Secure Grid Computing - GridSec Project - University of Southern ...

NPC-2004 Oct. 18, 2004 

ROC Curves for 4 Attack Classes 

on The Simulated JAIDS 

ROC Performance of Three 

Intrusion Detection Systems 

Intrusion Detection Rate (%) 

80 

70 

60 

50 

40 

30 

20 

10 

0 

0 2 4 6 8 10 12 

False Alarm Rate (%) 

DoS 

Pr obe 

R2L 

U2R 

Intrusion Detection Rate 

(%) 

80 

70 

60 

50 

40 

30 

20 

10 

0 

0 2 4 6 8 10 12 

False Alarm Rate (%) 

JAIDS 

Snor t 

ADS 

October 18, 2004, Kai Hwang http://GridSec.usc.edu 

31 


32 

Final Remarks: 

• The security-driven Min-Min and Sufferage heuristics and the 

new space-time genetic algorithm (STGA) are fast and easy to 

implement in a risky open Grid environment to yield 

satisfactory performance with low overhead. 

• The new Internet episode detection scheme (JAIDS) can cope 

with both known and unknown network attacks. This will 

secure many Grid/P2P operations in using common Internet 

services: telnet, http, ftp, smtp, Email, authentication, etc. 

• The NetShield self-defense IDS/IRD system is still under 

development at USC. For ultra security-sensitive Grid services, 

we recommend the use of dedicated VPN tunnels to secure Grid 

communications and safeguard P2P download operations. 

Hot Research Thrust Areas: 

• Perfection of the trust models for protecting virtual 

organizations with scalable Grid applications without worry 

about infections or becoming victims by participating in 

collective operations – In particular, the fuzzy- and gametheoretical 

approaches are promising. 

• Large-scale benchmark experiments on open Grids are 

desired to work out some semi-optimal solutions to real-life 

scientific and business Grid applications 

• Internet datamining for security control and for the guarantee 

of the Quality-of-Service in real-life Grid applications – 

Interoperability between wired and wireless Grids is also a 

very hot issue. 


33 


34 

Recent Papers or Reports : 

1. K. Hwang, S. Song, and J. Lv, “ GridSec: Grid Security Enforcement with 

Trust Integration over Minimal VPN Tunnels”, USC Technical Report 2004 –13, 

IEEE Computer Magazine, submitted July 2004. 

2. S. Song, K. Hwang, and M. Macwan, “Fuzzy Trust Integration for Security 

Enforcement in Grid Computing”, Proc. of NPC 2004, Wuhan, China, 

October 18, 2004 

3. M. Qin and K. Hwang, “Frequent Episode Rules for Internet Traffic Analysis 

and Anomaly Detection”, IEEE Network Computing and Application Symp. 

(NCA-2004), Cambridge, MA. August 31, 2004 

4. K. Hwang, H. Liu, Y. Chen, and M.Qin,“ Protecting Network-Centric Systems 

with Joint Anomaly/Intrusion Detection over Internet Episodes”, USC 

Technical Report 2004 –17, submitted to IPDPS 2005, Oct.8, 2004 

Questions or Taking the Coffee Break 

5. S. Song, R. Kwok, and K. Hwang, “ Trusted Job Scheduling in Open 

Computational Grids: Security-Driven Heuristics and A Fast Genetic 

Algorithm”, USC Technical Report 2004 –18, submitted to IPDPS 2005, Oct.8, 

2004 


35 


36 

Keynote Presentation at the IFIP International Conference on Network and Parallel Computing, 

(NPC 2004), Wuhan, China, Oct. 18, 2004 6

Previous page

Next page

1

2

3

4

5

6

Secure Grid Computing - GridSec Project - University of Southern ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?