Network Security Detection With Data Analytics (PREDATOR)
|
|
- Branden Mitchell
- 5 years ago
- Views:
Transcription
1 CIS-601 Graduate Seminar Network Security Detection With Data Analytics (PREDATOR) PRESENTED BY :RAJAN SHARMA CSU ID: GUIDED BY : Dr. SUNNIE CHUNG
2 Overview Introduction Feature Extraction and Machine Learning Classifier Design Evaluation and Evasion Robustness Conclusion
3 Domain Name Server (DNS) Introduction DNS Abuse DNS Blacklist DNS Reputation PREDATOR
4 PREDATOR Proactive Recognition and Elimination Of Domain Abuse at Time-of- Registration A proactive reputation system that can accurately and automatically identify malicious DNS domains. Network Operator can Take appropriate action to save their network. Helps in Anomaly Detection, Security and Malware mitigation.
5 PREDATOR Abusive registration have distinguish property 1. Common name server, registrars, domain reuse. 2. Textual similar domain name
6 PREDATOR Identifying and encoding 22 features that help distinguish domain registration behaviors characteristics of abuse from legitimate registration behavior. Applying supervised learning algorithm and implement a prototype version of proactive time of registration Five months of logs of second level.com and.net registration
7 BACKGROUND The Registration process of second level domains involves 3 participants 1. Registrants 2. Registrars 3. Registries
8 Background Registrant applies online to registrars, which is an organization accredited by ICANN to contract with registries to sell domains. ICANN is Internet Corporation for Assigned Names and Numbers which is responsible for coordinating the maintenance and procedures of several databases related to the name space of the internet.
9 SPAMMER DOMAIN There are various characteristics of spammer and spammer domain 1. Domain registers occur in burst 2. Domain registered together are often at similar stages in the Domain life cycle. 3. Domain register together may be similar to one another.
10 OBSERVATIONS Domain registered in 5 minutes of intervals, Blacklisted domain are malicious and in interval between 10 to 11 there are highest numbers of registration. Spammers are Lazy.
11 OBSERVATIONS Five-minute epoch (EDT) Spammer domains Brand-new Retread All domain s The registration spikes during 10:15-10:30AM are retread 10:15 10:20AM :20 10:25AM :25 10:30AM The registration spikes during 12:35-1:15PM which means they are Brand new Spammers are Parasitic: Domain Reuse 12:35 12:40PM :10 1:15PM
12 OBSERVATIONS Domains (highlight common strings) Blacklist delay asklenderhome.com askhomelendersnow.com asklendershome.com askhomeslender.com askhomelender.com askhomelenders.com asklendertoday.com financilsart.com financilss.com financilsssky.com 122 days 92 days 51 days 32 days 24 days 12 days 6 days 5 days 71 days 19 days Spammers are unimaginative: Common Substring Registration batches contain repeated strings Repeated strings reflect campaign theme financilsspro.com 18 days financilspro.com 17 days financilssart.com 9 days financilssky.com 7 days strokecarebeat.com 65 days strokecaregreen.com 14 days strokesoft.com 11 days
13 RAW DATA Updates to.com and.net zones from VeriSign I. Includes registrars, registration history II. Doesn t include registrants and domain IP address Registrars would have more data available Much similar data available publicly like Domain Name, name server, Whois
14 PREDATOR ARCHITECTURE DNZA: Domain name zone alert this file contain changes to the zone like addition of new domain, removal of existing domain, Changes to associated name server.
