Publications

Refine Results

(Filters Applied) Clear All

Optimizing media access strategy for competing cognitive radio networks

Published in:
GLOBECOM 2013: 2013 IEEE Global Communications Conf., 9-13 December 2013.

Summary

This paper describes an adaptation of cognitive radio technology for tactical wireless networking. We introduce Competing Cognitive Radio Network (CCRN) featuring both communicator and jamming cognitive radio nodes that strategize in taking actions on an open spectrum under the presence of adversarial threats. We present the problem in the Multi-armed Bandit (MAB) framework and develop the optimal media access strategy consisting of mixed communicator and jammer actions in a Bayesian setting for Thompson sampling based on extreme value theory. Empirical results are promising that the proposed strategy seems to outperform Lai & Robbins and UCB, some of the most important MAB algorithms known to date.
READ LESS

Summary

This paper describes an adaptation of cognitive radio technology for tactical wireless networking. We introduce Competing Cognitive Radio Network (CCRN) featuring both communicator and jamming cognitive radio nodes that strategize in taking actions on an open spectrum under the presence of adversarial threats. We present the problem in the Multi-armed...

READ MORE

PANEMOTO: network visualization of security situational awareness through passive analysis

Summary

To maintain effective security situational awareness, administrators require tools that present up-to-date information on the state of the network in the form of 'at-a-glance' displays, and that enable rapid assessment and investigation of relevant security concerns through drill-down analysis capability. In this paper, we present a passive network monitoring tool we have developed to address these important requirements, known a Panemoto (PAssive NEtwork MOnitoring TOol). We show how Panemoto enumerates, describes, and characterizes all network components, including devices and connected networks, and delivers an accurate representation of the function of devices and logical connectivity of networks. We provide examples of Panemoto's output in which the network information is presented in two distinct but related formats: as a clickable network diagram (through the use of NetViz), a commercially available graphical display environment) and as statically-linked HTML pages, viewable in any standard web browser. Together, these presentation techniques enable a more complete understanding of the security situation of the network than each does individually.
READ LESS

Summary

To maintain effective security situational awareness, administrators require tools that present up-to-date information on the state of the network in the form of 'at-a-glance' displays, and that enable rapid assessment and investigation of relevant security concerns through drill-down analysis capability. In this paper, we present a passive network monitoring tool...

READ MORE

Practical attack graph generation for network defense

Published in:
Proc. of the 22nd Annual Computer Security Applications Conf., IEEE, 11-15 December 2006, pp.121-130.

Summary

Attack graphs are a valuable tool to network defenders, illustrating paths an attacker can use to gain access to a targeted network. Defenders can then focus their efforts on patching the vulnerabilities and configuration errors that allow the attackers the greatest amount of access. We have created a new type of attack graph, the multiple-prerequisite graph, that scales nearly linearly as the size of a typical network increases. We have built a prototype system using this graph type. The prototype uses readily available source data to automatically compute network reachability, classify vulnerabilities, build the graph, and recommend actions to improve network security. We have tested the prototype on an operational network with over 250 hosts, where it helped to discover a previously unknown configuration error. It has processed complex simulated networks with over 50,000 hosts in under four minutes.
READ LESS

Summary

Attack graphs are a valuable tool to network defenders, illustrating paths an attacker can use to gain access to a targeted network. Defenders can then focus their efforts on patching the vulnerabilities and configuration errors that allow the attackers the greatest amount of access. We have created a new type...

READ MORE

Validating and restoring defense in depth using attack graphs

Summary

Defense in depth is a common strategy that uses layers of firewalls to protect Supervisory Control and Data Acquisition (SCADA) subnets and other critical resources on enterprise networks. A tool named NetSPA is presented that analyzes firewall rules and vulnerabilities to construct attack graphs. These show how inside and outside attackers can progress by successively compromising exposed vulnerable hosts with the goal of reaching critical internal targets. NetSPA generates attack graphs and automatically analyzes them to produce a small set of prioritized recommendations to restore defense in depth. Field trials on networks with up to 3,400 hosts demonstrate that firewalls often do not provide defense in depth due to misconfigurations and critical unpatched vulnerabilities on hosts. In all cases, a small number of recommendations was provided to restore defense in depth. Simulations on networks with up to 50,000 hosts demonstrate that this approach scales well to enterprise-size networks.
READ LESS

Summary

Defense in depth is a common strategy that uses layers of firewalls to protect Supervisory Control and Data Acquisition (SCADA) subnets and other critical resources on enterprise networks. A tool named NetSPA is presented that analyzes firewall rules and vulnerabilities to construct attack graphs. These show how inside and outside...

READ MORE

System adaptation as a trust response in tactical ad hoc networks

Published in:
IEEE MILCOM 2003, 13-16 October 2003, pp. 209-214.

