Network Intrusion Forensics System based on Collection and Preservation of Attack Evidence
|
|
- Paula Alexander
- 6 years ago
- Views:
Transcription
1 , pp Network Intrusion Forensics System based on Collection and Preservation of Attack Evidence Jong-Hyun Kim, Yangseo Choi, Joo-Young Lee, Sunoh Choi, and Ik-kyun Kim Electronics and Telecommunications Research Institute (ETRI), Daejeon, Korea {jhk, yschoi92, joolee, suno, Abstract. Usually, the network forensics and intrusion analysis are executed after the attacks are completed and some useful evidence data are lost. Since there is no evidence data enough to investigating a cause of the attack after the cyber-attack occurs, it is always difficult to analyze the cause of an attack even after an attack event is found. Moreover, since cyber-attacks such as advanced persistent threats (APT) against Internet are getting more intelligent, it is difficult to find the cause of attacks with conventional forensics equipment. In this paper, we introduce a network intrusion forensics system based on the collection and preservation of the evidence of an attack. It is used to quickly analyze a cause of an attack event after the attack occurs, and provide a function of collecting the evidence data and ensuring data integrity of them stored in the virtual volume-based storage. The paper also describes the experimental results of the network throughput performance by evaluating our proposed system in a real Local Area Network environment. Keywords: Cyber Attacks, Network Forensics, Attack Cause Analysis. 1 Introduction Currently, computer networks are vulnerable to cyber-attacks from both inside and outside of an organization. Furthermore, the threats of the cyber-attacks such as cyber personal information disclosure, bank fraud, DDoS attacks and APT attack are occurring continuously. Therefore, the conventional information security systems such as IDS (Intrusion Detection System) and IPS (Intrusion Prevention System) may not be sufficient to defend against those attacks. Current cyber incident response is always done after the attacks are completed and some useful evidence data are lost. It cannot give an enough information for the forensics analysis when the attacks are recognized. In addition, since there is no security log information for analyzing an attack after the cyber incident occurs, it is difficult to investigate the cause of an attack. To solve these security issues, we need to find new approaches to enhance the network forensics which collects, stores, and analyzes network traffic for investigating the cause of an attack. ISSN: ASTL Copyright 2016 SERSC
2 Many useful network forensics tools and network traffic collecting tools are introduced in [1]. The essential functions of network forensics tools is to collect entire network traffic, store the evidential information of attacks, and analyze them for finding the cause of an attack [2]. The network traffic collecting tools often use a promiscuous interface to collect network packets, extract the content of the packets, and preserve statistical data into the storages [3, 4]. In this paper, we propose a network traffic collecting and analyzing system based on the collection and preservation of the evidence of cyber attacks. The paper is organized as follows: section 2 describes the system architecture and technical functions. Section 3 explains the experimental results and section 4 gives the conclusion. 2 System Architecture and Technical Functions 2.1 System Architecture The main goals of our proposed system is to quickly analyze a cause of an attack after the attack occurs, and provide the evidential information of the attack. Also, our system collects the network traffic including entire network packets, network flow, transmitted files and so on. Fig. 1. (a) Architecture of the proposed system, (b) System Specifications Fig.1 shows the architecture and the system specification of the proposed system, called cyber black box. There are two physical systems in the architecture. We describe the detail functionality of each module (block) on the proposed system in following section. Copyright 2016 SERSC 355
3 2.2 Traffic & Flow Information Gathering From the Fig.1, TFGB (Traffic & Flow information Gathering Block) is able to accommodate 10Gbps network traffic via a network interface card (NIC), store collected packets, extract the traffic information of the network flow and generate the session data. A method of extracting the flow data can analyze all packet data extracted by the packet extraction unit. It may collect packet data having the same feature in units of a certain time, and may bundle the packet data in a specific file having the PCAP format to extract one piece of flow data (or a flow packet). The extracted flow data may be temporarily stored in the virtual volume based storage. By connecting a plurality of the hard disk, our proposed system stores a total of 10Gbps traffic data without loss of traffic. The hash value generating unit may apply a hash function to each of the entire packet data and the flow data to generate a hash value (SHA-256), for ensuring data integrity of each of the entire packet data and the flow data which are stored in the virtual volume based storage. 2.3 Transmitted File Reconstruction TFRB (Transmitted File Reconstruction Block) performs the function of reconstructing the transmitted file which is extracted from the stored data collected by TFGB, and performs a function for storing additional metadata that is collected from one file reconfiguration. For example, the PE file extraction unit may select packets having PE file information (or a PE format) in the entire packet data. The extracted PE file is also temporarily stored in the virtual volume based storage. TFRB provides the ability to analyze the network service protocols such as HTTP, SMTP, FTP, POP3, and so on. It also determines which protocol a file is sent by and calculates the hash value (SHA-256) for the file, and stores the metadata information that is collected between the extracted files in the directory specified in the csv file format. 