Transcript Enabling Proactive Prediction, Avoidance, and

“Enabling Proactive Prediction, Avoidance, and
Diagnosis by Providing Situational Awareness
to Human Operators”
{a work in progress}
Bill Yurcik
National Center for Supercomputing Applications (NCSA)
University of Illinois at Urbana-Champaign
IBM Academy Conference on Proactive Problem Prediction, Avoidance, and Diagnosis
April 28, 2003
University of Illinois at Urbana-Champaign
1
National Computational Science
The Problem
• Current state of networked software systems
– asymmetries of software bugs and security attacks
– metrics show bad -> worse
– increasing complexity of software systems
– expectation of vigilant patching for vulnerabilities
– point-and-click attack software requires little skill
– surveys show insider security attacks greatest threat despite denial
– critical infrastructures all depend on underlying automation
• Situational Awareness is Abysmal
– “Is there a problem?” -> “Where is the problem?” -> “What is the problem?”
University of Illinois at Urbana-Champaign
2
National Computational Science
Alternate Solutions
1)
2)
3)
4)
Acquiescence (learning to live with it)
Prevention (zero defect software engineering)
Detection (early and continuous)
Survivability (transparent recovery)
a) human-in-the-loop decision-making for recovery
b) autonomic computing (no human-in-the-loop)
5)
6)
•
•
Disaster Recovery and Backup
Deterrence (liability, retribution)
….
Prediction?
… either The Holy Grail or “Minority Report”
University of Illinois at Urbana-Champaign
3
National Computational Science
Our Solution: SIFT
Motivation: “Know Thy fill in the blank ”
• SIFT = Security Incident Fusion Tools
• NCSA Proposal – Increase Low-Level Situational
Awareness to Human Operators (Anti-Autonomic
Computing)
– “Is there a problem?” -> “Where is the problem?” -> “What is the problem?”
– leverage human cognitive abilities especially visual processing
– continuous awareness of the security state of an entire network
– Class B address space = 65K machines with 130K+ ports on each
machine
University of Illinois at Urbana-Champaign
4
National Computational Science
Prediction / Avoidance / Diagnosis
Examples:
– time-sequence of network-based attacks
– software decay
How?
– Visualization
– Profiling
– Data Mining for Discovery
University of Illinois at Urbana-Champaign
5
National Computational Science
Current Network Monitoring
University of Illinois at Urbana-Champaign
6
National Computational Science
Discovery Across Network Logs
University of Illinois at Urbana-Champaign
7
National Computational Science
Attributes Across Logs
University of Illinois at Urbana-Champaign
8
National Computational Science
The Data Management Problem
University of Illinois at Urbana-Champaign
9
National Computational Science
Four (4) Parallel Data Management Efforts
University of Illinois at Urbana-Champaign
10
National Computational Science
SIFT Preliminary Results
University of Illinois at Urbana-Champaign
11
National Computational Science
SIFT Preliminary Results:
Security Monitoring Prototype
LEGEND
MAGNIFIER
WIDGET
OPTIONS
FOR
172
DIFFERENT
VIEWS
University of Illinois at Urbana-Champaign
DRILLDOWN
VIEWS
NVisionIP
12
National Computational Science
Prototype Drill-Down Security Views
University of Illinois at Urbana-Champaign
13
National Computational Science
Insights Thus Far …
•
•
•
•
•
•
•
•
Humans are good at processing visual patterns (known)
No expert knowledge required!
Abstraction – finding the appropriate level of observation
“What If” Question Bonanza
Visual Debugging (problem-solving)
The Millisecond Fantasy
Holistic Macro/Micro Views vs Divide-and-Conquer
Though we think in pictures, we are no good at describing
pictures (save functions)
• Capturing the time dimension of high-dimension data via
animation is incredibly engaging to humans
• Success depends on effective HCI
– Looking at new ways to augment operators in complex
environments… (anti-autonomic)
University of Illinois at Urbana-Champaign
14
National Computational Science
Demo – NVisionIP:lite
Cut to Demo and Pray it Works!
University of Illinois at Urbana-Champaign
15
National Computational Science