Using Visual Motifs to Classify Encrypted Traffic
|
|
- Anna Blair
- 5 years ago
- Views:
Transcription
1 Using Visual Motifs to Classify Encrypted Traffic VizSEC'06 - November 3, 2006 Charles V Wright Fabian Monrose Gerald M Masson Johns Hopkins University Information Security Institute
2 Traffic Classification: Why? To detect intrusions or malware Is your mail server hosting a phishing website? (Are you sure?) To detect misuse by legitimate users File sharing Chat, Instant Messaging
3 Traffic Classification: Why? Port Numbers are not reliable They can be changed at will by the end hosts Increased use of cryptography precludes inspection of packet payloads Good: Hackers can't get our passwords. Bad: Network admins have less info to work with
4 Traffic Classification: How? Manually? tcpdump output? Ethereal/Wireshark?
5 Traffic Classification: How? Manually? No. tcpdump output? Ethereal/Wireshark? Machine Learning Text classification [ZP00] [MP05] [Dre06] [Ma06] Decision Trees [EBR03] Naïve Bayes [MZ05] Hidden Markov Models [WMM04] [WMM]
6 Traffic Classification: How? Manually? No. tcpdump output? Ethereal/Wireshark? Machine Learning [ZP00] [EBR03] [WMM04] [MP05] [MZ05] [Dre06] [Ma06] [WMM] Visually Look for distinctive visual motifs in the patterns produced by packets on the wire
7 Core observation of this work: Application protocols behave differently and thus look different from each other on the wire.
8 Core observation of this work: Application protocols behave differently and thus look different from each other on the wire. Even when encrypted using SSL or TLS.
9 Application to Traffic Classification We can use these differences to distinguish between common application protocols in the traffic that we see on our networks Quickly and Easily Without port numbers Without packet payloads
10 What does a TCP connection look like? from server from client Example: HTTP
11 What does a TCP connection look like? from client HTTP Request TCP 3-way Handshake from server Data Transfer from Server to Client Example: HTTP
12 What does a TCP connection look like? from client TCP 3-way Handshake Data Transfer from Client to Server TCP FIN from server SMTP Handshaking (EHLO, RCPT TO, etc.) SMTP GOODBYE Example: SMTP
13 Viewing many similar TCP connections at once from client n = 1 from server Example: HTTP
14 Viewing many similar TCP connections at once from client n = 2 from server Example: HTTP
15 Viewing many similar TCP connections at once from client n = 3 from server Example: HTTP
16 Viewing many similar TCP connections at once from client n = 50 Yuck! from server Example: HTTP
17 Viewing many similar TCP connections at once - heat maps from client dark spots - very few packets from server bright spots - lots of packets Example: HTTP
18 Viewing many similar TCP connections at once heat maps HTTP requests from client TCP handshake ACKs from client from server HTTP response Example: HTTP Data from server
19 Classifying traffic with heat maps and visual motifs HTTP SMTP AIM HTTP
20 Classifying traffic with heat maps and visual motifs HTTP SMTP AIM SSH
21 Does this look like HTTP?
22 Or more like SMTP?
23 Limitations The previous graphs illustrate time-dependent properties of the application protocols They also cover a very short time span Long-lived, free-form protocols like SSH may be better characterized by taking a different view of the data
24 Steady-State Properties We assume these don't change over the life of the connection Look at individual packets (unigrams) How big is the packet? How long since the previous packet? Look at pairs of consecutive packets (bigrams)
25 Unigram Frequencies: HTTP from server from client
26 Unigram Frequencies HTTP SMTP AIM SSH
27 Bigram Frequencies HTTP SMTP AIM SSH
28 Bigram Frequencies: HTTP from server from client from server from client
29 Bigram Frequencies: SMTP from server from client from server from client
30 Bigram Frequencies: AIM from server from client from server from client
31 Bigram Frequencies: SSH from server from client from server from client
32 Bigrams in 3D
33 Future Work Work is in progress to build an interactive GUI application for analyzing packet traces Open Source release planned for later this academic year We're also exploring ways to integrate Machine Learning with Visualization more effectively
34 Acknowledgments Many thanks to the developers of Numerical Python and the Python matplotlib package Thanks also to the Statistics Group at GMU and to Pang et al. at LBNL for providing access to their packet traces
35 Questions? Thanks!
36 References [Dre06] H. Dreger, A. Feldmann, M. Mai, V. Paxson, and R. Sommer. Dynamic Application-Layer Protocol Analysis for Network Intrusion Detection. USENIX Security [EBR03] J. Early, C. Brodley and C. Rosenberg. Behavioral Authentication of Server Flows. ACSAC [Ma06] J. Ma, K. Levchenko, C. Kreibich, S. Savage, and G.M. Voelker. Unexpected Means of Protocol Inference. IMC [MP05] A. Moore and D. Papagiannaki. Toward the Accurate Identification of Network Applications. PAM [MZ05] A. Moore and D. Zuev. Internet Traffic Classification Using Bayesian Analysis Techniques. ACM SIGMETRICS, June [WMM04] C. Wright, F. Monrose, and G.M. Masson. HMM Profiles for Network Traffic Classification (Extended Abstract). VizSEC/DMSEC [WMM] C.V. Wright, F. Monrose, and G.M. Masson. On Inferring Application Protocol Behaviors in Encrypted Network Traffic. JMLR Special Topic on Computer Security. (to appear) [ZP00] Y. Zhang and V. Paxson. Detecting Back Doors. USENIX Security 2000.