2.4 Virtual Volume based Storage Management VSMB (Virtual volume based Storage Management Block) stores the entire packet data, the flow data, and the transmitted files which are encoded by the encoding unit. It receives the hash value that generated by the hash value generation unit, for each of the entire packet data, the flow data, and the transmitted files. And then it stores the received hash value as evidence data. Moreover, VSMB supports a write once read many (WROM) function to ensure integrity of the stored data in the virtual volume based storage. It can be understood that the storage unit supporting the WORM function is a storage medium in which data is written once and from which the data is read at many times like CD-ROMs. Therefore, the storage unit may preserve the entire packet data, the flow data, and the transmitted files for a long time. It provides the capability to create or destroy the virtual volumes of the storage systems for the data protection as well as the file storage management. 356 Copyright 2016 SERSC
4 2.5 Intrusion Analysis & Scenario generation IASB (Intrusion Analysis & Scenario generation Block) provides the user interface to perform a function of analyzing the cause of the cyber-attack with the preserved data and management data. That is, it provides an analysis result to a user through a GUI. It also reconstructs the cyber-attack scenario based on the extracted information and reproduces a corresponding cyber-attack according to the reconstructed attack scenario. The result of the cause analysis can be supplied to an external system through the external cooperation protocol. That is, the external cooperation system sets a security grade in an external system and gives an appropriate authority to the external system according to the set of security grade. The external system may be a security-related system provided in a security company, a public institution, a portal company, a general company, and so on. 3 Experimental Results In this section, we present the experimental results of our proposed system. We designed and implemented each functional module of the proposed system using the C programming language on the CentOS Linux 7.1 platform. For all the experiments we used a single machine with 128GB DDR3 RAM, 12-Core 2.6 Ghz CPU (Intel Xeon E5-2690v3), 4TB SSD, 96TB SATA 128 MB Buffer 7200 rpm disk with a RAID CONTROLLER(LSI 9280_2414E). For experiments, we used the network traffic and flow data collected over a 24- hour period of one weekday at our testbed environment. In details, we deployed our proposed system in data collecting points such as the front of working offices and an experimental Lab. We also conducted the traffic throughput test with an Agilent N2X tool. It is verified that our proposed system could collect the attack event data and related flow records without the loss of network packets in a total of 20Gbps traffic as shown in Table.1. Table 1. Summary of network packet processing performance in a total of 20Gbps traffic. Copyright 2016 SERSC 357
5 For another experimental results, our proposed system collected at least 400,000 flow records per second and stored those data into the virtual volume based storage which supports WORM function. We also confirmed that TFRB block performed the function of reconstructing the transmitted file which was extracted from the stored traffic packets collected by TFGB block, and performed a function for storing additional metadata that was collected from one file reconfiguration. In addition, our proposed system has been installed and run in a real LAN environment supporting up to a total of 2Gbps traffic for evaluating the system processing performance for a long period of times. Table.2 shows the summary of network traffic, flow counts, and packet counts collected from 4th to 10th of September in 2016 in the real network environment. It is evaluated that our proposed system could collect about 4 TB network traffic data daily without the loss of network packets in real LAN environment. Table 2. Summary of collected data from a real network environment. Total amount per week Daily Average Average of working day Average of nonworking day Traffic (TB) # of Flows 922,591, ,798, ,747,230 86,927,575 # of Packets 34,574,737,355 4,939,248,194 6,174,046,881 1,852,251,476 We have also analysed the collected traffic data by the most frequently used services, and provided the summary of network traffic distribution by top 10 services in Table.3. Table 3. Summary of network traffic distribution by Top 10 services. For the overall performance of network traffic processing, we evaluated that our proposed system could collect 20 Gbps network traffic rates without the loss of network packets for our experimental implementation. We also measured the 358 Copyright 2016 SERSC