Summary

While mobile ad hoc networks offer significant improvements for tactical communications, these networks are vulnerable to node capture and other forms of cyberattack. In this paper we evaluated via simulation of the impact of a passive attacker, a denial of service (DoS) attack, and a data swallowing attack. We compared two different adaptive network responses to these attacks against a baseline of no response for 10 and 20 node networks. Each response reflects a level of trust assigned to the captured node. Our simulation used a responsive variant of the ad hoc on-demand distance vector (AODV) routing algorithm and focused on the response performance. We assumed that the attacks had been detected and reported. We compared performance tradeoffs of attack, response, and network size by focusing on metrics such as "goodput", i.e., percentage of messages that reach the intended destination untainted by the captured node. We showed, for example, that under general conditions a DoS attack response should minimize attacker impact while a response to a data swallowing attack should minimize risk to the system and trust of the compromised node with most of the response benefit. We show that the best network response depends on the mission goals, network configuration, density, network performance, attacker skill, and degree of compromise.
READ LESS

Summary

While mobile ad hoc networks offer significant improvements for tactical communications, these networks are vulnerable to node capture and other forms of cyberattack. In this paper we evaluated via simulation of the impact of a passive attacker, a denial of service (DoS) attack, and a data swallowing attack. We compared...

READ MORE

Generation of the DABS network coverage map

Author:
Published in:
MIT Lincoln Laboratory Report ATC-98

Summary

This paper describes the technique of designing the network management coverage map files necessary to coordinate a network of DABS sensors. First, the concept of the DABS network is defined, and the functions of Network Management are briefly described, as they relate to the coverage map. Then, the rationale for the coverage map is given together with definitions of the map structure and the information required in the file. Implementation of these definitions is illustrated in terms of a specific example: a network of four DABS sensors in the Washington, D.C. area. As configured, each of the sensors provides service to only one of four ATC facilities (three TRACONs and one ARTCC). The resulting map generation process illustrates not only the general principles but also the significant effects of ATC control area geometry and ATARs requirements. Finally, the procedure required for automated map generation is defined. This procedure assumes the use of an interactive computer display terminal and is applicable to any sensor network and ATC facility configuration.
READ LESS

Summary

This paper describes the technique of designing the network management coverage map files necessary to coordinate a network of DABS sensors. First, the concept of the DABS network is defined, and the functions of Network Management are briefly described, as they relate to the coverage map. Then, the rationale for...

READ MORE

Concept and plan for the development of a weather support subsystem for Air Traffic Control

Published in:
MIT Lincoln Laboratory Report ATC-64

Summary

This report summarizes the results of a study to: (1) investigate the primary needs of air traffic controllers, flow controllers, and central flow controllers for weather information, (2) define a cost effective system concept to meet these needs, and (3) lay out a plan for the development of the proposed weather subsystem to support Air Traffic Control. The recommended system will provide rapid geration and dissemination of reliable use oriented observations and very short range severe weather forecasts (up to 30 min.) to facilitate controller planning. This new capability will: 1) reduce weather induced controller work load peaks, 2) permit controllers to coordinate and preplan aircraft rerouting for weather avoidance, 3) achieve an improved balance between the inefficiency of overreaction and the essentials of safety, 4) facilitate controller response to pilot requests for weather data on a work load permitting basis, and 5) enable the issuance of accurate weather advisories. The system will also provide rapid generation and dissemination of reliable short range forecasts (up to 4 hours) to permit early introduction of necessary flow control procedures. This new capability will: 1) decrease problems for controllers, 2) increase acceptance of flow control, and 3) increase traffic flow efficiency without decreasing safety.
READ LESS

Summary

This report summarizes the results of a study to: (1) investigate the primary needs of air traffic controllers, flow controllers, and central flow controllers for weather information, (2) define a cost effective system concept to meet these needs, and (3) lay out a plan for the development of the proposed...

READ MORE

Design validation of the network management function

Published in:
MIT Lincoln Laboratory Report ATC-54

Summary

This document presents the results of a major design validation effort of the Network Management function described in the DABS Engineering Requirements document. The design validation is based on simulation of a DABS network of three sensors interacting with airborne traffic of approximately 800 aircraft
READ LESS

Summary

This document presents the results of a major design validation effort of the Network Management function described in the DABS Engineering Requirements document. The design validation is based on simulation of a DABS network of three sensors interacting with airborne traffic of approximately 800 aircraft

READ MORE

Network management

Published in:
MIT Lincoln Laboratory Report ATC-45

Summary

This report provides a discussion of the design of the DABS network management function. Network management is responsible for the interaction between the local sensor and the adjacent connected sensors. Based on a dynamic interpretation of the coverage map and the status of the network, network management determines (a) the coverage responsibility of the local sensor, (b) which other sensors are covering the same area, and (c) which of the sensors has principal data link responsibility. Interaction is effected through message exchange over ground communication links connecting the DABS sensors.
READ LESS

Summary

This report provides a discussion of the design of the DABS network management function. Network management is responsible for the interaction between the local sensor and the adjacent connected sensors. Based on a dynamic interpretation of the coverage map and the status of the network, network management determines (a) the...

READ MORE