Detection and Isolation of Anomalies for DETER Emulation of Abilene

The use of Internet has become the way of living for man today. However, with the use of internet requires safety and privacy. This is the reason why TRUST1 is pushing and working towards the quest of safety, privacy and cyber security of people using the internet for their day to day living. In this paper, the primary research goal is to study the interaction and strategies for attack and defense of control systems and (learning) detection systems in the emulated environment provided by the DETER Lab[9]2 cluster. This paper will be able explain for the reader to understand how to construct an emulation of a real Internet backbone and the control system behavior communicating over the Internet2 Abilene Network Topology built in DETER testbed using SEER3[8] . DETER[9] is a testbed used to conduct, run, and test experiments that sometimes involve malicious codes. DETER’s SEER is the Security Experimentation EnviRonment which has set of tools and agents for helping an experiment setup, script and performs experiments such as Denial of Service attack (DoS) or Distributed Denial of Service attack (DDoS) in the DETER[9] testbed environment. Moreover, SEER includes agents for traffic generation, attack generation, traffic collection and analysis. In this paper, there will be an algorithm script that detects and differentiates anomalies on the external and internal nodes. The network that is made will be used to emulate backbone network traffic and implement attacks throughout the rest of this project.

[1]  Dongho Kim,et al.  Experience with DETER: a testbed for security research , 2006, 2nd International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, 2006. TRIDENTCOM 2006..

[2]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[3]  M. Shyu,et al.  A Novel Anomaly Detection Scheme Based on Principal Component Classifier , 2003 .

[4]  Calvin Ko,et al.  SEER: A Security Experimentation EnviRonment for DETER , 2007, DETER.

[5]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[6]  Mark Crovella,et al.  Diagnosing network-wide traffic anomalies , 2004, SIGCOMM '04.

[7]  Farouk Kamoun,et al.  Traffic Anomaly Detection and Characterization in the Tunisian National University Network , 2006, Networking.

[8]  Harold S. Javitz,et al.  The SRI IDES statistical anomaly detector , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  Ling Huang,et al.  D-trigger: a general framework for efficient online detection , 2007 .