15 FEATURE EXTRACTION Domain Profile Feature I. Data from the registration event like registrar, nameserver, character trigram etc II. Includes edit distance to know bad domains insertion: abcdef abchdef deletion: abchdef abcdef Substitution: abcdef abhdef Registration History I. Data from previous registration like previous registrar, re-registration latency etc. II. Separate use into drop-catch and retreated Batch Correlation I. Data from registrations in the same time interval like batch size rate and time of reuse
16 Domain profile Registration history Batch correlation FEATURE EXTRACTION Category Feature Type New? Registrar Categ. Authoritative nameservers Categ. IP addresses of nameservers Categ. ASes of nameserver IP addresses Categ. Daily hour of registration Categ. Week day of registration Categ. Ord. Length of registration period Trigrams in domain name Categ. [13, 20] [13, 20] Ratio of the longest English word Cont. [20] Containing digits Categ. 3 Containing Categ. 3 Name length Ord. 3 Edit distances to known-bad domains Cont. 3 Life cycle Dormancy period for re-registration Previous registrar Categ. Ord. Categ. 3 Re-registration from same registrar Categ. 3 Probability of batch size Brand-new proportion Drop-catch proportion Retread proportion Cont. Cont. Cont. Cont Name cohesiveness Cont. 3 [20] [20] [20]
17 Feature Vectorization Ordinal : Discrete values (integer) Continuous: real values Categorical: Unordered discreate value Where Ordinal and continuous value are normalized
18 CLASSIFIER DESIGN Supervised learning CPM Convex Polytope Machine combines multiple linear models Result in expressive non-linear surface Non linear decision boundary CPM maintain an ensemble of linear classifier Helps achieve higher detection rate in lower false positive value
19 EVALUATION AND ROBUSTNESS Data Set profile 5 month of data from.com and.net TLDS Label by spamhaus, URIBL and private spam trap
20 Experimental Design Evaluation Simulates passage of time
21 DETECTION PERFOMANCE False positive(%)
22 PERFOMANCE Dataset has 80,000 domains daily,1700 spams 70% detection yield 1190 spam domain daily 0.35% false positive yields 280 domain daily Detect 1000 unlabeled domain daily 74% of unlabeled domains show spam activity
23 DETECTION LATENCY
24 EVASION ROBUSTNESS
25 EVASION ROBUSTNESS
26 PREDATOR KEY RESULT We obtain70% coverage at 0.35% false Positive rate. Robustness against adversarial evasion.
27 CONCLUSION PREDATOR can accurately establish domain reputation at the time of domain registration, before domains ever see use in attacks. Our results show that PREDATOR can provide more accurate and earlier detection compared to existing blacklists, and significantly reduce the number of suspicious domains requiring more resource-intensive or time-consuming inspection.
PREDATOR: Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration
PREDATOR: Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration Shuang Hao Alex Kantchelian Brad Miller Vern Paxson Nick Feamster University of California, Santa Barbara University
More informationUnderstanding the Domain Registration Behavior of Spammers
Understanding the Domain Registration Behavior of Spammers Shuang Hao Georgia Tech shao@cc.gatech.edu Nick Feamster Georgia Tech feamster@cc.gatech.edu Matthew Thomas Verisign, Inc. mthomas@verisign.com
More informationSponsor s Monthly Report for.coop TLD
Sponsor s Monthly Report for.coop TLD Reporting period: May 2011 In this report the terms dotcoop, Registry and Sponsor refer to DotCooperation LLC, the Sponsor of the dotcoop TLD. Table of Contents 1
More informationTechnical Brief: Domain Risk Score Proactively uncover threats using DNS and data science
Technical Brief: Domain Risk Score Proactively uncover threats using DNS and data science 310 Million + Current Domain Names 11 Billion+ Historical Domain Profiles 5 Million+ New Domain Profiles Daily
More informationDetecting Abuse in TLDs
Detecting Abuse in TLDs A NameSentry TM presentation by Greg Aaron and Michael Young ICANN Toronto: 15 October 2012 2012 Illumintel Inc. All rights reserved. 1 Defining Abuse Every service provider has
More informationSponsor s Monthly Report for.coop TLD
Sponsor s Monthly Report for.coop TLD Reporting period: November In this report the terms dotcoop, Registry and Sponsor refer to DotCooperation LLC, the Sponsor of the dotcoop TLD. Table of Contents 1
More informationChristmas Island Domain Administration Limited ( cxda)
Christmas Island Domain Administration Limited ( cxda) HIGH RISK REGISTRATIONS IDENTIFICATION PROACTIVE ABUSE MITIGATION Tools provided by: Initial Try 2012 Mandatory manual domain activation with the
More informationIs the WHOIS service a source for addresses for spammers?
