A New Paradigm For Network Security Through Experiences From - - PowerPoint PPT Presentation

Mohit Lad, Outrageous 06

Mohit Lad, UCLA

(ANPFNSTEFR) A New Paradigm For Network Security Through Experiences From Reality

Mohit Lad, Outrageous 06

Structure of the talk

• Background and motivation
• Gibberish
• More Gibberish
• A slide with the text “Questions?”

written in big font.

Mohit Lad, Outrageous 06

Background

Alice, Do you want to have dinner? F

• r

g e t a b

• u

t A l i c e , h

• w

a b

• u

t b e e r ? S u r e t h i n g p a l !

Alice Bob Frank

1 2 3

Mohit Lad, Outrageous 06

Motivation

• Defense through defense
• Defense through offense new
• ANPFNSTEFR newer

Mohit Lad, Outrageous 06

What is ANPFNSTEFR?

• Security through passive non-violent non-

cooperation

– Influenced by seminal work by Gandhi in early part of 1900s.

• If the attacker attacks one machine, then

give him another machine to attack.

• Tell an attacker “I am protesting against your

attack, but through peaceful and non-violent means”

Mohit Lad, Outrageous 06

Why it works better

Guilt

Attacker Good guy Attack

I know you are attacking machine A, here are the details of machine B What the !@#!@#$ ? Oh, You have opened my eyes, I want to travel to the peak of Himalayas and meditate for the rest

• f my life

Mohit Lad, Outrageous 06

Why it works better

Fear

Attacker Good guy Attack

I know you are attacking machine A, here are the details of machine B What the !@#!@#$ ? Seems like a trap, he must be a genius. Instead I am going to attack somebody willing to use offense

Mohit Lad, Outrageous 06

Why it works better

Lack of challenge

Attacker Good guy Attack

I know you are attacking machine A, here are the details of machine B My fellow hackers will look down on me. Instead I am going to attack somebody willing to use offense

Mohit Lad, Outrageous 06

Evaluation Setup

• Our hypothesis “Attackers are

consciously unaware of their wrong doings”.

– Our goal: Make them realize they are doing wrong and see how they change

• Pick 4 professors from our department
• Tell them to run scripts that attack our

machines without their knowledge.

Mohit Lad, Outrageous 06

Evaluation

• Tell them “You just attacked our

machines, and we are protesting in a non-violent manner”

• Give them a one page questionnaire

asking “Do you feel guilty?”

• 75 % cases, answer was “yes”
• 25 % cases, student lost funding and

had to go back to his country

Mohit Lad, Outrageous 06

Evaluation Setup II

• Our hypothesis “Defenders prefer non-

violence rather than offense”.

• Pick 4 professors from our department
• Attack their machines without their

knowledge.

Mohit Lad, Outrageous 06

Evaluation II

• Tell them “We just attacked your

machines”

• Give them a one page questionnaire

asking “Would you use offense to respond?”

• 25 % cases, answer was “no”
• 75 % cases, student lost funding and

had to go back to his country

Mohit Lad, Outrageous 06

Mathematical Evaluation Why it works?

Mohit Lad, Outrageous 06

Conclusion

• Breakthrough philosophy in security
• Comprehensive evaluation

– 75% feel guilty after attacking – 25% want to use offense as defenders

• Thus, our approach 3 times (or 300%) better

than using offense

• Using our approach will reduce

– 75% of attackers in the Internet – 25% of students in grad schools

Mohit Lad, Outrageous 06

Future Work

• The role of CURRY in network

diagnosis

• Spamming the Spammer to Shut the

Spam using Offense (SSSSO)

Mohit Lad, Outrageous 06

Questions?