Visible to the public Biblio

Filters: Author is Krishnamurthy, Srikanth V.  [Clear All Filters]
2018-06-11
Aqil, Azeem, Khalil, Karim, Atya, Ahmed O.F., Papalexakis, Evangelos E., Krishnamurthy, Srikanth V., Jaeger, Trent, Ramakrishnan, K. K., Yu, Paul, Swami, Ananthram.  2017.  Jaal: Towards Network Intrusion Detection at ISP Scale. Proceedings of the 13th International Conference on Emerging Networking EXperiments and Technologies. :134–146.
We have recently seen an increasing number of attacks that are distributed, and span an entire wide area network (WAN). Today, typically, intrusion detection systems (IDSs) are deployed at enterprise scale and cannot handle attacks that cover a WAN. Moreover, such IDSs are implemented at a single entity that expects to look at all packets to determine an intrusion. Transferring copies of raw packets to centralized engines for analysis in a WAN can significantly impact both network performance and detection accuracy. In this paper, we propose Jaal, a framework for achieving accurate network intrusion detection at scale. The key idea in Jaal is to monitor traffic and construct in-network packet summaries. The summaries are then processed centrally to detect attacks with high accuracy. The main challenges that we address are (a) creating summaries that are concise, but sufficient to draw highly accurate inferences and (b) transforming traditional IDS rules to handle summaries instead of raw packets. We implement Jaal on a large scale SDN testbed. We show that on average Jaal yields a detection accuracy of about 98%, which is the highest reported for ISP scale network intrusion detection. At the same time, the overhead associated with transferring summaries to the central inference engine is only about 35% of what is consumed if raw packets are transferred.
2017-04-20
Achleitner, Stefan, La Porta, Thomas, McDaniel, Patrick, Sugrim, Shridatt, Krishnamurthy, Srikanth V., Chadha, Ritu.  2016.  Cyber Deception: Virtual Networks to Defend Insider Reconnaissance. Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats. :57–68.

Advanced targeted cyber attacks often rely on reconnaissance missions to gather information about potential targets and their location in a networked environment to identify vulnerabilities which can be exploited for further attack maneuvers. Advanced network scanning techniques are often used for this purpose and are automatically executed by malware infected hosts. In this paper we formally define network deception to defend reconnaissance and develop RDS (Reconnaissance Deception System), which is based on SDN (Software Defined Networking), to achieve deception by simulating virtual network topologies. Our system thwarts network reconnaissance by delaying the scanning techniques of adversaries and invalidating their collected information, while minimizing the performance impact on benign network traffic. We introduce approaches to defend malicious network discovery and reconnaissance in computer networks, which are required for targeted cyber attacks such as Advanced Persistent Threats (APT). We show, that our system is able to invalidate an attackers information, delay the process of finding vulnerable hosts and identify the source of adversarial reconnaissance within a network, while only causing a minuscule performance overhead of 0.2 milliseconds per packet flow on average.