Is the WHOIS service a source for email addresses for spammers? SSAC Meeting 25 June 2007 rmohan@afilias.info - Ram Mohan dave.piscitello@icann.org - Dave Piscitello Objectives Study the correlation between
More informationThe Domain Abuse Activity Reporting System (DAAR)
The Domain Abuse Activity Reporting System (DAAR) Dave Piscitello APWG EU October 2017 The Domain Abuse Activity Reporting system What is the Domain Abuse Activity Reporting system? A system for reporting
More informationDetecting Malicious URLs. Justin Ma, Lawrence Saul, Stefan Savage, Geoff Voelker. Presented by Gaspar Modelo-Howard September 29, 2010.
Detecting Malicious URLs Justin Ma, Lawrence Saul, Stefan Savage, Geoff Voelker Presented by Gaspar Modelo-Howard September 29, 2010 Publications Justin Ma, Lawrence K. Saul, Stefan Savage, and Geoffrey
More informationDetecting Malicious Web Links and Identifying Their Attack Types
Detecting Malicious Web Links and Identifying Their Attack Types Anti-Spam Team Cellopoint July 3, 2013 Introduction References A great effort has been directed towards detection of malicious URLs Blacklisting
More informationSURBL-Listed Domains And Their Registrars (In Just Seven or Eight Minutes)
SURBL-Listed Domains And Their Registrars (In Just Seven or Eight Minutes) Joe St Sauver, Ph.D. (joe@uoregon.edu or joe@internet2.edu) Forum on DNS Abuse Grand Ballroom, 14 Mar 2011 11:30-13:00 ICANN 40,
More informationDraft Applicant Guidebook, v3
Draft Applicant Guidebook, v3 Module 5 Please note that this is a discussion draft only. Potential applicants should not rely on any of the proposed details of the new gtld program as the program remains
More informationFast Flux Hosting Final Report. GNSO Council Meeting 13 August 2009
Fast Flux Hosting Final Report GNSO Council Meeting 13 August 2009 1 January 2008: SAC 025 Fast Flux Hosting and DNS Characterizes Fast Flux (FF) as an evasion technique that enables cybercriminals to
More informationBig Data Analytics for Host Misbehavior Detection
Big Data Analytics for Host Misbehavior Detection Miguel Pupo Correia joint work with Daniel Gonçalves, João Bota (Vodafone PT) 2016 European Security Conference June 2016 Motivation Networks are complex,
More informationAnti-Phishing Working Group
Anti-Phishing Working Group www.antiphishing.org DNS Policy Sub-Committee Overview Rod Rasmussen Rod.Rasmussen@InternetIdentity.com Anti-Phishing Working Group Launched in 2003 2600+ members 1600+ companies
More informationLuminous: Bringing Big(ger) Data to the Fight
Luminous: Bringing Big(ger) Data to the Fight Norm Ritchie Drew Bagley ICANN Helsinki June, 2016 Secure Domain Foundation Non-profit Founded in 2014 Proactive mitigation of malicious domains used for cybercrime
More informationFighting Spam, Phishing and Malware With Recurrent Pattern Detection
Fighting Spam, Phishing and Malware With Recurrent Pattern Detection White Paper September 2017 www.cyren.com 1 White Paper September 2017 Fighting Spam, Phishing and Malware With Recurrent Pattern Detection
More informationDNS Abuse Handling. FIRST TC Noumea New Caledonia. Champika Wijayatunga Regional Security, Stability and Resiliency Engagement Manager Asia Pacific
DNS Abuse Handling FIRST TC Noumea New Caledonia Champika Wijayatunga Regional Security, Stability and Resiliency Engagement Manager Asia Pacific 10 September 2018 1 The Domain Name System (DNS) The root
More informationCYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta
CYBER ANALYTICS Architecture Overview Technical Brief May 2016 novetta.com 2016, Novetta Novetta Cyber Analytics: Technical Architecture Overview 1 INTRODUCTION 2 CAPTURE AND PROCESS ALL NETWORK TRAFFIC
More informationAbuse Management System (AMS) Mon-Loi Perez Associate Consultant Singapore Network Information Centre Pte. Ltd. (SGNIC)
Abuse Management System (AMS) Mon-Loi Perez Associate Consultant Singapore Network Information Centre Pte. Ltd. (SGNIC) 24 March 2014 Agenda About SGNIC Types of Abuse Measures (AMS) Statistics and Experiences
More informationAn Empirical Study of Behavioral Characteristics of Spammers: Findings and Implications
