NRT: Collaborative research: Testing and Benchmarking Methodologies for Future Network Security Mechanisms

NRT：协作研究：未来网络安全机制的测试和基准测试方法

• 批准号: 0335241
• 负责人: George Kesidis
• 金额: --
• 依托单位: Pennsylvania State Univ University Park
• 依托单位国家: 美国
• 项目类别: Cooperative Agreement
• 财政年份: 2003
• 资助国家: 美国
• 起止时间: 2003-09-01 至 2008-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0335241&HistoricalAwards=false
• 关键词: NRT; Collaborative; research; Testing; Benchmarking

Networks and computer systems are becoming increasingly attractive targets to large-scale programmedattacks such as worms and Distributed Denial of Service attacks (DDoS), which can compromise a vastnumber of vulnerable targets in a few minutes. Critical end-user applications vulnerable to such attacksinclude e-commerce, e-medicine, command-and-control applications, video surveillance and tracking, andmany other applications. While there is a growing body of research techniques, prototypes, and commercialproducts that purport to protect these applications and the network infrastructure on which they rely, thereis little existing scientific methodology by which to objectively evaluate the merits of such claims. Moreover,thorough testing of a defense system for worms or for attacks on the infrastructure cannot be evaluatedsafely on a live network without affecting its operation.To make rapid advancements in defending against these and future attacks, the state of the art in theevaluation of network security mechanisms must be improved. This will require the emergence of large-scalesecurity testbeds coupled with new standards for testing and benchmarking that can make these testbedstruly useful. Current shortcomings and impediments to evaluating network security mechanisms include lackof scientific rigor;lack of relevant and representative network data;inadequate models of defense mechanisms;and inadequate models of both the network and the transmitted data (benign and attack traffic). The latteris challenging because of the complexity of interactions among traffic, topology and protocols.The researchers propose to develop thorough, realistic,and scientifically rigorous testing frameworks and methodologies for particular classes of network attacks and defense mechanisms. These testing frameworks will be adapted for different kinds of testbeds, including simulators such as NS, emulation facilities such as Emulab, and both small and large hardware testbeds. They will include attack scenarios; attack simulators;generators for topology and background traffic; data sets derived from live traffic; and tools to monitor andsummarize test results. These frameworks will allow researchers to experiment with a variety of parameters representing the network environment, attack behaviors, and the configuration of the mechanisms under test.In addition to developing testing frameworks, the researchers propose to validate them by conducting tests on representative network defense mechanisms. Defense mechanisms of interest include network-based Intrusion Detection Systems (IDS); automated attack traceback mechanisms;t raffic rate-limiting to control DDoS attacks; and mechanisms to detect large-scale worm attacks. Conducting these tests will require incorporating real defense mechanisms into a testbed, and applying and evaluating frameworks and methodologies. Conducting these tests will also help us to ensure that the testbed framework allows other researchers to easily integrate and test network defense echanisms of their own.The research team includes experts in security, networking, data analysis, software engineering, and operating systems who are committed to developing these challenging integrated testing frameworks.Intellectual Merit: The development of testing methodologies for network defense mechanisms requiressignificant advances in our understanding of network attacks and the interactions between attacks and theirenvironment including:deployed defense technology, traffic, topology, protocols, and applications. It willalso require advances in our understanding of metrics for evaluating defenses.Education: The research into testing methodologies for network defense mechanisms will involve graduate students and provide new curriculum material for universities.Broader Impact: By providing new testing frameworks, the work will accelerate improvements innetwork defense mechanisms and facilitate their evaluation and deployment. The researchers will hold yearly workshops to disseminate results and obtain community feedback.

网络和计算机系统正成为大规模程序化攻击（例如蠕虫和分布式拒绝服务攻击 (DDoS)）越来越有吸引力的目标，这些攻击可以在几分钟内危害大量易受攻击的目标。容易受到此类攻击的关键最终用户应用程序包括电子商务、电子医疗、命令和控制应用程序、视频监控和跟踪以及许多其他应用程序。尽管越来越多的研究技术、原型和商业产品旨在保护这些应用程序及其所依赖的网络基础设施，但现有的科学方法很少可以客观地评估此类声明的优点。此外，对蠕虫或基础设施攻击防御系统的全面测试无法在不影响其运行的情况下在实时网络上进行安全评估。为了在防御这些和未来的攻击方面取得快速进展，网络安全评估的最新技术机制必须健全。这将需要出现大规模的安全测试平台以及新的测试和基准测试标准，以使这些测试平台真正有用。当前评估网络安全机制的缺点和障碍包括缺乏科学严谨性；缺乏相关且有代表性的网络数据；防御机制模型不充分；以及网络和传输数据（良性和攻击流量）的模型不充分。由于流量、拓扑和协议之间交互的复杂性，后者具有挑战性。研究人员建议针对特定类别的网络攻击和防御机制开发彻底、现实且科学严谨的测试框架和方法。这些测试框架将适用于不同类型的测试台，包括 NS 等模拟器、Emulab 等仿真设施以及小型和大型硬件测试台。它们将包括攻击场景；攻击模拟器；拓扑和后台流量生成器；来自实时流量的数据集；以及监控和总结测试结果的工具。这些框架将允许研究人员对代表网络环境、攻击行为和被测机制配置的各种参数进行实验。除了开发测试框架之外，研究人员还建议通过对代表性网络防御机制进行测试来验证它们。 感兴趣的防御机制包括基于网络的入侵检测系统（IDS）；自动攻击追踪机制；流量速率限制以控制 DDoS 攻击；以及检测大规模蠕虫攻击的机制。进行这些测试需要将真正的防御机制纳入测试平台，并应用和评估框架和方法。进行这些测试还将帮助我们确保测试床框架允许其他研究人员轻松集成和测试他们自己的网络防御机制。研究团队包括安全、网络、数据分析、软件工程和操作系统方面的专家，他们致力于智力优点：网络防御机制测试方法的开发需要我们对网络攻击以及攻击与其环境之间的相互作用的理解取得重大进展，包括：部署的防御技术、流量、拓扑、协议和应用程序。它还需要我们对防御评估指标的理解取得进展。教育：网络防御机制测试方法的研究将涉及研究生，并为大学提供新的课程材料。更广泛的影响：通过提供新的测试框架，这项工作将加速改进网络防御机制并促进其评估和部署。研究人员将每年举办研讨会以传播结果并获得社区反馈。