6 maximum processing performance by exploiting the various packet size from a N2X tool. However, we couldn t evaluate the network packet processing performance with traffic rates up to 20 Gbps for a real LAN environment since. 5 Conclusion Since there is no evidence data enough to investigating a cause of the attack after the cyber-attack occurs, it is always difficult to analyze the cause of an attack even after an attack is recognized. However, according to our proposed system, entire packet data, flow data, and transmitted files can be collected as evidence data from network traffic and also stored in the storage medium for a long time, and thus, a cause of an attack is quickly analyzed based on the evidence data preserved in the storage medium. This paper described the architecture of our proposed system for network forensics and verified network throughput performance by deploying our proposed system in an experimental testbed environment as well as a real LAN environment. It is evaluated that our proposed system can collect the attack event data and related flow records without the loss of network packets in a total of 20Gbps traffic. Acknowledgments. This work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIP) (No. B , The Development of Cyber Blackbox and Integrated Security Analysis Technology for Proactive and Reactive Cyber Incident Response) References 1. Pilli. E.S., Joshi, R.C., & Niyogi, R.: Network forensic frameworks: Survey and research challenges. The International Journal of Digital Forensics & Incident Response archive. vol. 7, pp (2010) 2. Davidoff, S. & Ham, J.: Network Forensics: Tracking Hackers through Cyberspace, Pearson Education (2012) 3. Rizzo, L.: netmap: a novel framework for fast packet I/O. In Proceedings of USENIX conference on Annual Technical Conference, pp (2012) 4. Deri, L., Cardigliano, A., & Fusco, F.: 10 Gbit line rate packet-to-disk using n2disk. In Proceedings of IEEE INFOCOM Workshop on Traffic Monitoring and Analysis pp (2013) Copyright 2016 SERSC 359
Design and Implementation of Secure OTP Generation for IoT Devices
, pp.75-80 http://dx.doi.org/10.14257/astl.2017.146.15 Design and Implementation of Secure OTP Generation for IoT Devices Young-Sae Kim 1 and Jeong-Nyeo Kim 1 1 Electronics and Telecommunications Research
More informationDistributed Object Storage toward Storage and Usage of Packet Data in a High-speed Network
Distributed Object Storage toward Storage and Usage of Packet Data in a High-speed Network Masahisa Tamura, Ken Iizawa, Munenori Maeda, Jun Kato, Tatsuo Kumano, Yuji Nomura, Toshihiro Ozawa Fujitsu Laboratories
More informationEnhancement of Real Time EPICS IOC PV Management for Data Archiving System. Jae-Ha Kim
Enhancement of Real Time EPICS IOC PV Management for Data Archiving System Jae-Ha Kim Korea Multi-purpose Accelerator Complex, Korea Atomic Energy Research Institute, Gyeongju, Korea For operating a 100MeV
More informationAutomated and Massive-scale CCNx Experiments with Software-Defined SmartX Boxes
Network Research Workshop Proceedings of the Asia-Pacific Advanced Network 2014 v. 38, p. 29-33. http://dx.doi.org/10.7125/apan.38.5 ISSN 2227-3026 Automated and Massive-scale CCNx Experiments with Software-Defined
More informationSMCCSE: PaaS Platform for processing large amounts of social media
KSII The first International Conference on Internet (ICONI) 2011, December 2011 1 Copyright c 2011 KSII SMCCSE: PaaS Platform for processing large amounts of social media Myoungjin Kim 1, Hanku Lee 2 and
More informationThe Design and Implementation of a BLE-based WebD2D Service for Android Smartphone
, pp.1-5 http://dx.doi.org/10.14257/astl.2017.146.01 The Design and Implementation of a BLE-based WebD2D Service for Android Smartphone Do-Hyung Kim 1, Seok-Jin Yoon 1, Hyung-Seok Lee 1 and Jae-Ho Lee
More informationRemote Direct Storage Management for Exa-Scale Storage
, pp.15-20 http://dx.doi.org/10.14257/astl.2016.139.04 Remote Direct Storage Management for Exa-Scale Storage Dong-Oh Kim, Myung-Hoon Cha, Hong-Yeon Kim Storage System Research Team, High Performance Computing
More informationOnline Version Only. Book made by this file is ILLEGAL. Design and Implementation of Binary File Similarity Evaluation System. 1.
, pp.1-10 http://dx.doi.org/10.14257/ijmue.2014.9.1.01 Design and Implementation of Binary File Similarity Evaluation System Sun-Jung Kim 2, Young Jun Yoo, Jungmin So 1, Jeong Gun Lee 1, Jin Kim 1 and
More informationCourse 832 EC-Council Computer Hacking Forensic Investigator (CHFI)
Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI) Duration: 5 days You Will Learn How To Understand how perimeter defenses work Scan and attack you own networks, without actually harming
More informationIJSER. Virtualization Intrusion Detection System in Cloud Environment Ku.Rupali D. Wankhade. Department of Computer Science and Technology
ISSN 2229-5518 321 Virtualization Intrusion Detection System in Cloud Environment Ku.Rupali D. Wankhade. Department of Computer Science and Technology Abstract - Nowadays all are working with cloud Environment(cloud
More informationWHITE PAPER: BEST PRACTICES. Sizing and Scalability Recommendations for Symantec Endpoint Protection. Symantec Enterprise Security Solutions Group
WHITE PAPER: BEST PRACTICES Sizing and Scalability Recommendations for Symantec Rev 2.2 Symantec Enterprise Security Solutions Group White Paper: Symantec Best Practices Contents Introduction... 4 The
More informationA High-Performance Storage and Ultra- High-Speed File Transfer Solution for Collaborative Life Sciences Research
A High-Performance Storage and Ultra- High-Speed File Transfer Solution for Collaborative Life Sciences Research Storage Platforms with Aspera Overview A growing number of organizations with data-intensive
More informationByte Index Chunking Approach for Data Compression
Ider Lkhagvasuren 1, Jung Min So 1, Jeong Gun Lee 1, Chuck Yoo 2, Young Woong Ko 1 1 Dept. of Computer Engineering, Hallym University Chuncheon, Korea {Ider555, jso, jeonggun.lee, yuko}@hallym.ac.kr 2
More informationParallelizing Inline Data Reduction Operations for Primary Storage Systems
Parallelizing Inline Data Reduction Operations for Primary Storage Systems Jeonghyeon Ma ( ) and Chanik Park Department of Computer Science and Engineering, POSTECH, Pohang, South Korea {doitnow0415,cipark}@postech.ac.kr
More informationThe SHARED hosting plan is designed to meet the advanced hosting needs of businesses who are not yet ready to move on to a server solution.