An Empirical Study of Behavioral Characteristics of Spammers: Findings and Implications Zhenhai Duan, Kartik Gopalan, Xin Yuan Abstract In this paper we present a detailed study of the behavioral characteristics
More informationExploring the ecosystem of malicious domain registrations in the.eu TLD
Exploring the ecosystem of malicious domain registrations in the.eu TLD Lieven Desmet OWASP BeNeLux Day 2017 Tilburg, NL Lieven.Desmet@cs.kuleuven.be @lieven_desmet Joint research between KU Leuven and
More informationHOW WHOIS DATA ENSURES A SAFE AND SECURE INTERNET
HOW WHOIS DATA ENSURES A SAFE AND SECURE INTERNET A DETAILED LOOK AT HOW PUBLIC DOMAIN OWNERSHIP DATA DRIVES THREE ESSENTIAL CYBERSECURITY WORKFLOWS INTRODUCTION Each year, millions of individuals, businesses,
More informationCorreLog IP Block List and Reputation Database Application Notes
CorreLog IP Block List and Reputation Database Application Notes As a standard feature of the CorreLog Server software, CorreLog Inc. synthesizes and maintains a robust list of IP address subnets with
More informationUsing Internet Data Sets to Understand Digital Threats
Using Internet Data Sets to Understand Digital Threats CONTENTS EXECUTIVE SUMMARY...1 ACTIONS LEAVE BREADCRUMBS. MAKE SURE TO FOLLOW THEM...2 INFRASTRUCTURE CHAINING...3 INTERNET DATA SETS...3 PASSIVE
More informationWhois Study Table Updated 18 February 2009
Whois Study Table Updated 18 February 2009 This table is based on the chart included in the WHOIS Hypothesis Report of 26 August 2008, amended to show related or overlapping studies clustered into letter
More informationSSAC Fast Flux Activities
SSAC Fast Flux Activities Dave Piscitello ICANN SSAC ICANN SSAC, Cairo Nov 2008 Page 1 Long and Winding Road January 2008: SAC 025 Fast Flux Hosting and DNS Result of 4 month study and cooperative work
More informationImperva Incapsula Website Security
Imperva Incapsula Website Security DA T A SH E E T Application Security from the Cloud Imperva Incapsula cloud-based website security solution features the industry s leading WAF technology, as well as
More informationIntroduction Challenges with using ML Guidelines for using ML Conclusions
Introduction Challenges with using ML Guidelines for using ML Conclusions Misuse detection Exact descriptions of known bad behavior Anomaly detection Deviations from profiles of normal behavior First proposed
More informationDetecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine
Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray, Sven Krasser Motivation Spam: More than Just a
More informationRegistrar Session ICANN Contractual Compliance
1 Registrar Session ICANN Contractual Compliance ICANN 60 01 November 2017 2 Agenda Brief Update Since ICANN 58 Registrar Compliance Update Performance Measurement & Reporting Update Contractual Compliance
More informationRevealing Botnet Membership Using DNSBL Counter-Intelligence
Revealing Botnet Membership Using DNSBL Counter-Intelligence David Dagon dagon@cc.gatech.edu Anirudh Ramachandran, Nick Feamster, College of Computing, Georgia Tech From the presses Botnets send masses
More informationMonitoring the Initial DNS Behavior of Malicious Domains
Monitoring the Initial DNS Behavior of Malicious Domains Shuang Hao Georgia Tech Atlanta, GA, USA shao@cc.gatech.edu Nick Feamster Georgia Tech Atlanta, GA, USA feamster@cc.gatech.edu Ramakant Pandrangi
More informationRegistry Internet Safety Group (RISG)
Registry Internet Safety Group (RISG) Re: Potential for Malicious Conduct and new TLD Process RISG s mission is to facilitate data exchange and promulgate best practices to address Internet identity theft,
More informationDeep instinct For MSSPs
Deep instinct For MSSPs Deep Instinct Solution Deep Instinct is the first and only Endpoint & Mobile Cybersecurity solution that is based on a proprietary deep learning framework that was specifically
More informationPURPOSE STATEMENT FOR THE COLLECTION AND PROCESSING OF WHOIS DATA
PURPOSE STATEMENT FOR THE COLLECTION AND PROCESSING OF WHOIS DATA The GDPR requires that the collection and processing of personal data be for specified, explicit and legitimate purposes. (Article 5(1)(b).
