40 research outputs found
Know Your Enemy: Stealth Configuration-Information Gathering in SDN
Software Defined Networking (SDN) is a network architecture that aims at
providing high flexibility through the separation of the network logic from the
forwarding functions. The industry has already widely adopted SDN and
researchers thoroughly analyzed its vulnerabilities, proposing solutions to
improve its security. However, we believe important security aspects of SDN are
still left uninvestigated. In this paper, we raise the concern of the
possibility for an attacker to obtain knowledge about an SDN network. In
particular, we introduce a novel attack, named Know Your Enemy (KYE), by means
of which an attacker can gather vital information about the configuration of
the network. This information ranges from the configuration of security tools,
such as attack detection thresholds for network scanning, to general network
policies like QoS and network virtualization. Additionally, we show that an
attacker can perform a KYE attack in a stealthy fashion, i.e., without the risk
of being detected. We underline that the vulnerability exploited by the KYE
attack is proper of SDN and is not present in legacy networks. To address the
KYE attack, we also propose an active defense countermeasure based on network
flows obfuscation, which considerably increases the complexity for a successful
attack. Our solution offers provable security guarantees that can be tailored
to the needs of the specific network under consideratio
LineSwitch: Efficiently Managing Switch Flow in Software-Defined Networking while Effectively Tackling DoS Attacks
Software Defined Networking (SDN) is a new networking architecture which aims
to provide better decoupling between network control (control plane) and data
forwarding functionalities (data plane). This separation introduces several
benefits, such as a directly programmable and (virtually) centralized network
control. However, researchers showed that the required communication channel
between the control and data plane of SDN creates a potential bottleneck in the
system, introducing new vulnerabilities. Indeed, this behavior could be
exploited to mount powerful attacks, such as the control plane saturation
attack, that can severely hinder the performance of the whole network.
In this paper we present LineSwitch, an efficient and effective solution
against control plane saturation attack. LineSwitch combines SYN proxy
techniques and probabilistic blacklisting of network traffic. We implemented
LineSwitch as an extension of OpenFlow, the current reference implementation of
SDN, and evaluate our solution considering different traffic scenarios (with
and without attack). The results of our preliminary experiments confirm that,
compared to the state-of-the-art, LineSwitch reduces the time overhead up to
30%, while ensuring the same level of protection.Comment: In Proceedings of the 10th ACM Symposium on Information, Computer and
Communications Security (ASIACCS 2015). To appea
A Novel Stealthy Attack to Gather SDN Configuration-Information
Software Defined Networking (SDN) is a recent network architecture based on the separation of forwarding functions from network logic, and provides high flexibility in the management of the network. In this paper, we show how an attacker can exploit SDN programmability to obtain detailed knowledge about the network behaviour. In particular, we introduce a novel attack, named Know Your Enemy (KYE), which allows an attacker to gather vital information about the configuration of the network. Through the KYE attack, an attacker can obtain information ranging from the configuration of security tools, such as attack detection thresholds for network scanning, to general network policies like QoS and network virtualization. Additionally, we show that the KYE attack can be performed in a stealthy fashion, allowing an attacker to learn configuration secrets without being detected. We underline that the vulnerability exploited by the KYE attack is proper of SDN and is not present in legacy networks. Finally, we address the KYE attack by proposing an active defense countermeasure based on network flows obfuscation, which considerably increases the complexity for a successful attack. Our solution offers provable security guarantees that can be tailored to the needs of the specific network under consideration
Minerva: A File-Based Ransomware Detector
Ransomware is a rapidly evolving type of malware designed to encrypt user
files on a device, making them inaccessible in order to exact a ransom.
Ransomware attacks resulted in billions of dollars in damages in recent years
and are expected to cause hundreds of billions more in the next decade. With
current state-of-the-art process-based detectors being heavily susceptible to
evasion attacks, no comprehensive solution to this problem is available today.
