TOPHAT: Topology-based Host-Level Attribution for Multi-Stage Attacks in Enterprise Systems using Software Defined Networks
نویسندگان
چکیده
Multi-layer distributed systems, such as those found in corporate systems, are often the target of multi-stage attacks. Such attacks utilize multiple victim machines, in a series, to compromise a target asset deep inside the corporate network. Under such attacks, it is difficult to identify the upstream attacker’s identity from a downstream victim machine because of the mixing of multiple network flows. This is known as the attribution problem in security domains. We present TopHat, a system that solves such attribution problems for multi-stage attacks. It does this by using moving target defense, i.e., shuffling the assignment of clients to server replicas, which is achieved through software defined networking. As alerts are generated, TopHat maintains state about the level of risk for each network flow and progressively isolates the malicious flows. Using a simulation, we show that TopHat can identify single and multiple attackers in a variety of systems with different numbers of servers, layers, and clients.
منابع مشابه
MAAT: Multi-Stage Attack Attribution in Enterprise Systems using Software Defined Networks
Multi-layer distributed systems, such as those found in corporate systems, are often the target of multistage attacks. Such attacks utilize multiple victim machines, in a series, to compromise a target asset deep inside the corporate network. Under such attacks, it is difficult to identify the upstream attacker’s identity from a downstream victim machine because of the mixing of multiple networ...
متن کاملارائه یک ساختار جدید چند طبقهای برای اینورترهای منبع امپدانسی
In this paper, a multi-stage Z-source inverter with high boost factor is proposed. The proposed topology by using the combination of a power supply and Z-source networks are increased the voltage. Regarding voltage increase capability over the wide range, good resistance against electromagnetic noise and immunities against shoot through (ST), this inverter can be used widely in the photovoltaic...
متن کاملSurvey the Security Function of Integration of vehicular ad hoc Networks with Software-defiend Networks
In recent years, Vehicular Ad Hoc Networks (VANETs) have emerged as one of the most active areas in the field of technology to provide a wide range of services, including road safety, passenger's safety, amusement facilities for passengers and emergency facilities. Due to the lack of flexibility, complexity and high dynamic network topology, the development and management of current Vehicular A...
متن کاملADAPTIVE ORDERED WEIGHTED AVERAGING FOR ANOMALY DETECTION IN CLUSTER-BASED MOBILE AD HOC NETWORKS
In this paper, an anomaly detection method in cluster-based mobile ad hoc networks with ad hoc on demand distance vector (AODV) routing protocol is proposed. In the method, the required features for describing the normal behavior of AODV are defined via step by step analysis of AODV and independent of any attack. In order to learn the normal behavior of AODV, a fuzzy averaging method is used fo...
متن کاملOptimal Multiple FCLs Allocation Considering DG Penetration in Meshed Network With Multi-Level Voltages
Increasing the short circuit current due to the penetration of distributed generations (DGs) in various voltage levels and meshed topology is a basic problem in power systems. Using fault current limiter (FCL) is an efficient approach to mitigate the exceeded short circuit levels. In this paper, a new approach is presented for multiple FCLs locating to decrease short circuit levels in meshed ne...
متن کامل