Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Building Virtual Environments for Security Analyses
of Complex Networked Systems
Mara Sorella, Ph.D.
Research center on Cy...
Starting from the past decade, cyber attacks have become increasingly sophisticated,
stealthy, targeted and multi-faceted,...
Starting from the past decade, cyber attacks have become increasingly sophisticated,
stealthy, targeted and multi-faceted,...
Starting from the past decade, cyber attacks have become increasingly sophisticated,
stealthy, targeted and multi-faceted,...
Starting from the past decade, cyber attacks have become increasingly sophisticated,
stealthy, targeted and multi-faceted,...
Starting from the past decade, cyber attacks have become increasingly sophisticated,
stealthy, targeted and multi-faceted,...
Our Project: Motivation
Our Project: Motivation
▪ Research focus: threat modeling, network hardening algorithms
▪ Goal: test and evaluate our rese...
Our Project: Motivation
▪ Research focus: threat modeling, network hardening algorithms
▪ Goal: test and evaluate our rese...
Our Project: Motivation
▪ Research focus: threat modeling, network hardening algorithms
▪ Goal: test and evaluate our rese...
Solution overview
Solution overview
Solution overview
Testbed
Specification
Solution overview
Testbed
Specification
Solution overview
Testbed
Specification
Solution overview
Testbed
Specification
Solution overview
Testbed
Specification
Solution overview
Testbed
Specification
Solution overview
Testbed
Specification
Virtual Environment Infrastructure
Design choices
Major open source solutions: OpenNebula vs OpenStack
Private cloud management, Infrastructure as a Service platforms
Virtu...
Major open source solutions: OpenNebula vs OpenStack
Private cloud management, Infrastructure as a Service platforms
vendo...
Major open source solutions: OpenNebula vs OpenStack
Private cloud management, Infrastructure as a Service platforms
- Com...
Major open source solutions: OpenNebula vs OpenStack
Private cloud management, Infrastructure as a Service platforms
- Com...
Storage Layer
Maintaining VM OS Images (“templates”) repository: distributed/replicated filesystem
• Replicated mode: exact copies of the data are maintained on the bricks
• Fosters data locality at VM instantiation time
...
• Replicated mode: exact copies of the data are maintained on the bricks
• Fosters data locality at VM instantiation time
...
Inter- and intra- LAN comms, across different physical nodes
Virtual switches: OpenVirtualSwitch, Linux Ethernet Bridge
• ...
Inter- and intra- LAN comms, across different physical nodesNetwork Layer
OpenVirtualSwitch: software implementation of a ...
Virtual Infrastructure: Overview
Virtual Infrastructure: Overview
server 1 server 2 … server n
Virtual Infrastructure: Overview
server 1 server 2 … server n
oned
(master)
Virtual Infrastructure: Overview
server 1 server 2 … server n
opennebula-kvm opennebula-kvmoned
(master)
Virtual Infrastructure: Overview
server 1 server 2 … server n
opennebula-kvm opennebula-kvmoned
(master)
Virtual Infrastructure: Overview
switch (backbone)
server 1 server 2 … server n
opennebula-kvm opennebula-kvmoned
(master)
Virtual Infrastructure: Overview
switch (backbone)
server 1 server 2 … server n
br1
br2
br3
opennebula-kvm opennebula-kvmoned
(master)
Virtual Infrastructu...
switch (backbone)
server 1 server 2 … server n
br1
br2
br3
switch (service)
opennebula-kvm opennebula-kvmoned
(master)
Vir...
firewall
switch (backbone)
server 1 server 2 … server n
br1
br2
br3
switch (service)
opennebula-kvm opennebula-kvmoned
(ma...
firewall
switch (backbone)
server 1 server 2 … server n
br1
br2
br3
switch (service)
opennebula-kvm opennebula-kvmoned
(ma...
firewall
switch (backbone)
server 1 server 2 … server n
br1
br2
br3
switch (service)
opennebula-kvm opennebula-kvmoned
(ma...
firewall
switch (backbone)
server 1 server 2 … server n
br1
br2