More informationPredicting and Preventing Cyber Threats. Paolo Passeri, Consulting Systems Engineer
Predicting and Preventing Cyber Threats Paolo Passeri, Consulting Systems Engineer The way we work has changed Internet Critical infrastructure Amazon, Rackspace, Windows Azure, etc. Business apps Salesforce,
More informationJPCERT/CC Incident Handling Report [October 1, 2015 December 31, 2015]
JPCERT-IR-2015-05 Issued: 2016-01-14 JPCERT/CC Incident Handling Report [October 1, 2015 December 31, 2015] 1. About the Incident Handling Report JPCERT Coordination Center (herein, JPCERT/CC) receives
More informationDocumentation for: MTA developers
This document contains implementation guidelines for developers of MTA products/appliances willing to use Spamhaus products to block as much spam as possible. No reference is made to specific products.
More informationOffice 365 Buyers Guide: Best Practices for Securing Office 365
Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.
More informationEARLY DETECTION OF SPAM-RELATED ACTIVITY
EARLY DETECTION OF SPAM-RELATED ACTIVITY A Thesis Presented to The Academic Faculty by Shuang Hao In Partial Fulfillment of the Requirements for the Degree Doctor of Philosophy in the School of Computer
More informationSOC Operations on the Autobahn. Don t let the green grass fool you
SOC Operations on the Autobahn Don t let the green grass fool you Who am I? Adrian Kelley 15+ Years of IT Experience Current: Sands Corp. (Vulnerability Management Engineer) United States Computer Emergency
More informationResolving Security s Biggest Productivity Killer
cybereason Resolving Security s Biggest Productivity Killer How Automated Detection Reduces Alert Fatigue and Cuts Response Time 2016 Cybereason. All rights reserved. 1 In today s security environment,
More informationReport on Registrar Whois Data Reminder Policy Survey
Report on Registrar Whois Data Reminder Policy Survey Executive Summary ICANN adopted the Whois Data Reminder Policy (WDRP) on 27 March 2003. The purpose of the WDRP is to encourage registrants to review
More informationTracking Evil with Passive DNS
Tracking Evil with Passive DNS Bojan Ždrnja, CISSP, GCIA, GCIH Bojan.Zdrnja@infigo.hr INFIGO IS http://www.infigo.hr Who am I? Senior information security consultant with INFIGO IS (Croatia) Mainly doing
More informationCreating Customized Whitelist Domains from DNS Traffic
White Paper Security Creating Customized Whitelist Domains from DNS Traffic Table of Contents page Abstract... 1 Introduction... 1 Background... 2 The Proposed Method.................................................................
More informationNaming in Distributed Systems
Naming in Distributed Systems Dr. Yong Guan Department of Electrical and Computer Engineering & Information Assurance Center Iowa State University Outline for Today s Talk Overview: Names, Identifiers,
More informationGame of Registrars: An Empirical Analysis of Post-Expiration Domain Name Takeovers
Toby Lauinger, Abdelberi Chaabane, Ahmet S. Buyukkayhan, Kaan Onarlioglu, William Robertson Game of Registrars: An Empirical Analysis of Post-Expiration Domain Name Takeovers Usenix Security 2017 Internet
More informationDomain Name Hijacking A Preliminary Report. Security and Stability Advisory Committee Mar del Plata April 5, 2005
Domain Name Hijacking A Preliminary Report Security and Stability Advisory Committee Mar del Plata April 5, 2005 1 Headlines Panix.com was hijacked on 15 Jan 2005 action returned it after 48 hours Gaining
More informationIPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions
IPS Effectiveness IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions An Intrusion Prevention System (IPS) is a critical layer of defense that helps you protect
