversityPage 46 04/11/23 01:16 AM
5. Summary
• Cyber space camouflaging (CSC) is an important strategy to
realize tolerant networks
• Traditional encryption is a special case of CSC:
i.e., camouflaging the content of payload
• While some concepts can be borrowed from physical
camouflaging techniques, much more challenges
are ahead.
Texas A&M UniversityPage 47 04/11/23 01:16 AM
Camouflaging, Concealment, and Decoyin Cyber Space
Means Packet Conn. Traffic Server Topology Op Mode
Hide
Blend Encryption Flooding
Disguising Anycasting Neutral mode
Disrupting Re-routing RC
Decoy PC Multiple cover modes