Insider Attack Detection for Science DMZs Using System Performance Data

Gegan, Ross; Perry, Brian D.; Ghosal, Dipak; Bishop, Matt

doi:10.1109/cns48642.2020.9162260

Cited by 3 publications

(2 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For instance, CPU capacity is valuable to cryptomining malware, which hijacks infected computers to mine crypto-currency for the criminals [19]. In another direction, protecting the data confidentiality and preventing data leakage are important concerns of Science DMZ [20]. Our main focus is on unauthorized use of DTN computing and network resources by attackers who have access to information on these infrastructures and their ML methods from public sources.…”

Section: Related Work: a Brief Accountmentioning

confidence: 99%

Game Strategies for Data Transfer Infrastructures Against ML-Profile Exploits

Rao¹,

Chris²,

He³

2022

Preprint

View full text Add to dashboard Cite

<p>Data transfer infrastructures composed of Data Transfer Nodes (DTN) are critical to supporting distributed computing and storage capabilities for clouds, data repositories, and complexes of supercomputers and instruments. The infrastructure's throughput profile, estimated as a function of the connection round trip time using Machine Learning (ML) methods, is an indicator of its operational state, and has been utilized for monitoring, diagnosis and optimization purposes. We show that the inherent statistical variations and precision of the throughput profiles estimated by ML methods can be exploited for unauthorized use of DTNs' computing and network capacity. We present a game theoretic formulation that captures the cost-benefit trade-offs between an attacker that attempts to hide under the profile's statistical variations and a provider that counters by using additional measurements at an added cost.</p> <p>The Nash equilibrium conditions of this game provide qualitative insights and bounds for the success probabilities of the attacker and provider, based on the generalization equation of the ML-estimate. We present experimental results that illustrate scenarios wherein a significant portion of DTN computing capacity is compromised without being detected by an attacker that exploits the ML estimate properties.</p>

show abstract

Section: Related Work: a Brief Accountmentioning

confidence: 99%

Game Strategies for Data Transfer Infrastructures Against ML-Profile Exploits

Rao¹,

Chris²,

He³

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Several authors have addressed these problems by implementing non-invasive mechanisms for traffic analysis in Science DMZ. Insider attack detection system for Science DMZ is implemented in [16] by measuring the CPU load, disk usage, along with network activity. In [17], efficient traffic monitoring for Science DMZ is studied, avoiding the typical Deep Packet Inspection (DPI) mechanism and considering a lightweight side-channel based abnormality detection supported by a basic rule.…”

Section: Science Dmzmentioning

confidence: 99%

Explicit feedback for congestion control in Science DMZ cyberinfrastructures based on programable data-plane switches.

Figueroa,

Pezoa

View full text Add to dashboard Cite

Diariamente, se genera una gran cantidad de datos científicos en diferentes áreas del conoci-miento. Los desafíos de investigación son cada vez más sofisticados y demandan una mayor cantidad de información para tomar decisiones, y además, las herramientas tecnológicas están cada vez más al alcance de los investigadores. En muchos casos, esta información debe ser recopilada y procesada, y transmitida entre diferentes centros de investigación ubicados a considerable distancia. Se recurre Internet y otras ciber infraestructuras dedicadas para lograr este objetivo. La transferencia de información científica entre sitios remotos implica desafíos en el rendimiento, la seguridad, la coexistencia y la asignación de recursos. Por lo tanto, ESnet propuso el concepto de Science DMZ que proporciona patrones de diseño para un entorno de red optimizado para intercambiar datos científicos. Debido a su naturaleza, los flujos de datos científicos masivos son orientados a la conexión, demandando un alto y constante tasa de transmisión, con baja latencia y variabilidad deseables, para alcanzar tiempos de transmisión razonables. Esto impone desafíos fundamentales al diseño de la red, especialmente en los mecanismos de control de congestión, estimación de los buffers y detección de anomalías, temas objeto de estudio de la presente tesis. Esta disertación aborda dos tecnologías disruptivas para responder a estos desafíos: modelos impulsados por datos y dispositivos programables en el plano de datos. Las soluciones fueron evaluadas empleando redes de producción y testbeds utilizando dispositivos reales de enrutamiento y procesamiento en el plano de datos. Los resultados mostraron que las soluciones desarrolladas podrían mejorar efectivamente el rendimiento de las redes académicas y adaptar efectivamente los patrones de diseño de Science DMZ a redes no dedicadas.

show abstract

Game Strategies for Data Transfer Infrastructures Against ML-Profile Exploits

Rao,

Ma,

2024

Trans. Mach. Learn. Comm. Netw.

View full text Add to dashboard Cite

Insider Attack Detection for Science DMZs Using System Performance Data

Cited by 3 publications

References 18 publications

Game Strategies for Data Transfer Infrastructures Against ML-Profile Exploits

Game Strategies for Data Transfer Infrastructures Against ML-Profile Exploits

Explicit feedback for congestion control in Science DMZ cyberinfrastructures based on programable data-plane switches.

Game Strategies for Data Transfer Infrastructures Against ML-Profile Exploits

Contact Info

Product

Resources

About