More informationWith this vital goal in mind, MarkMonitor believes that the optimal WHOIS model should have, at minimum, these five important characteristics:
MARKMONITOR COMMENT ON THE COMMUNITY S, AND ICANN S, PROPOSED INTERIM MODELS FOR WHOIS COMPLIANCE UNDER THE EUROPEAN GENERAL DATA PROTECTION REGULATION (GDPR) Introduction MarkMonitor, part of Clarivate
More informationInfoblox Dossier User Guide
Infoblox Dossier User Guide 2017 Infoblox Inc. All rights reserved. ActiveTrust Platform Dossier and TIDE - June 2017 Page 1 of 16 1. Overview of Dossier... 3 2. Prerequisites... 3 3. Access to the Dossier
More informationPreSTA: Preventing Malicious Behavior Using Spatio-Temporal Reputation. Andrew G. West November 4, 2009 ONR-MURI Presentation
PreSTA: Preventing Malicious Behavior Using Spatio-Temporal Reputation Andrew G. West November 4, 2009 ONR-MURI Presentation PreSTA: Preventative Spatio-Temporal Aggregation PROBLEM ---------- SOLUTION
More informationCategorization of Phishing Detection Features. And Using the Feature Vectors to Classify Phishing Websites. Bhuvana Namasivayam
Categorization of Phishing Detection Features And Using the Feature Vectors to Classify Phishing Websites by Bhuvana Namasivayam A Thesis Presented in Partial Fulfillment of the Requirements for the Degree
More informationSandBlast Agent FAQ Check Point Software Technologies Ltd. All rights reserved P. 1. [Internal Use] for Check Point employees
SandBlast Agent FAQ What is Check Point SandBlast Agent? Check Point SandBlast Agent defends endpoints and web browsers with a complete set of realtime advanced browser and endpoint protection technologies,
More informationProtection FAQs
Email Protection FAQs Table of Contents Email Protection FAQs... 3 General Information... 3 Which University email domains are configured to use Email Protection for Anti-Spam?... 3 What if I am still
More informationProtecting High Value Domains
Protecting High Value Domains SSAC Public Meeting ICANN Cairo 2008 1 What is a high value domain? Working definition: high value domain (HVD) One or a set of names which define an organization's online
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationGDPR. The new landscape for enforcing and acquiring domains. You ve built your business and your brand. Now how do you secure and protect it?
General Data Protection Regulation The new landscape for enforcing and acquiring domains. You ve built your business and your brand. Now how do you secure and protect it? GDPR CONTENTS GDPR 01 Introduction
More informationIntellectual Property Constituency (IPC)
Contractual Compliance Intellectual Property Constituency (IPC) Tuesday, 14 October 2014 Agenda Registrar Related Update since ICANN 50 Registry Related Update since ICANN 50 Audit Programs Update Questions
More informationInter-registrar Domain Name Transfers Process Description & Overview - Proposal Draft -
Inter-registrar Domain Name Transfers Process Description & Overview - Proposal Draft - V1r0d0 08-20-2001 prepared by Table of Contents Table of Contents 2 Summary 3 Principles 4 Gaining Registrar Processes
More informationMARCH Covering the global threat landscape. VBSPAM COMPARATIVE REVIEW MARCH 2018 Martijn Grooten & Ionuţ Răileanu RESULTS
Covering the global threat landscape VBSPAM COMPARATIVE REVIEW Martijn Grooten & Ionuţ Răileanu Don t open email attachments or click on links in emails from strangers this is a common piece of security
More informationReviewing New gtld Program Safeguards Against DNS Abuse. ICANN Operations and Policy Research 28 January 2016
Reviewing New gtld Program Safeguards Against DNS Abuse ICANN Operations and Policy Research 28 January 2016 Discussion Details This discussion is being recorded. Recordings and supporting materials will
More informationIn the Domain Name System s language, rcode 0 stands for: no error condition.
