Sheila Becker

Securing application-level topology estimation networks: facing the frog-boiling attack

Peer-to-peer real-time communication and media streaming applications optimize their performance by using application-level topology estimation services such as virtual coordinate systems. Virtual coordinate systems allow nodes in a peer-to-peer network to accurately predict latency between arbitrary nodes without the need of performing extensive measurements. However, systems that leverage virtual coordinates as supporting building blocks, are prone to attacks conducted by compromised nodes that aim at disrupting, eavesdropping, or mangling with the underlying communications. Recent research proposed techniques to mitigate basic attacks (inflation, deflation, oscillation) considering a single attack strategy model where attackers perform only one type of attack. In this work we explore supervised machine learning techniques to mitigate more subtle yet highly effective attacks (frog-boiling, network-partition) that are able to bypass existing defenses. We evaluate our techniques on the Vivaldi system against a more complex attack strategy model, where attackers perform sequences of all known attacks against virtual coordinate systems, using both simulations and Internet deployments.

Using game theory to configure P2P SIP

In this paper we propose a framework for the analysis of the security in peer-to-peer Session Initiation Protocol based infrastructures. The proposed approach defines a game theoretical model for both an attacker as well as the defender and uses the Nash equilibrium to derive optimal attack and defensive strategies for both entities. We address the specific threats related to SPam over Internet Telephony, flooding and non-cooperative behavior and assess defensive mechanisms based on thresholds and redundant retransmissions. The paper summarizes the main results based on extensive Monte-Carlo simulations of this game.

Securing Virtual Coordinates by Enforcing Physical Laws

Virtual coordinate systems (VCS) provide accurate estimations of latency between arbitrary hosts on a network, while conducting a small amount of actual measurements and relying on node cooperation. While these systems have good accuracy under benign settings, they suffer a severe decrease of their effectiveness when under attack by compromised nodes acting as insider attackers. Previous defenses mitigate such attacks by using machine learning techniques to differentiate good behavior (learned over time) from bad behavior. However, these defense schemes have been shown to be vulnerable to advanced attacks that make the schemes learn malicious behavior as good behavior. We present Newton, a decentralized VCS that is robust to a wide class of insider attacks. Newton uses an abstraction of a real-life physical system, similar to that of Vivaldi, but in addition uses safety invariants derived from Newtons laws of motion. As a result, Newton does not need to learn good behavior and can tolerate a significantly higher percentage of malicious nodes. We show through simulations and real-world experiments on the Planet Lab test bed that Newton is able to mitigate all known attacks against VCS while providing better accuracy than Vivaldi, even in benign settings.

Improving Fuzz Testing Using Game Theory

We propose a game theoretical model for fuzz testing, consisting in generating unexpected input to search for software vulnerabilities. As of today, no performance guarantees or assessment frameworks for fizzing exist. Our paper addresses these issues and describes a simple model that can be used to assess and identify optimal fizzing strategies, by leveraging game theory. In this context, payoff functions are obtained using a tainted data analysis and instrumentation of a target application to assess the impact of different fizzing strategies.

A trust management architecture for autonomic Future Internet

The proliferation and integration of communication networks in social life has increased the need for trusted systems of advanced and intelligent capabilities. Future networks are calling for new ways to efficient management, operation and service provisioning. Autonomicity becomes an enabler for self-manageability of future networks and therefore autonomic networking provides the necessary new paradigm for these networks to become manageable and scalable. Autonomic entities base their decision within a network on experience gathered and information exchanged. Trust management mechanisms can provide the necessary security framework in such an environment towards robust coherent autonomic networking. In this paper we present trust models and sketch a trust management architecture, applicable to complex future networking environments. We handle the special requirements set by autonomicity and try to strengthen the autonomic characteristics of the nodes as well as the robustness of service provisioning.

An autonomic testing framework for IPv6 configuration protocols

The current underutilization of IPv6 enabled services makes accesses to them very attractive because of higher availability and better response time, like the IPv6 specific services from Google and Youtube have recently got a lot of requests. In this paper, we describe a fuzzing framework for IPv6 protocols. Fuzzing is a process by which faults are injected in order to find vulnerabilities in implementations. Our paper describes a machine learning approach, that leverages reinforcement based fuzzing method. We describe a reinforcement learning algorithm to allow the framework to autonomically learn the best fuzzing mechanisms and to automatically test stability and reliability of IPv6.

Newton: securing virtual coordinates by enforcing physical laws

Virtual coordinate systems (VCSs) provide accurate estimations of latency between arbitrary hosts on a network, while conducting a small amount of actual measurements and relying on node cooperation. While these systems have good accuracy under benign settings, they suffer a severe decrease of their effectiveness when under attack by compromised nodes acting as insider attackers. Previous defenses mitigate such attacks by using machine learning techniques to differentiate good behavior (learned over time) from bad behavior. However, these defense schemes have been shown to be vulnerable to advanced attacks that make the schemes learn malicious behavior as good behavior. We present Newton, a decentralized VCS that is robust to a wide class of insider attacks. Newton uses an abstraction of a real-life physical system, similar to that of Vivaldi, but in addition uses safety invariants derived from Newtons laws of motion. As a result, Newton does not need to learn good behavior and can tolerate a significantly higher percentage of malicious nodes. We show through simulations and real-world experiments on the PlanetLab testbed that Newton is able to mitigate all known attacks against VCSs while providing better accuracy than Vivaldi, even in benign settings. Finally, we show how to design a VCS that better matches a real physical system, thus allowing for more intuitive and tighter system parameters that are even more difficult to exploit by attackers.

Defensive configuration with game theory

This paper proposes a new model, based on mainstream game theory for the optimal configuration of services. We consider the case of reliable realtime P2P communications and show how the configuration of security mechanisms can be configured using game theoretical concepts, in which the defendant is played by the management plane having to face adversaries which play the attacker role. Our main contribution lies in proposing a risk assessment framework and deriving optimal strategies - in terms of Nash equilibrium - for both the attacker and the defendant. We consider the specific service of communications in autonomic networks and we show how the optimal configuration can be determined within the proposed framework.

Towards Self-defending Mechanisms Using Data Mining in the EFIPSANS Framework

In currently used networks there are no self-protection or autonomous defending mechanisms. This situation leads to the spread of self-propagating malware, which causes even more dangerous, and significant threats i.e. Botnets. In the EFIPSANS project a new architecture that includes self-* functionalities is introduced. Self-defending functionality, using data mining approach detects and reacts to some of network threats.