br3
switch (service)
EMULATION ENVIRONMENT INFRASTRUCTURE
...
firewall
switch (backbone)
server 1 server 2 … server n
br1
br2
br3
switch (service)
VIRTUAL TESTBED EMULATION ENVIRONMENT...
Testbed Design and Deployment
- Cyber range Laboratory
- Deploys a testbed starting from a YAML file (“infrastructure as a code”)
Automatic Testbed Depl...
- Cyber range Laboratory
- Deploys a testbed starting from a YAML file (“infrastructure as a code”)
Automatic Testbed Depl...
- Cyber range Laboratory
- Deploys a testbed starting from a YAML file (“infrastructure as a code”)
Automatic Testbed Depl...
1. VLANs
A text-only configuration file (YAML representation)
A Testbed “spec”
A text-only configuration file (YAML repres...
1. VLANs
2. VMs
A text-only configuration file (YAML representation)
A Testbed “spec”
A text-only configuration file (YAML...
1. VLANs
2. VMs
A text-only configuration file (YAML representation)
A Testbed “spec”
A text-only configuration file (YAML...
1. VLANs
2. VMs
3. Virtual
Routers
A text-only configuration file (YAML representation)
A Testbed “spec”
A text-only confi...
1. VLANs
2. VMs
3. Virtual
Routers
4. Firewalls
A text-only configuration file (YAML representation)
A Testbed “spec”
A te...
Cylab:Architecture overview
Cylab:Architecture overview
Cylab:Architecture overview
Cylab:Architecture overview
service
installation
Applications
The infrastructure can support various activitiesApplications: Overview
1. Cyber-range deployment for security training and testing
• cyber security scenario awareness
• incident management (det...
[ICDCN ‘19] Tanasache, Sorella, Bonomi, Rapone, Meacci. Building an emulation environment for cyber security analyses of c...
[ICDCN ‘19] Tanasache, Sorella, Bonomi, Rapone, Meacci. Building an emulation environment for cyber security analyses of c...
[ICDCN ‘19] Tanasache, Sorella, Bonomi, Rapone, Meacci. Building an emulation environment for cyber security analyses of c...
[ICDCN ‘19] Tanasache, Sorella, Bonomi, Rapone, Meacci. Building an emulation environment for cyber security analyses of c...
[ICDCN ‘19] Tanasache, Sorella, Bonomi, Rapone, Meacci. Building an emulation environment for cyber security analyses of c...
[ICDCN ‘19] Tanasache, Sorella, Bonomi, Rapone, Meacci. Building an emulation environment for cyber security analyses of c...
Applications
Dataset Generation
Software agents deployed on the hosts, capturing
different behavioral patterns
Dataset Generation: benign traffic agents
P...
Software agents deployed on the hosts, capturing
different behavioral patterns
Dataset Generation: benign traffic agents
P...
Malicious activities performed in the testbed, covering a diverse set of attack
scenarios.
Web attack - Drupal
Ransomware ...
LAN1 LAN2
br1 br1
LAN3
br2 br2
LAN1
Data collection: network traffic
LAN1 LAN2
br1 br1
LAN3
br2 br2
LAN1
Data collection: network traffic
LAN1 LAN2
br1 br1
LAN3
br2 br2
LAN1
Data collection: network traffic
For each network to be monitored, OVS port mirroring ...
LAN1 LAN2
br1 br1
LAN3
br2 br2
LAN1
Data collection: network traffic
For each network to be monitored, OVS port mirroring ...
Information to be gathered from the virtual testbed include:
• routing tables
• system logs
• firewall rules
• ACLs from n...
Toward a flexible and fully automated testbed
▪ Service + host behavior on-demand installation
Ansible server + Catalog se...
Toward a flexible and fully automated testbed
▪ Service + host behavior on-demand installation
Ansible server + Catalog se...
Toward a flexible and fully automated testbed
▪ Service + host behavior on-demand installation
Ansible server + Catalog se...
Toward a flexible and fully automated testbed
▪ Service + host behavior on-demand installation
Ansible server + Catalog se...
OpenNebulaConf2019 - Building Virtual Environments for Security Analyses of Complex Networked Systems - Mara Sorella - Sap...
Upcoming SlideShare
Loading in …5
×