12/2017 SIMPLE, FAST, RESILIENT In the Domain Name System s language, rcode 0 stands for: no error condition. If a DNS server answers a query with this result code, the service is running properly. This
More informationSpamming Botnets: Signatures and Characteristics
Spamming Botnets: Signatures and Characteristics Himanshu Jethawa Department of Computer Science Missouri University of Science and Technology hj5y3@mst.edu http://www.sigcomm.org/sites/default/files/ccr/papers/2008/
More informationMore on DNS and DNSSEC
More on DNS and DNSSEC CS 161: Computer Security Prof. Raluca Ada Popa March 6, 2018 A subset of the slides adapted from David Wagner Domain names Domain names are human friendly names to identify servers
More informationDomain Name Hijacking. Security and Stability Advisory Committee Luxembourg 12 July 2005
Domain Name Hijacking Security and Stability Advisory Committee Luxembourg 12 July 2005 1 Speakers Steve Crocker, Chair Bruce Tonkin, CTO MelbourneIT Rodney Joffe, Chairman & CTO, UltraDNS Ram Mohan, CTO
More informationDemystifying Service Discovery: Implementing an Internet-Wide Scanner
Demystifying Service Discovery: Implementing an Internet-Wide Scanner Derek Leonard Joint work with Dmitri Loguinov Internet Research Lab Department of Computer Science and Engineering Texas A&M University,
More informationIdentifier Technology Health Indicators (ITHI) Alain Durand, Christian Huitema 13 March 2018
Identifier Technology Health Indicators (ITHI) Alain Durand, Christian Huitema 13 March 2018 ITHI Principles of Operation Technical focus Problem areas à Metrics à Measurement Current value and trend over
More informationNo opinion. [No Response]
General Questions Q1. Do you agree that the proposals to refine the WHOIS opt-out eligibility and to provide a framework for registrar privacy services meets the policy objectives set out in the consultation
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationSymantec Endpoint Protection Family Feature Comparison
Symantec Endpoint Protection Family Feature Comparison SEP SBE SEP Cloud SEP Cloud SEP 14.2 Device Protection Laptop, Laptop Laptop, Tablet Laptop Tablet & & Smartphone Smartphone Meter Per Device Per
More informationWith turing you can: Identify, locate and mitigate the effects of botnets or other malware abusing your infrastructure
Decoding DNS data If you have a large DNS infrastructure, understanding what is happening with your real-time and historic traffic is difficult, if not impossible. Until now, the available network management
More informationA Better Way to a Redundant DNS.
WHITEPAPE R A Better Way to a Redundant DNS. +1.855.GET.NSONE (6766) NS1.COM 2019.02.12 Executive Summary DNS is a mission critical application for every online business. In the words of Gartner If external
More informationOnlineNIC PRIVACY Policy
OnlineNIC PRIVACY Policy ONLINENIC INC (ONLINENIC) TAKES YOUR PRIVACY SERIOUSLY. Our Privacy Policy is intended to describe to you how and what data we collect, and how and why we use your personal data.
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationMeeting at the Intersection of Anti-Abuse and Infrastructure
Meeting at the Intersection of Anti-Abuse and Infrastructure Contributors: Dave Crocker Dennis Dayman Tobias Knecht Jared Mauch Tom Shaw Foy Shiver Moderator: Jesse Sowell (jsowell@mit.edu) Brandenburg
More informationAdvanced Threat Defense Certification Testing Report. Symantec Corporation Symantec Advanced Threat Protection
Advanced Threat Defense Certification Testing Report Symantec Advanced Threat Protection ICSA Labs Advanced Threat Defense December 8, 2015 Prepared by ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg,
More informationThis descriptive document is intended as the basis for creation of a functional specification for 2
Introduction & Overview This document provides a framework for the rapid implementation of a certification and access 1 model for non-public Whois data for legitimate and lawful purposes.this model specifically
More information.rio Registration Policies 2016 Dec 16
.rio Registration Policies 2016 Dec 16 Empresa Municipal de Informática SA [IPLANRIO], the registry for.rio domains, requires all registrants to abide by the policies detailed below or any successor policy
More informationData Sources for Cyber Security Research
Data Sources for Cyber Security Research Melissa Turcotte mturcotte@lanl.gov Advanced Research in Cyber Systems, Los Alamos National Laboratory 14 June 2018 Background Advanced Research in Cyber Systems,
More informationW H O I S A C C U R A C Y R E P O R T I N G S Y S T E M
W H O I S A C C U R A C Y R E P O R T I N G S Y S T E M PILOT REPORT PRESENTED TO: ICANN PUBLISHED BY: NORC at the University of Chicago DECEMBER 23, 2014 Contents Executive Summary... 3 Sample Design...