SHARED HOSTING @ RS.2000/- PER YEAR ( SSH ACCESS, MODSECURITY FIREWALL, DAILY BACKUPS, MEMCHACACHED, REDIS, VARNISH, NODE.JS, REMOTE MYSQL ACCESS, GEO IP LOCATION TOOL 5GB FREE VPN TRAFFIC,, 24/7/365 SUPPORT
More informationLinux Software RAID Level 0 Technique for High Performance Computing by using PCI-Express based SSD
Linux Software RAID Level Technique for High Performance Computing by using PCI-Express based SSD Jae Gi Son, Taegyeong Kim, Kuk Jin Jang, *Hyedong Jung Department of Industrial Convergence, Korea Electronics
More informationQuick Heal AntiVirus for Server. Optimized Antivirus Scanning. Low on Resources. Strong on Technology.
Optimized Antivirus Scanning. Low on Resources. Strong on Technology. Product Highlights Quick Heal» Easy installation, optimized antivirus scanning, and minimum resource utilization.» Robust and interoperable
More informationON THE SELECTION OF WRITE BLOCKERS FOR DISK ACQUISITION: A COMPARATIVE PRACTICAL STUDY
ON THE SELECTION OF WRITE BLOCKERS FOR DISK ACQUISITION: A COMPARATIVE PRACTICAL STUDY Mousa Al Falayleh College of Computer Info. Tech. American University in the Emirates Dubai, United Arab Emirates
More informationBig Data Service Combination for Efficient Energy Data Analytics
, pp.455-459 http://dx.doi.org/10.14257/astl.2016.139.90 Big Data Service Combination for Efficient Energy Data Analytics Tai-Yeon Ku, Wan-ki Park, Il-Woo Lee Energy IT Technology Research Section Hyper-connected
More informationA Mobile Device Classification Mechanism for Efficient Prevention of Wireless Intrusion
A obile Device Classification echanism for Efficient Prevention of Wireless Intrusion Hyeokchan Kwon 1, Sin-Hyo Kim 1, 1 Electronics and Telecommunications Research Institue, 218 Gajeong-ro, Yuseong-gu,
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationA Study on the Communication Agent Model for One-way Data Transfer System
, pp. 161-168 http://dx.doi.org/10.14257/ijsh.2015.9.10.18 A Study on the Communication Agent Model for One-way Data Transfer System Young-Chul Oh 1, Mi-Ran Han 2, Yongtae Shin 3 and Jong-Bae Kim 4* 1
More informationIntrusion prevention systems are an important part of protecting any organisation from constantly developing threats.
Network IPS Overview Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats. By using protocol recognition, identification, and traffic analysis
More informationComputer Forensics: Investigating Network Intrusions and Cybercrime, 2nd Edition. Chapter 2 Investigating Network Traffic
Computer Forensics: Investigating Network Intrusions and Cybercrime, 2nd Edition Chapter 2 Investigating Network Traffic Objectives After completing this chapter, you should be able to: Understand network
More informationStorage Efficient Capturing of Port Scanning Attack Traffic
Storage Efficient Capturing of Port Scanning Attack Traffic Rajni Ranjan Singh Department of Computer Science and Engineering Maulana Azad National Institute of Technology, Bhopal, M.P., India Orcid Id:
More informationGujarat Forensic Sciences University
Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat
More informationPresentation to the ITU on the Q-CERT Incident Management Team. Ian M Dowdeswell Incident Manager, Q-CERT
Presentation to the ITU on the Q-CERT Incident Management Team Ian M Dowdeswell Incident Manager, Q-CERT 2 Q-CERT Mission The Mission of Q-CERT is to be a world-class center of excellence providing expert
More informationSYSTEM SPECIFICATIONS GUIDE
SYSTEM SPECIFICATIONS GUIDE AD Enterprise NETWORK INVESTIGATION AND POST-BREACH ANALYSIS v6.5 Revision (May 8, 2018) www.accessdata.com Contents AccessData Enterprise Overview and System Specifications
More informationDesign and Implementation of Various File Deduplication Schemes on Storage Devices
Design and Implementation of Various File Deduplication Schemes on Storage Devices Yong-Ting Wu, Min-Chieh Yu, Jenq-Shiou Leu Department of Electronic and Computer Engineering National Taiwan University
More informationA Simple Model for Estimating Power Consumption of a Multicore Server System
, pp.153-160 http://dx.doi.org/10.14257/ijmue.2014.9.2.15 A Simple Model for Estimating Power Consumption of a Multicore Server System Minjoong Kim, Yoondeok Ju, Jinseok Chae and Moonju Park School of