This paper presents Minerva, a new approach to ransomware detection. Unlike
current methods focused on identifying ransomware based on process-level
behavioral modeling, Minerva detects ransomware by building behavioral profiles
of files based on all the operations they receive in a time window. Minerva
addresses some of the critical challenges associated with process-based
approaches, specifically their vulnerability to complex evasion attacks. Our
evaluation of Minerva demonstrates its effectiveness in detecting ransomware
attacks, including those that are able to bypass existing defenses. Our results
show that Minerva identifies ransomware activity with an average accuracy of
99.45% and an average recall of 99.66%, with 99.97% of ransomware detected
within 1 second.Comment: 19 pages, 3 figure
Iron in X-COP: tracing enrichment in cluster outskirts with high accuracy abundance profiles
We present the first metal abundance profiles for a representative sample of
massive clusters. Our measures extend to and are corrected for a
systematic error plaguing previous outskirt estimates. Our profiles flatten out
at large radii, admittedly not a new result, however the radial range and
representative nature of our sample extends its import well beyond previous
findings. We find no evidence of segregation between cool-core and
non-cool-core systems beyond , implying that, as was found
for thermodynamic properties (Ghirardini et al, 2019), the physical state of
the core does not affect global cluster properties. Our mean abundance within
shows a very modest scatter, 15%, suggesting the enrichment
process must be quite similar in all these massive systems. This is a new
finding and has significant implications on feedback processes. Together with
results from thermodynamic properties presented in a previous X-COP paper, it
affords a coherent picture where feedback effects do not vary significantly
from one system to another. By combing ICM with stellar measurements we have
found the amount of Fe diffused in the ICM to be about ten times higher than
that locked in stars. Although our estimates suggest, with some strength, that
the measured iron mass in clusters is well in excess of the predicted one,
systematic errors prevent us from making a definitive statement. Further
advancements will only be possible when systematic uncertainties, principally
those associated to stellar masses, both within and beyond , can be
reduced.Comment: 23 pages, 23 figures; submitted to A&
CHEX-MATE: CLUster Multi-Probes in Three Dimensions (CLUMP-3D), I. Gas Analysis Method using X-ray and Sunyaev-Zel'dovich Effect Data
Galaxy clusters are the products of structure formation through myriad
physical processes that affect their growth and evolution throughout cosmic
history. As a result, the matter distribution within galaxy clusters, or their
shape, is influenced by cosmology and astrophysical processes, in particular
the accretion of new material due to gravity. We introduce an analysis method
to investigate the 3D triaxial shapes of galaxy clusters from the Cluster
HEritage project with XMM-Newton -- Mass Assembly and Thermodynamics at the
Endpoint of structure formation (CHEX-MATE). In this work, the first paper of a
CHEX-MATE triaxial analysis series, we focus on utilizing X-ray data from XMM
and Sunyaev-Zel'dovich (SZ) effect maps from Planck and ACT to obtain a three
dimensional triaxial description of the intracluster medium (ICM) gas. We
present the forward modeling formalism of our technique, which projects a
triaxial ellipsoidal model for the gas density and pressure to compare directly
with the observed two dimensional distributions in X-rays and the SZ effect. A
Markov chain Monte Carlo is used to estimate the posterior distributions of the
model parameters. Using mock X-ray and SZ observations of a smooth model, we
demonstrate that the method can reliably recover the true parameter values. In
addition, we apply the analysis to reconstruct the gas shape from the observed
data of one CHEX-MATE galaxy cluster, Abell 1689, to illustrate the technique.
The inferred parameters are in agreement with previous analyses for that
cluster, and our results indicate that the geometrical properties, including
the axial ratios of the ICM distribution, are constrained to within a few
percent. With much better precision than previous studies, we thus further
establish that Abell 1689 is significantly elongated along the line of sight,
resulting in its exceptional gravitational lensing properties.Comment: submitted to A&A, comments welcom
LineSwitch: Tackling Control Plane Saturation Attacks in Software-Defined Networking.
none4sinoneAmbrosin, Moreno; Conti, Mauro; Gaspari, Fabio De; Poovendran, RadhaAmbrosin, Moreno; Conti, Mauro; Gaspari, Fabio De; Poovendran, Radh
Amplified Distributed Denial of Service Attack in Software Defined Networking
none4sinoneAmbrosin, Moreno; Conti, Mauro; Gaspari, Fabio De; Devarajan, NishanthAmbrosin, Moreno; Conti, Mauro; Gaspari, Fabio De; Devarajan, Nishant