OpenNebulaConf2019 - Building Virtual Environments for Security Analyses of Complex Networked Systems - Mara Sorella - Sapienza Univ. of Rome

96 views

Published on

Computer networks are undergoing a phenomenal growth, driven by the rapidly increasing number of nodes constituting the networks. At the same time, the number of security threats on Internet and intranet networks is constantly increasing, and the testing and experimentation of cyber defense solutions require the availability of separate, test environments that best reflect the complexity of a real system. Such environments support the deployment and monitoring of complex mission-driven network scenarios, and cyber security training activities, thus enabling enterprises to study cyber defense strategies and allowing security researchers to evaluate their algorithms at scale.

The main objective is delivering to researchers and practitioners an overview of the technological means and the practical steps to setup a private cloud platform based on OpenNebula for the creation and management of virtual environments that support cyber-security activities of training and testing, as well as an overview of its possible applications in the cyber security domain.

In particular:

1. We describe our infrastructure based on OpenNebula
2. We overview our application, sitting on top of OpenNebula, as well as the technological tools involved in the management of its lifecycle (e.g., Ansible)
.
3. We show how the platform can support various examples of security research activities


[References] Building an emulation environment for cyber security analyses of complex networked systems, Tanasache, Florin Dragos and Sorella, Mara and Bonomi, Silvia and Rapone, Raniero and Meacci, Davide, ICDCN '19, ACM, 2019

Published in: Software
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

OpenNebulaConf2019 - Building Virtual Environments for Security Analyses of Complex Networked Systems - Mara Sorella - Sapienza Univ. of Rome