More informationE-Training Content Delivery Networking System for Augmented Reality Car Maintenance Training Application
E-Training Content Delivery Networking System for Augmented Reality Car Maintenance Training Application Yu-Doo Kim and Il-Young Moon Korea University of Technology and Education kydman@koreatech.ac.kr
More informationTable 1 The Elastic Stack use cases Use case Industry or vertical market Operational log analytics: Gain real-time operational insight, reduce Mean Ti
Solution Overview Cisco UCS Integrated Infrastructure for Big Data with the Elastic Stack Cisco and Elastic deliver a powerful, scalable, and programmable IT operations and security analytics platform
More informationPT APPLICATION FIREWALL BASED ON PT UNIFIED CHASSIS
PT APPLICATION FIREWALL BASED ON PT UNIFIED CHASSIS PT Application Firewall is available as both hardware and virtual appliances. Hardware appliances are based on PT Unified Chassis for high-load applications.
More informationSeqrite Antivirus for Server
Best server security with optimum performance. Product Highlights Easy installation, optimized antivirus scanning, and minimum resource utilization. Robust and interoperable technology makes it one of
More informationTime Stamp based Multiple Snapshot Management Method for Storage System
Time Stamp based Multiple Snapshot Management Method for Storage System Yunsoo Lee 1, Dongmin Shin 1, Insoo Bae 1, Seokil Song 1, Seungkook Cheong 2 1 Dept. of Computer Engineering, Korea National University
More informationMcAfee Network Security Platform 8.3
8.3.7.52-8.3.3.27-2.11.9 Manager-XC-Cluster Release Notes McAfee Network Security Platform 8.3 Revision C Contents About this release New features Enhancements Resolved issues Installation instructions
More informationASN Configuration Best Practices
ASN Configuration Best Practices Managed machine Generally used CPUs and RAM amounts are enough for the managed machine: CPU still allows us to read and write data faster than real IO subsystem allows.
More informationDeduplication Storage System
Deduplication Storage System Kai Li Charles Fitzmorris Professor, Princeton University & Chief Scientist and Co-Founder, Data Domain, Inc. 03/11/09 The World Is Becoming Data-Centric CERN Tier 0 Business
More informationDocuShare 6.6 Customer Expectation Setting
Customer Expectation Setting 2011 Xerox Corporation. All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. Contents of this publication may not be reproduced in
More informationCOMPUTER FORENSICS (CFRS)
Computer Forensics (CFRS) 1 COMPUTER FORENSICS (CFRS) 500 Level Courses CFRS 500: Introduction to Forensic Technology and Analysis. 3 credits. Presents an overview of technologies of interest to forensics
More informationHardware & System Requirements
Safend Data Protection Suite Hardware & System Requirements System Requirements Hardware & Software Minimum Requirements: Safend Data Protection Agent Requirements Console Safend Data Access Utility Operating
More informationSuperImager TM -Rugged USB Display Touch Screen SAS Drive Slots A Computer Forensic- Field Analysis Platform Unit
SuperImager TM -Rugged USB 3.0 12.1 Display Touch Screen SAS Drive Slots A Computer Forensic- Field Analysis Platform Unit (SIR-0024) The SuperImager Rugged USB 3.0 unit is a high speed potable, computer
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationA Novel Approach to Detect and Prevent Known and Unknown Attacks in Local Area Network
International Journal of Wireless Communications, Networking and Mobile Computing 2016; 3(4): 43-47 http://www.aascit.org/journal/wcnmc ISSN: 2381-1137 (Print); ISSN: 2381-1145 (Online) A Novel Approach
More informationImproving Throughput in Cloud Storage System
Improving Throughput in Cloud Storage System Chanho Choi chchoi@dcslab.snu.ac.kr Shin-gyu Kim sgkim@dcslab.snu.ac.kr Hyeonsang Eom hseom@dcslab.snu.ac.kr Heon Y. Yeom yeom@dcslab.snu.ac.kr Abstract Because
More information(JBE Vol. 21, No. 3, May 2016) 6LoWPAN. Implementation of CoAP/6LoWPAN over BLE Networks for IoT Services. Abstract
(Special Paper) 21 3, 2016 5 (JBE Vol. 21, No. 3, May 2016) http://dx.doi.org/10.5909/jbe.2016.21.3.298 ISSN 2287-9137 (Online) ISSN 1226-7953 (Print) BLE CoAP 6LoWPAN a), a), a), a) Implementation of
More informationDesign of Self-Adaptive System Observation over Internet of Things