More informationRegistry Operator Monthly Report
Registry Operator Monthly Report September 2018 Prepared: October 2018 Neustar, Inc. 21575 Ridgetop Circle Sterling, VA 20166 As required by the Department of Commerce/Neustar Registry Agreements, this
More informationSupercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness
Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness Introduction Drowning in data but starving for information. It s a sentiment that resonates with most security analysts. For
More informationWHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale
WHITE PAPER Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale One key number that is generally
More informationAutomating Security Response based on Internet Reputation
Add Your Logo here Do not use master Automating Security Response based on Internet Reputation IP and DNS Reputation for the IPS Platform Anthony Supinski Senior Systems Engineer www.h3cnetworks.com www.3com.com
More informationPineApp Mail Secure SOLUTION OVERVIEW. David Feldman, CEO
PineApp Mail Secure SOLUTION OVERVIEW David Feldman, CEO PineApp Mail Secure INTRODUCTION ABOUT CYBONET CORE EXPERIENCE PRODUCT LINES FACTS & FIGURES Leader Product Company Servicing Multiple Vertical
More informationRegistrar Data Form Instructions. Please complete using word processing software; then submit completed, typed form.
Registrar Data Form Instructions Please complete using word processing software; then submit completed, typed form. Registrar Information Phone/Fax Numbers: Please make sure that phone and fax numbers
More informationCasting out Demons: Sanitizing Training Data for Anomaly Sensors Angelos Stavrou,
Casting out Demons: Sanitizing Training Data for Anomaly Sensors Angelos Stavrou, Department of Computer Science George Mason University Joint work with Gabriela Cretu, Michael E. Locasto, Salvatore J.
More informationMitigating Outgoing Spam, DoS/DDoS Attacks and Other Security Threats
Solution Brief Mitigating Outgoing Spam, DoS/DDoS Attacks and Other Security Threats 2006 Allot Communications Ltd. Allot Communications, NetEnforcer and the Allot logo are registered trademarks of Allot
More informationBattle between hackers and machine learning. Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019
Battle between hackers and machine learning Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019 Google: facts and numbers Real Cisco Big Data for Security Training Set Why is Machine Learning
More informationChapter 2 Malicious Networks for DDoS Attacks
Chapter 2 Malicious Networks for DDoS Attacks Abstract In this chapter, we explore botnet, the engine of DDoS attacks, in cyberspace. We focus on two recent techniques that hackers are using to sustain
More informationBe certain. MessageLabs Intelligence: May 2006
Be certain MessageLabs Intelligence: May 2006 Introduction Welcome to the May edition of the MessageLabs Intelligence monthly report. This report provides the latest threat trends for May 2006 to keep
More informationTRANSMITTED VIA FACSIMILE, COURIER SERVICE & ELECTRONIC MAIL RE: NOTICE OF TERMINATION OF REGISTRAR ACCREDITATION AGREEMENT
TRANSMITTED VIA FACSIMILE, COURIER SERVICE & ELECTRONIC MAIL Mr. Daniel Sundin Red Register, Inc. (IANA ID 962) 8025 Excelsior Drive Suite 200 Madison WI 53717 RE: NOTICE OF TERMINATION OF REGISTRAR ACCREDITATION
More informationPALANTIR CYBERMESH INTRODUCTION
100 Hamilton Avenue Palo Alto, California 94301 PALANTIR CYBERMESH INTRODUCTION Cyber attacks expose organizations to significant security, regulatory, and reputational risks, including the potential for
More informationProposed Interim Model for GDPR Compliance-- Summary Description
Proposed Interim Model for GDPR Compliance-- Summary Description (The Calzone Model, 28 February 2018) Prepared by: ICANN Org I. Introduction The Proposed Interim Model balances competing elements of models
More informationDetect Cyber Threats with Securonix Proxy Traffic Analyzer
Detect Cyber Threats with Securonix Proxy Traffic Analyzer Introduction Many organizations encounter an extremely high volume of proxy data on a daily basis. The volume of proxy data can range from 100
More informationMcAfee Advanced Threat Defense
Advanced Threat Defense Detect advanced malware Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike
More informationADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY
ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY OUTLINE Advanced Threat Landscape (genv) Why is endpoint protection essential? Types of attacks and how to prevent them
More information