  1. 1. Building Virtual Environments for Security Analyses of Complex Networked Systems Mara Sorella, Ph.D. Research center on Cyber Intelligence and Information Security (CIS) Department of Computer, Control and Management Engineering Sapienza University of Rome
  2. 2. Starting from the past decade, cyber attacks have become increasingly sophisticated, stealthy, targeted and multi-faceted, featuring zero-day exploits and highly creative interdisciplinary attack methods. Introduction
  3. 3. Starting from the past decade, cyber attacks have become increasingly sophisticated, stealthy, targeted and multi-faceted, featuring zero-day exploits and highly creative interdisciplinary attack methods. A common strategy is trying to play the role of the attacker and stress the network that is aimed to protect. Another key aspect is personnel training. Introduction
  4. 4. Starting from the past decade, cyber attacks have become increasingly sophisticated, stealthy, targeted and multi-faceted, featuring zero-day exploits and highly creative interdisciplinary attack methods. A common strategy is trying to play the role of the attacker and stress the network that is aimed to protect. Another key aspect is personnel training. Need to have a separate, dedicated environment that should be able to: ▪ represent realistic scenarios that fit the security testing objectives ▪ support the definition of new scenarios and cyber threats in a cost and time-effective manner Introduction
  5. 5. Starting from the past decade, cyber attacks have become increasingly sophisticated, stealthy, targeted and multi-faceted, featuring zero-day exploits and highly creative interdisciplinary attack methods. A common strategy is trying to play the role of the attacker and stress the network that is aimed to protect. Another key aspect is personnel training. Need to have a separate, dedicated environment that should be able to: ▪ represent realistic scenarios that fit the security testing objectives ▪ support the definition of new scenarios and cyber threats in a cost and time-effective manner Introduction This is typically achieved by instrumenting virtual environments, referred as cyber ranges
  6. 6. Starting from the past decade, cyber attacks have become increasingly sophisticated, stealthy, targeted and multi-faceted, featuring zero-day exploits and highly creative interdisciplinary attack methods. A common strategy is trying to play the role of the attacker and stress the network that is aimed to protect. Another key aspect is personnel training. Need to have a separate, dedicated environment that should be able to: ▪ represent realistic scenarios that fit the security testing objectives ▪ support the definition of new scenarios and cyber threats in a cost and time-effective manner Introduction This is typically achieved by instrumenting virtual environments, referred as cyber ranges
  7. 7. Our Project: Motivation
  8. 8. Our Project: Motivation ▪ Research focus: threat modeling, network hardening algorithms ▪ Goal: test and evaluate our research products in realistic scenarios
  9. 9. Our Project: Motivation ▪ Research focus: threat modeling, network hardening algorithms ▪ Goal: test and evaluate our research products in realistic scenarios ▪ Issues very few existing datasets available limited information available typically small scale networks (<10 nodes)
  10. 10. Our Project: Motivation ▪ Research focus: threat modeling, network hardening algorithms ▪ Goal: test and evaluate our research products in realistic scenarios ▪ Solution A combination of techniques of network and security assessment, and cloud technologies to enable the deployment of fully virtualized instances of computer networks with high degree of affinity to actual reference scenarios ▪ Issues very few existing datasets available limited information available typically small scale networks (<10 nodes)
  11. 11. Solution overview
  12. 12. Solution overview
  13. 13. Solution overview Testbed Specification
  14. 14. Solution overview Testbed Specification
  15. 15. Solution overview Testbed Specification
  16. 16. Solution overview Testbed Specification
  17. 17. Solution overview Testbed Specification
  18. 18. Solution overview Testbed Specification
  19. 19. Solution overview Testbed Specification
  20. 20. Virtual Environment Infrastructure Design choices
  21. 21. Major open source solutions: OpenNebula vs OpenStack Private cloud management, Infrastructure as a Service platforms Virtual Environment Infrastructure: IaaS
  22. 22. Major open source solutions: OpenNebula vs OpenStack Private cloud management, Infrastructure as a Service platforms vendor stacks Virtual Environment Infrastructure: IaaS
  23. 23. Major open source solutions: OpenNebula vs OpenStack Private cloud management, Infrastructure as a Service platforms - Complex, multitiered, vendor-driven - Many subprojects, each with different maturity levels vendor stacks Virtual Environment Infrastructure: IaaS
  24. 24. Major open source solutions: OpenNebula vs OpenStack Private cloud management, Infrastructure as a Service platforms - Complex, multitiered, vendor-driven - Many subprojects, each with different maturity levels - Ease of setup and use - free, yet production ready vendor stacks Virtual Environment Infrastructure: IaaS