, pp.165-171 http://dx.doi.org/10.14257/astl.2015.117.39 Design of Self-Adaptive System Observation over Internet of Things Young-Joo Kim 1, Jong-Soo Seok 1, Moon Soo Lee 1, Jeong-Si Kim 1, and YungJoon
More informationEdge for All Business
1 Edge for All Business Datasheet Zynstra is designed and built for the edge the business-critical compute activity that takes place outside a large central datacenter, in branches, remote offices, or
More informationCYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta
CYBER ANALYTICS Architecture Overview Technical Brief May 2016 novetta.com 2016, Novetta Novetta Cyber Analytics: Technical Architecture Overview 1 INTRODUCTION 2 CAPTURE AND PROCESS ALL NETWORK TRAFFIC
More informationMcAfee Network Security Platform 9.1
Manager Appliance (Linux) Release Notes McAfee Network Security Platform 9.1 Revision A Contents About this release What's new Enhancements Resolved issues Installation instructions Known issues Product
More informationA Software-Defined Networking Security Controller Architecture. Fengjun Shang, Qiang Fu
4th International Conference on Machinery, Materials and Computing Technology (ICMMCT 2016) A Software-Defined Networking Security Controller Architecture Fengjun Shang, Qiang Fu College of Computer Science
More informationAs for the requirement of having a USB 3.0 port, you will come to know the reason in the next section.
Network forensics and cybersecurity teams need to have the ability to intercept network traffic and capture data packets in real-time to thwart threats and live attacks. Corporate organisations may set
More informationSteganophony: Challenges and Detection of Exfiltration Attacks
Steganophony: Challenges and Detection of Exfiltration Attacks 6 November 207 Juan C Bennett, Ph.D. Distribution A: Approved for public release; distribution is unlimited. From concept to capability via
More informationThe GenCyber Program. By Chris Ralph
The GenCyber Program By Chris Ralph The Mission of GenCyber Provide a cybersecurity camp experience for students and teachers at the K-12 level. The primary goal of the program is to increase interest
More informationStoneGate FW/VPN. Hardware Requirements for Version 5.2.0
StoneGate FW/VPN Hardware Requirements for Version 5.2.0 Created: September 6, 2010 Table of Contents System Requirements... 3 Stonesoft StoneGate Firewall/VPN Appliances... 3 Certified Intel Platforms...
More informationAdvanced Diploma on Information Security
Course Name: Course Duration: Prerequisites: Course Fee: Advanced Diploma on Information Security 300 Hours; 12 Months (10 Months Training + 2 Months Project Work) Candidate should be HSC Pass & Basic
More informationForensic Analysis Approach Based on Metadata and Hash Values for Digital Objects in the Cloud
Forensic Analysis Approach Based on Metadata and Hash Values for Digital Objects in the Cloud Ezz El-Din Hemdan 1, Manjaiah D.H 2 Research Scholar, Department of Computer Science, Mangalore University,
More informationA Personal Information Retrieval System in a Web Environment
Vol.87 (Art, Culture, Game, Graphics, Broadcasting and Digital Contents 2015), pp.42-46 http://dx.doi.org/10.14257/astl.2015.87.10 A Personal Information Retrieval System in a Web Environment YoungDeok
More informationUsage of Honeypot to Secure datacenter in Infrastructure as a Service data
Usage of Honeypot to Secure datacenter in Infrastructure as a Service data Ms. Priyanka Paliwal M. Tech. Student 2 nd yr.(comp. Science& Eng.) Government Engineering College Ajmer Ajmer, India (Erpriyanka_paliwal06@rediffmail.com)
More informationCLOUDS OF JINR, UNIVERSITY OF SOFIA AND INRNE JOIN TOGETHER
CLOUDS OF JINR, UNIVERSITY OF SOFIA AND INRNE JOIN TOGETHER V.V. Korenkov 1, N.A. Kutovskiy 1, N.A. Balashov 1, V.T. Dimitrov 2,a, R.D. Hristova 2, K.T. Kouzmov 2, S.T. Hristov 3 1 Laboratory of Information
More informationRFC2350 TLP1: WHITE. Έκδοση National CSIRT-CY RFC2350
Έκδοση 1.2-2018.02.14 TLP1: WHITE 1 TLP Sources may use TLP: WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release.
More informationand the Forensic Science CC Spring 2007 Prof. Nehru
and the Introduction The Internet, (Information superhighway), has opened a medium for people to communicate and to access millions of pieces of information from computers located anywhere on the globe.
