Global Network Defense Strategy

Ing. SEBASTIÁN GARCÍA phd. - ing. Karel Durkota

FEL, ČVUT

defense problems

• Current defense strategies are good but not good enough (MAlware costed $491 billion in 2014).

• Mostly use reputation for defending.

• Most protections are human-assisted.

• No deception. Low attack costs create confident attackers.

• Most organizations lack visibility, knowledge and alerts.

goal

To improve the defense strategy of each organization by gathering information from all organizations and COORDINATING a global protection.

Proposed approach

• the Defense strategies will be computed using game theory and machine learning.

  • Our MACHINE learning algorithms will provide the detection, verification and centralization of data.

  • Our game theory algorithms will compute a better defense strategy based on the actions of the attackers.

Proposed approach

• centralize network flow metadata.

• detect malicious traffic with our current machine learning models.

• apply game theory to obtain the a better strategy.

  • selective blocking of ips and ports.

  • attacker resources consumed by redirecting to Honeypots (deception).

    • Randomized strategies.

    • Fake data.

    • Increased attack duration.

cz.nic: first inspirational client

• Group of Organizations in charge of .cz domain.

• Project Turris:

  • +2,000 routers distributed in Czech Republic.

  • Includes honeypots and firewall control.

  • Open mind about sharing traffic statistics.

• Already officially collaborating with our project.

milestones

• Continue the research supporting this project.

• Implement the service on the cloud.

• Run a pilot prototype with CZ.NIC.

• sell the service to other organizations.