  25. 25. Storage Layer Maintaining VM OS Images (“templates”) repository: distributed/replicated filesystem
  26. 26. • Replicated mode: exact copies of the data are maintained on the bricks • Fosters data locality at VM instantiation time Storage Layer Maintaining VM OS Images (“templates”) repository: distributed/replicated filesystem
  27. 27. • Replicated mode: exact copies of the data are maintained on the bricks • Fosters data locality at VM instantiation time /Images — GlusterFS mount point, OS images /System — instantiated machines disks /Files & Kernels — plain text files such as scripts OpenNebula Datastores Storage Layer Maintaining VM OS Images (“templates”) repository: distributed/replicated filesystem
  28. 28. Inter- and intra- LAN comms, across different physical nodes Virtual switches: OpenVirtualSwitch, Linux Ethernet Bridge • Keeps a MAC database: tap0 — eth0 Network Layer Inter/intra Virtual LAN communications across physical nodes OVS Software implementation of a virtual multilayer network switch
  29. 29. Inter- and intra- LAN comms, across different physical nodesNetwork Layer OpenVirtualSwitch: software implementation of a virtual multilayer network switch also enables efficient data collection at the bridge level SPAN (Switched Port Analyzer)
  30. 30. Virtual Infrastructure: Overview
  31. 31. Virtual Infrastructure: Overview
  32. 32. server 1 server 2 … server n Virtual Infrastructure: Overview
  33. 33. server 1 server 2 … server n oned (master) Virtual Infrastructure: Overview
  34. 34. server 1 server 2 … server n opennebula-kvm opennebula-kvmoned (master) Virtual Infrastructure: Overview
  35. 35. server 1 server 2 … server n opennebula-kvm opennebula-kvmoned (master) Virtual Infrastructure: Overview
  36. 36. switch (backbone) server 1 server 2 … server n opennebula-kvm opennebula-kvmoned (master) Virtual Infrastructure: Overview
  37. 37. switch (backbone) server 1 server 2 … server n br1 br2 br3 opennebula-kvm opennebula-kvmoned (master) Virtual Infrastructure: Overview
  38. 38. switch (backbone) server 1 server 2 … server n br1 br2 br3 switch (service) opennebula-kvm opennebula-kvmoned (master) Virtual Infrastructure: Overview
  39. 39. firewall switch (backbone) server 1 server 2 … server n br1 br2 br3 switch (service) opennebula-kvm opennebula-kvmoned (master) Virtual Infrastructure: Overview
  40. 40. firewall switch (backbone) server 1 server 2 … server n br1 br2 br3 switch (service) opennebula-kvm opennebula-kvmoned (master) Virtual Infrastructure: Overview
  41. 41. firewall switch (backbone) server 1 server 2 … server n br1 br2 br3 switch (service) opennebula-kvm opennebula-kvmoned (master) Virtual Infrastructure: Overview
  42. 42. firewall switch (backbone) server 1 server 2 … server n br1 br2 br3 switch (service) EMULATION ENVIRONMENT INFRASTRUCTURE opennebula-kvm opennebula-kvmoned (master) Virtual Infrastructure: Overview
  43. 43. firewall switch (backbone) server 1 server 2 … server n br1 br2 br3 switch (service) VIRTUAL TESTBED EMULATION ENVIRONMENT INFRASTRUCTURE opennebula-kvm opennebula-kvmoned (master) Virtual Infrastructure: Overview
  44. 44. Testbed Design and Deployment
  45. 45. - Cyber range Laboratory - Deploys a testbed starting from a YAML file (“infrastructure as a code”) Automatic Testbed Deployment: Cylab
  46. 46. - Cyber range Laboratory - Deploys a testbed starting from a YAML file (“infrastructure as a code”) Automatic Testbed Deployment: Cylab No opennebula provider
  47. 47. - Cyber range Laboratory - Deploys a testbed starting from a YAML file (“infrastructure as a code”) Automatic Testbed Deployment: Cylab No opennebula provider
  48. 48. 1. VLANs A text-only configuration file (YAML representation) A Testbed “spec” A text-only configuration file (YAML representation) Testbed Specification
  49. 49. 1. VLANs 2. VMs A text-only configuration file (YAML representation) A Testbed “spec” A text-only configuration file (YAML representation) Testbed Specification
  50. 50. 1. VLANs 2. VMs A text-only configuration file (YAML representation) A Testbed “spec” A text-only configuration file (YAML representation) +custom init script support (CONTEXT / START_SCRIPT) Testbed Specification
  51. 51. 1. VLANs 2. VMs 3. Virtual Routers A text-only configuration file (YAML representation) A Testbed “spec” A text-only configuration file (YAML representation) +custom init script support (CONTEXT / START_SCRIPT) Testbed Specification
  52. 52. 1. VLANs 2. VMs 3. Virtual Routers 4. Firewalls A text-only configuration file (YAML representation) A Testbed “spec” A text-only configuration file (YAML representation) +custom init script support (CONTEXT / START_SCRIPT) Testbed Specification
  53. 53. Cylab:Architecture overview
  54. 54. Cylab:Architecture overview
  55. 55. Cylab:Architecture overview
  56. 56. Cylab:Architecture overview service installation
  57. 57. Applications
  58. 58. The infrastructure can support various activitiesApplications: Overview
  59. 59. 1. Cyber-range deployment for security training and testing • cyber security scenario awareness • incident management (detection, investigation, response) The infrastructure can support various activitiesApplications: Overview