More informationActivating Intrusion Prevention Service
Activating Intrusion Prevention Service Intrusion Prevention Service Overview Configuring Intrusion Prevention Service Intrusion Prevention Service Overview Intrusion Prevention Service (IPS) delivers
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationDiscount Kaspersky PURE 3.0 internet download software for windows 8 ]
Discount Kaspersky PURE 3.0 internet download software for windows 8 ] Description: Extended benefits Award-winning protection against all types of Internet threats Online shopping, banking and social
More informationMcAfee Network Security Platform 9.1
9.1.7.15-9.1.5.9 Manager-NS-series Release Notes McAfee Network Security Platform 9.1 Revision A Contents About this release New features Enhancements Resolved issues Installation instructions Known issues
More informationAll-in one security for large and medium-sized businesses.
All-in one security for large and medium-sized businesses www.entensys.com sales@entensys.com Overview UserGate UTM provides firewall, intrusion detection, anti-malware, spam and content filtering, and
More informationMcAfee Network Security Platform 9.1
9.1.7.49-9.1.3.6 Manager-M-series, Mxx30-series, XC Cluster Release Notes McAfee Network Security Platform 9.1 Revision C Contents About the release New features Enhancements Resolved issues Installation
More informationDESIGN AND IMPLEMENTATION OF A NETWORK FORENSICS SYSTEM FOR LINUX
DESIGN AND IMPLEMENTATION OF A NETWORK FORENSICS SYSTEM FOR LINUX Hong-Ming Wang National Kaohsiung Normal University Kaohsiung, Taiwan alexwang24@gmail.com Chung-Huang Yang National Kaohsiung Normal University
More informationCYBERBIT P r o t e c t i n g a n e w D i m e n s i o n
CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n CYBETBIT in a Nutshell A leader in the development and integration of Cyber Security Solutions A main provider of Cyber Security solutions for the
More informationSecurity is one of the biggest concerns today. Ever since the advent of the 21 st century, the world has been facing several challenges regarding the
Security is one of the biggest concerns today. Ever since the advent of the 21 st century, the world has been facing several challenges regarding the security of people, economy, and infrastructure. One
More informationLocally Deployed System Requirements SuccessMaker 10 DRAFT 3/31/2017
3/31/2017 March 31, 2017 Copyright 2017 Pearson Education, Inc. or one or more of its direct or indirect affiliates. All rights reserved. Pearson and SuccessMaker are registered trademarks, in the U.S.
More informationMcAfee Network Security Platform 8.3
8.3.7.68-8.3.7.55-8.3.7.14 Manager-Virtual IPS Release Notes McAfee Network Security Platform 8.3 Revision A Contents About this release New features Enhancements Resolved issues Installation instructions
More informationDigital Forensics Practicum CAINE 8.0. Review and User s Guide
Digital Forensics Practicum CAINE 8.0 Review and User s Guide Ana L. Hernandez Master of Science in Cybersecurity Digital Forensics Concentration University of South Florida 12-8-2017 Table of Contents
More informationEXPERIMENTAL STUDY OF FLOOD TYPE DISTRIBUTED DENIAL-OF- SERVICE ATTACK IN SOFTWARE DEFINED NETWORKING (SDN) BASED ON FLOW BEHAVIORS
EXPERIMENTAL STUDY OF FLOOD TYPE DISTRIBUTED DENIAL-OF- SERVICE ATTACK IN SOFTWARE DEFINED NETWORKING (SDN) BASED ON FLOW BEHAVIORS Andry Putra Fajar and Tito Waluyo Purboyo Faculty of Electrical Engineering,
More informationAltos T310 F3 Specifications
Product overview The Altos T310 F3 delivers proactive management tools matched by best priceperformance technology ideal for SMB and branch office operations. This singlesocket tower server features an
More informationAxxonSoft. The Axxon Smart. Software Package. Recommended platforms. Version 1.0.4
AxxonSoft The Axxon Smart Software Package Recommended platforms Version 1.0.4 Moscow 2010 1 Contents 1 Recommended hardware platforms for Server and Client... 3 2 Size of disk subsystem... 4 3 Supported
More informationECCouncil Exam v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ]
s@lm@n ECCouncil Exam 312-50v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ] Question No : 1 An Intrusion Detection System(IDS) has alerted the network administrator to a possibly
More informationSSD-based Information Retrieval Systems
Efficient Online Index Maintenance for SSD-based Information Retrieval Systems Ruixuan Li, Xuefan Chen, Chengzhou Li, Xiwu Gu, Kunmei Wen Huazhong University of Science and Technology Wuhan, China SSD
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationCommon Service Discovery Scheme in IoT Environments
, pp.28-32 http://dx.doi.org/10.14257/astl.2018.149.07 Common Service Discovery Scheme in IoT Environments Joosang Youn 1 * and TaeJin Lee 2 1 Dept. of Industrial ICT Engineering, Dong-Eui University 176,
More informationDigital Forensics Lecture 01- Disk Forensics