Using Visual Motifs to Classify Encrypted Traffic
Using Visual Motifs to Classify Encrypted Traffic Charles V Wright cvwright@jhu.edu Fabian Monrose fabian@jhu.edu Gerald M Masson masson@jhu.edu Johns Hopkins University Information Security Institute
More informationTraffic Classification Using Visual Motifs: An Empirical Evaluation
Traffic Classification Using Visual Motifs: An Empirical Evaluation Wilson Lian 1 Fabian Monrose 1 John McHugh 1,2 1 University of North Carolina at Chapel Hill 2 RedJack, LLC VizSec 2010 Overview Background
More informationCan we trust the inter-packet time for traffic classification?
Can we trust the inter-packet time for traffic classification? Mohamad Jaber, Roberto G. Cascella and Chadi Barakat INRIA Sophia Antipolis, EPI Planète 2004, Route des Luciolles Sophia Antipolis, France
More informationA Preliminary Performance Comparison of Two Feature Sets for Encrypted Traffic Classification
A Preliminary Performance Comparison of Two Feature Sets for Encrypted Traffic Classification Riyad Alshammari and A. Nur Zincir-Heywood Dalhousie University, Faculty of Computer Science {riyad,zincir}@cs.dal.ca
More informationGeneralization of Signatures for SSH Encrypted Traffic Identification
Generalization of Signatures for SSH Encrypted Traffic Identification Riyad Alshammari and A. Nur Zincir-Heywood Faculty of Computer Science, Dalhousie University 6050 University Avenue Halifax, NS, Canada
More informationHMM Profiles for Network Traffic Classification (Extended Abstract)
HMM Profiles for Network Traffic Classification (Extended Abstract) Charles Wright Johns Hopkins University Information Security Institute cwright@cs.jhu.edu Fabian Monrose Johns Hopkins University Information
More informationIdentify P2P Traffic by Inspecting Data Transfer Behaviour
Identify P2P Traffic by Inspecting Data Transfer Behaviour Mingjiang Ye, Jianping Wu,KeXu,DahMingChiu 2 Department of Computer Science, Tsinghua University, Beijing, 84, P.R.China yemingjiang@csnet.cs.tsinghua.edu.cn,
More informationPacket Classification in Co-mingled Traffic Streams
Packet Classification in Co-mingled Traffic Streams Siddharth Maru, Timothy X Brown Dept. of Electrical, Computer and Energy Engineering University of Colorado at Boulder, CO 80309-0530 {siddharth.maru,timxb}@colorado.edu
More informationTunneling Activities Detection Using Machine Learning Techniques
Fabien Allard 1, Renaud Dubois 1, Paul Gompel 2 and Mathieu Morel 3 1 Thales Communications 160 Boulevard de Valmy BP 82 92704 Colombes Cedex FRANCE firstname.lastname@fr.thalesgroup.com 2 pgompel@gmail.com
More informationEarly Application Identification
Early Application Identification Laurent Bernaille Renata Teixeira Kave Salamatian Université Pierre et Marie Curie - LIP6/CNRS Which applications run on my network? Internet Edge Network (campus, enterprise)
More informationInvestigating Two Different Approaches for Encrypted Traffic Classification
Investigating Two Different Approaches for Encrypted Traffic Classification Riyad Alshammari and A. Nur Zincir-Heywood Faculty of Computer Science, Dalhousie University 6050 University Avenue Halifax,
More informationDetecting Distributed Denial-of. of-service Attacks by analyzing TCP SYN packets statistically. Yuichi Ohsita Osaka University
Detecting Distributed Denial-of of-service Attacks by analyzing TCP SYN packets statistically Yuichi Ohsita Osaka University Contents What is DDoS How to analyze packet Traffic modeling Method to detect
More informationPacket Classification using Support Vector Machines with String Kernels
RESEARCH ARTICLE Packet Classification using Support Vector Machines with String Kernels Sarthak Munshi *Department Of Computer Engineering, Pune Institute Of Computer Technology, Savitribai Phule Pune
More informationTunneling Activities Detection Using Machine Learning Techniques
Paper Tunneling Activities Detection Using Machine Learning Techniques Fabien Allard, Renaud Dubois, Paul Gompel, and Mathieu Morel, Colombes Cedex, France Abstract Tunnel establishment, like HTTPS tunnel
More informationCan t you hear me knocking
Can t you hear me knocking Identification of user actions on Android apps via traffic analysis Candidate: Supervisor: Prof. Mauro Conti Riccardo Spolaor Co-Supervisor: Dr. Nino V. Verde April 17, 2014
More informationInternet Traffic Classification using a Hidden Markov model
2010 10th International Conference on Hybrid Intelligent Systems Internet Traffic Classification using a Hidden Markov model José Everardo Bessa Maia Department of Statistics and Computing UECE - State
