Automated Synthesis Framework for Network Security and Resilience - July 2018
PI(s), Co-PI(s), Researchers: Matthew Casear, Dong (Kevin) Jin, Bingzhe Liu, Santhosh Prabhu, and Xiaoliang Wu
HARD PROBLEM(S) ADDRESSED
This refers to Hard Problems, released November 2012.
This project is developing the analysis methodology needed to support scientific reasoning about the resilience and security of networks, with a particular focus on network control and information/data flow. The core of this vision is an automated synthesis framework (ASF), which will automatically derive network state and repairs, from a set of specified correctness requirements and security policies. ASF consists of a set of techniques for performing and integrating security and resilience analyses applied at different layers in a real-time and automated fashion. This project is building both theoretical underpinnings and a practical realization of Science of Security. The proposed project covers four hard problems: (1) resilient architectures (primary), (2) scalability and composability, (3) policy-governed secure collaboration, and (4) security-metrics-driven evaluation, design, development and deployment.
PUBLICATIONS
Papers written as a result of your research from the current quarter only.
[1] Yanfeng Qu, Xin Liu, Dong Jin, Yuan Hong, and Chen Chen, "Enabling a Resilient and Self-healing PMU Infrastructure Using Centralized Network Control", ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization (SDN-NFV Security 2018), Tempe, AZ, March 21, 2018.
Abstract: Many of the emerging wide-area monitoring protection and control (WAMPAC) applications in modern electrical grids rely heavily on the availability and integrity of widespread phasor measurement unit (PMU) data. Therefore, it is critical to protect PMU networks against growing cyber-attacks and system faults. In this paper, we present a self-healing PMU network design that considers both power system observability and communication network characteristics. Our design utilizes centralized network control, such as the emerging software-defined networking (SDN) technology, to design resilient network self-healing algorithms against cyber-attacks. Upon detection of a cyber-attack, the PMU network can reconfigure itself to isolate compromised devices and re-route measurement data with the goal of preserving the power system observability. We have developed a proof-of-concept system in a container-based network testbed using integer linear programming to solve a graph-based PMU system model. We also evaluate the system performance regarding the self-healing plan generation and installation using the IEEE 30-bus system.
Hard problem(s) addressed: Resilient Architecture (self-healing network applications)
[2] Jiaqi Yan, Dong Jin, and Cheol Won Lee, "A Comparative Study of Off-Line Deep Learning Based Network Intrusion Detection", 10th International Conference on Ubiquitous and Future Networks (ICUFN), Prague, Czech Republic, July 3-6, 2018.
Abstract: Network intrusion detection systems (NIDS) are essential security building-blocks for today's organizations to ensure safe and trusted communication of information. In this paper, we study the feasibility of off-line deep learning based NIDSes by constructing the detection engine with multiple advanced deep learning models and conducting a quantitative and comparative evaluation of those models. We first introduce the general deep learning methodology and its potential implication on the network intrusion detection problem. We then review multiple machine learning solutions to two network intrusion detection tasks (NSL-KDD and UNSW-NB15 datasets). We develop a TensorFlow-based deep learning library, called NetLearner, and implement a handful of cutting-edge deep learning models for NIDS. Finally, we conduct a quantitative and comparative performance evaluation of those models using NetLearner.
Hard problem(s) addressed: resilient architectures; security-metrics-driven evaluation, design, development and deployment
[3] Santhosh Prabhu, Gohar Irfan Chaudhry, Brighten Godfrey and Matthew Caesar, "High Coverage Testing of Softwarized Networks". ACM SIGCOMM 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges (SecSoN 2018), Budapest, Hungary, August 24, 2018, to appear.
Hard problem(s) addressed: resilient architectures, design, development and deployment
KEY HIGHLIGHTS
Each effort should submit one or two specific highlights. Each item should include a paragraph or two along with a citation if available. Write as if for the general reader of IEEE S&P.
The purpose of the highlights is to give our immediate sponsors a body of evidence that the funding they are providing (in the framework of the SoS lablet model) is delivering results that "more than justify" the investment they are making.
In the current quarter, our project progress is centered on addressing SoS lablet hard problems primarily in resilient architecture. Key highlights are listed as follows.
- We began investigation of automated synthesis of network control to preserve desired security policies and network invariants. Specific invariants include (i) reduction of reaction time to fix problems, (ii) avoidance if introduction of errors in the repair process, and (iii) prevention of vulnerabilities. We also began investigation of how to synthesize patches to automatically fix critical invariants that were violated by the network controller application. We also began investigation of the ability to automatically derive and install packet filters in the network to block traffic that could exploit the vulnerability, and automatically generating alternate configurations that retain the semantics of the original configuration while selectively blocking the vulnerability. The candidate approach under consideration models both the forwarding behavior of data through the network, control operations conducted on the network, as well as operations between the two.
- We continued exploration of self-healing network management to address the resilient architecture hard problem and application of the methods to applications in cyber-physical energy systems. We developed a self-healing algorithm that considers both power system observability and communication network characteristics. Upon detection of a cyber-attack, our system can automatically isolate compromised devices to prevent further attack propagation or reconnecting uncompromised sensors to restore power system observability. We implement a proof-of-concept system in Mininet and conducted system performance evaluation using the IEEE 30-bus system. Some early results have been published at SDN-NFV Security'18.
- We studied the network intrusion detection system with various deep learning models with the goal of enhancing network security and resilience. We designed and implemented a TensorFlow-based deep learning library, called NetLearner. We also utilized NetLearner to conduct a quantitative and comparative performance evaluation of those models and related metrics. We published the results at ICUFN'18.
- We continued transfer of our technology to industry through interactions with Veriflow. Veriflow is a startup company commercializing verification technology that came out of this project's SoS lablet funding. This startup company has now employs over thirty people in the United States and has conducted multiple pilots and deployments across several industry sectors including within the US Department of Defense. More information is available at www.veriflow.net. Current collaborations target deployment of our verification technology to distributed cloud environments.
COMMUNITY ENGAGEMENTS
- Kevin Jin is invited to serve as a technical program committee member of the 2018 International Conference on Information and Communications Security (ICICS)
- Kevin Jin will give a technical talk at the CODES summer workshop at Argonne National Lab in July. The topic of the talk is about "Scalable Simulation and Modeling Framework for Evaluation of Software-Defined Networking Design and Applications."
- Xin Liu presented our SDN-NFV Security'18 paper, in conjunction with the ACM Conference on Data and Application Security and Privacy (CODASPY), in Arizona on March 2018.
- Matthew Caesar continues to serve as Chief Science Officer of Veriflow, a company commercializng technology spun out of our Science of Security lablet work.
EDUCATIONAL ADVANCES:
- Kevin Jin served as the Ph.D. Colloquium Chair for the ACM SIGSIM Conference on Principles of Advanced and Distributed Simulation, May 2018
- Kevin Jin supervised two undergraduate student research projects in Fall 2017 and Spring 2018. Matthew Caesar supervised five undergraduate student research projects during this same timeframe. Matthew also participated in the 2018 University of Illinois Undergraduate Research Symposium.
- We presented a research poster "Distributed Virtual Time System for Embedded Linux Devices" at the 7th Greater Chicago Area System Research Workshop (GCASR) on April 2018.