Digital Forensics Lecture 01- Disk Forensics An Introduction to Akbar S. Namin Texas Tech University Spring 2017 Digital Investigations and Evidence Investigation of some type of digital device that has
More informationMcAfee Network Security Platform 9.1
Revision A McAfee Network Security Platform 9.1 (9.1.7.63-9.1.7.12 Manager-Virtual IPS Release Notes) Contents About this release New features Enhancements Resolved issues Installation instructions Known
More informationNetwork Forensic Analysis via Vulnerability Evidence Reasoning
2016 International Conference on Computer Engineering and Information Systems (CEIS-16) Network Forensic Analysis via Vulnerability Evidence Reasoning Cheng-Yue Chang, Jing-Sha He School of Software Engineering
More informationIBM Spectrum NAS. Easy-to-manage software-defined file storage for the enterprise. Overview. Highlights
IBM Spectrum NAS Easy-to-manage software-defined file storage for the enterprise Highlights Reduce capital expenditures with storage software on commodity servers Improve efficiency by consolidating all
More informationEasyChair Preprint. LESS: Logging Exploiting SnapShot
EasyChair Preprint 692 LESS: Logging Exploiting SnapShot Hanseung Sung, Minhwa Jin, Mincheol Shin, Hongchan Roh, Wongi Choi and Sanghyun Park EasyChair preprints are intended for rapid dissemination of
More informationMcAfee Network Security Platform 9.1
Revision A McAfee Network Security Platform 9.1 (9.1.7.73-9.1.3.11 Manager-M-series, Mxx30-series, and XC Cluster Release Notes) Contents About the release New features Enhancements Resolved Issues Installation
More informationSystem Requirements. SuccessMaker 3
System Requirements SuccessMaker 3 System requirements are subject to change. For the latest information on system requirements, go to http://support.pearsonschool.com. For more information about Digital
More informationMcAfee Network Security Platform 8.3
Revision A McAfee Network Security Platform 8.3 (8.3.7.86-8.3.5.53 Manager-NS-series Release Notes) Contents About this release New features Enhancements Resolved issues Installation instructions Known
More informationTanium Incident Response User Guide
Tanium Incident Response User Guide Version 4.4.3 September 06, 2018 The information in this document is subject to change without notice. Further, the information provided in this document is provided
More information소프트웨어기반고성능침입탐지시스템설계및구현
소프트웨어기반고성능침입탐지시스템설계및구현 KyoungSoo Park Department of Electrical Engineering, KAIST M. Asim Jamshed *, Jihyung Lee*, Sangwoo Moon*, Insu Yun *, Deokjin Kim, Sungryoul Lee, Yung Yi* Department of Electrical
More informationAnalysis of Virtual Machine Scalability based on Queue Spinlock
, pp.15-19 http://dx.doi.org/10.14257/astl.2017.148.04 Analysis of Virtual Machine Scalability based on Queue Spinlock Seunghyub Jeon, Seung-Jun Cha, Yeonjeong Jung, Jinmee Kim and Sungin Jung Electronics
More informationAgile Security Solutions
Agile Security Solutions Piotr Linke Security Engineer CISSP CISA CRISC CISM Open Source SNORT 2 Consider these guys All were smart. All had security. All were seriously compromised. 3 The Industrialization
More informationCSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague
Brmlab, hackerspace Prague Lightning talks, November 2016 in general in general WTF is an? in general WTF is an? Computer Security in general WTF is an? Computer Security Incident Response in general WTF
More informationHardware and Software Requirements
Hardware and Software Requirements WideOrbit s WO Media Sales is a full client-server based sales system. Users run a thick client on a Windows 10*, Windows 8 or Windows 7, which connects directly to a
More informationCOMPUTER HACKING FORENSIC INVESTIGATOR (CHFI) V9
COMPUTER HACKING FORENSIC INVESTIGATOR (CHFI) V9 Course Code: 3401 Prepare for the CHFI certification while learning advanced forensics investigation techniques. EC-Council released the most advanced computer
More informationOracle Communications Configuration Management
Oracle Communications Configuration Management Planning Guide Release 7.2 E35436-01 October 2013 Oracle Communications Configuration Management Planning Guide, Release 7.2 E35436-01 Copyright 2011, 2013,
More informationStoneGate IPS. Hardware Requirements for Version 5.2.0
StoneGate IPS Hardware Requirements for Version 5.2.0 Created: July 9, 2010 Table of Contents StoneGate Appliances... 3 Certified Intel Platforms... 3 Other Intel Platforms... 3 StoneGate Appliances StoneGate
More informationPerformance Evaluation of Tcpdump
Performance Evaluation of Tcpdump Farhan Jiva University of Georgia Abstract With the onset of high-speed networks, using tcpdump in a reliable fashion can become problematic when facing the poor performance
More informationCyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX
Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security HTML PHP Database Linux Operating System and Networking: LINUX NETWORKING Information Gathering:
More information