  60. 60. [ICDCN ‘19] Tanasache, Sorella, Bonomi, Rapone, Meacci. Building an emulation environment for cyber security analyses of complex networked systems 1. Cyber-range deployment for security training and testing • cyber security scenario awareness • incident management (detection, investigation, response) 2. Dataset generation The infrastructure can support various activities case study [ICDCN ‘19] Applications: Overview
  61. 61. [ICDCN ‘19] Tanasache, Sorella, Bonomi, Rapone, Meacci. Building an emulation environment for cyber security analyses of complex networked systems 1. Cyber-range deployment for security training and testing • cyber security scenario awareness • incident management (detection, investigation, response) 2. Dataset generation 3. Threat modeling & risk management The infrastructure can support various activities case study [ICDCN ‘19] Applications: Overview
  62. 62. [ICDCN ‘19] Tanasache, Sorella, Bonomi, Rapone, Meacci. Building an emulation environment for cyber security analyses of complex networked systems 1. Cyber-range deployment for security training and testing • cyber security scenario awareness • incident management (detection, investigation, response) 2. Dataset generation 3. Threat modeling & risk management • dynamic attack graph generation The infrastructure can support various activities case study [ICDCN ‘19] Applications: Overview
  63. 63. [ICDCN ‘19] Tanasache, Sorella, Bonomi, Rapone, Meacci. Building an emulation environment for cyber security analyses of complex networked systems 1. Cyber-range deployment for security training and testing • cyber security scenario awareness • incident management (detection, investigation, response) 2. Dataset generation 3. Threat modeling & risk management • dynamic attack graph generation The infrastructure can support various activities case study [ICDCN ‘19] Applications: Overview
  64. 64. [ICDCN ‘19] Tanasache, Sorella, Bonomi, Rapone, Meacci. Building an emulation environment for cyber security analyses of complex networked systems 1. Cyber-range deployment for security training and testing • cyber security scenario awareness • incident management (detection, investigation, response) 2. Dataset generation 3. Threat modeling & risk management • dynamic attack graph generation • network hardening • automatic attack path instantiation The infrastructure can support various activities case study [ICDCN ‘19] Applications: Overview
  65. 65. [ICDCN ‘19] Tanasache, Sorella, Bonomi, Rapone, Meacci. Building an emulation environment for cyber security analyses of complex networked systems 1. Cyber-range deployment for security training and testing • cyber security scenario awareness • incident management (detection, investigation, response) 2. Dataset generation 3. Threat modeling & risk management • dynamic attack graph generation • network hardening • automatic attack path instantiation The infrastructure can support various activities case study [ICDCN ‘19] Applications: Overview
  66. 66. Applications Dataset Generation
  67. 67. Software agents deployed on the hosts, capturing different behavioral patterns Dataset Generation: benign traffic agents Protocols ▪ HTTP/HTTPS ▪ SSH ▪ SMB ▪ SFTP
  68. 68. Software agents deployed on the hosts, capturing different behavioral patterns Dataset Generation: benign traffic agents Protocols ▪ HTTP/HTTPS ▪ SSH ▪ SMB ▪ SFTP
  69. 69. Malicious activities performed in the testbed, covering a diverse set of attack scenarios. Web attack - Drupal Ransomware Attack (WannaCry) We collected a publicly released dataset containing complete network traces, enriched with labeled features Dataset Generation: cyber attacks
  70. 70. LAN1 LAN2 br1 br1 LAN3 br2 br2 LAN1 Data collection: network traffic
  71. 71. LAN1 LAN2 br1 br1 LAN3 br2 br2 LAN1 Data collection: network traffic
  72. 72. LAN1 LAN2 br1 br1 LAN3 br2 br2 LAN1 Data collection: network traffic For each network to be monitored, OVS port mirroring (SPAN) allows to mirror the traffic from all VM network interfaces toward a specific output port (1 x br x node)
  73. 73. LAN1 LAN2 br1 br1 LAN3 br2 br2 LAN1 Data collection: network traffic For each network to be monitored, OVS port mirroring (SPAN) allows to mirror the traffic from all VM network interfaces toward a specific output port (1 x br x node)
  74. 74. Information to be gathered from the virtual testbed include: • routing tables • system logs • firewall rules • ACLs from network devices • installed applications (+CVE) • running services • open ports This info is using an out-of-band “management” interface for each machine Data collection: metadata
  75. 75. Toward a flexible and fully automated testbed ▪ Service + host behavior on-demand installation Ansible server + Catalog server Ongoing work
  76. 76. Toward a flexible and fully automated testbed ▪ Service + host behavior on-demand installation Ansible server + Catalog server ▪ Terraform Integration (opennebula provider) Ongoing work
  77. 77. Toward a flexible and fully automated testbed ▪ Service + host behavior on-demand installation Ansible server + Catalog server ▪ Terraform Integration (opennebula provider) Ongoing work fork fork
  78. 78. Toward a flexible and fully automated testbed ▪ Service + host behavior on-demand installation Ansible server + Catalog server ▪ Terraform Integration (opennebula provider) Ongoing work fork fork oneuser oneacl onehost onecluster API support still lacking: …

×