Confidence

Alexei Kachalin

Temat:Efficiency estimation of network security systems of global networks

Bio:
Graduated from Moscow State University in 2004, M.Sc in Computer Science and Calculation Math, Ph.D-in-waiting. Areas of expertise:

  • Simulation and modeling for antivirus systems design and performance analysis
  • Data mining solutions in attack and virus detection
  • Network malware outbreaks simulation
At the present time - employed at Computer Systems Laboratory at CMC faculty MSU as research and development projects manager, provides scientific advisory for students at Network Security scientific seminar.

Abstrakt:
Information Security systems affect network traffic generated both by malware and legitimate software. Virus outbreaks may overload security services as well as network infrastructure. To analyze efficiency of IS systems in global networks simulation is often used, but straight-forward approach (packet-level simulation), while being precise, does not fit for global networks due to high memory demands and computational complexity. To reduce computational complexity hybrid simulation approach could be used.

Global network model could be split into segments: observable network, for which information on autonomous systems and topology is available and external network, where only approximate number of hosts and ASes is known. The goal is to simulate malicious and malware activity originated from both segments and discover its impact on the observable network taking into account IS systems deployed on observable network.

To describe security threats we introduce 2 models: Network worm spreading and Botnets activiy - Distributed Denial of Service Attack. Crucial aspect of this threats is large number of hosts involved into attack and external network impact, which makes it hard and costly to simulate correctly at the packet level, so the flow-based approaches for traffic simulation are introduced.

To counter malware - Information Security systems model is described. IS systems are considered to be deployed at either host (i.e. host antivirus) or network (i.e. IDS) levels and could affect traffic, introducing delays and packet drop, depending on its productivity and traffic loads.

Simulation should provide an estimation of QoS reduce, caused by either malware or IS-systems activity and malware population dynamics.

Global Network Hybrid Simulation (GloNeHyS project) is an effort to implement described principles in simulation framework for country-wide networks is run at Calc.Systems Lab at MSU.