More informationIdentify P2P Traffic by Inspecting Data Transfer Behaviour
Identify P2P Traffic by Inspecting Data Transfer Behaviour Mingjiang Ye, Jianping Wu, Ke Xu, Dah Ming Chiu 2 Tsinghua National Laboratory for Information Science and Technology, Department of Computer
More informationA Hybrid Approach for Accurate Application Traffic Identification
A Hybrid Approach for Accurate Application Traffic Identification Thesis Defence December 21, 2005 Young J. Won yjwon@postech.ac.kr Distributed Processing & Network Management Lab. Dept. of Computer Science
More informationActive Build-Model Random Forest Method for Network Traffic Classification
Active Build-Model Random Forest Method for Network Traffic Classification Alhamza Munther #1, Rozmie Razif #2, Shahrul Nizam #3, Naseer Sabri #4, Mohammed Anbar *5 #1, 2, 3, 4 School of Computer and Communication
More informationFast and Evasive Attacks: Highlighting the Challenges Ahead
Fast and Evasive Attacks: Highlighting the Challenges Ahead Moheeb Rajab, Fabian Monrose, and Andreas Terzis Computer Science Department Johns Hopkins University Outline Background Related Work Sampling
More informationImproving Machine Learning Network Traffic Classification with Payload-based Features
Improving Machine Learning Network Traffic Classification with Payload-based Features Michal Scigocki, Sebastian Zander Centre for Advanced Internet Architectures, Technical Report 131120A Swinburne University
More informationNetwork Traffic Measurements and Analysis
DEIB - Politecnico di Milano Fall, 2017 Traffic Classification Introduction Traffic Classification Traffic classification aims at categorising network traffic into a number of traffic classes. When traffic
More informationMachine Learning based Traffic Classification using Low Level Features and Statistical Analysis
Machine Learning based Traffic using Low Level Features and Statistical Analysis Rajesh Kumar M.Tech Scholar PTU Regional Center (SBBSIET) Jalandhar, India TajinderKaur Assistant Professor SBBSIET Padhiana
More informationEfficient Flow based Network Traffic Classification using Machine Learning
Efficient Flow based Network Traffic Classification using Machine Learning Jamuna.A*, Vinodh Ewards S.E** *(Department of Computer Science and Engineering, Karunya University, Coimbatore-114) ** (Assistant
More informationSVILUPPO DI UNA TECNICA DI RICONOSCIMENTO STATISTICO DI APPLICAZIONI SU RETE IP
UNIVERSITÀ DEGLI STUDI DI PARMA FACOLTÀ di INGEGNERIA Corso di Laurea Specialistica in Ingegneria delle Telecomunicazioni SVILUPPO DI UNA TECNICA DI RICONOSCIMENTO STATISTICO DI APPLICAZIONI SU RETE IP
More informationEavesdropping on Fine-Grained User Activities Within Smartphone Apps Over Encrypted Network Traffic
Eavesdropping on Fine-Grained User Activities Within Smartphone Apps Over Encrypted Network Traffic Brendan Saltaformaggio, Hongjun Choi, Kristen Johnson, Yonghwi Kwon, Qi Zhang, Xiangyu Zhang, Dongyan
More informationInferring the Source of Encrypted HTTP Connections. Michael Lin CSE 544
Inferring the Source of Encrypted HTTP Connections Michael Lin CSE 544 Hiding your identity You can wear a mask, but some distinguishing characteristics are visible: Height Weight Hair Clothing Even if
More informationRule Management: Common Characteristics
The following topics describe how to manage common characteristics of rules in various policies on the Firepower Management Center: Introduction to Rules, page 1 Rule Condition Types, page 2 Searching
More informationA Robust Classifier for Passive TCP/IP Fingerprinting
A Robust Classifier for Passive TCP/IP Fingerprinting Rob Beverly MIT CSAIL rbeverly@csail.mit.edu April 20, 2004 PAM 2004 Typeset by FoilTEX Outline A Robust Classifier for Passive TCP/IP Fingerprinting
More informationEarly traffic classification using Support Vector Machines
Early traffic classification using Support Vector Machines Gabriel Gómez Sena Facultad de Ingeniería Universidad de la República Montevideo, Uruguay ggomez@fing.edu.uy Pablo Belzarena Facultad de Ingeniería
More informationBLINC: Multilevel Traffic Classification in the Dark
BLINC: Multilevel Traffic Classification in the Dark Thomas Karagiannis, UC Riverside Konstantina Papagiannaki, Intel Research Cambridge Michalis Faloutsos, UC Riverside The problem of workload characterization
More informationApp-ID. PALO ALTO NETWORKS: App-ID Technology Brief
App-ID Application Protocol Detection / Decryption Application Protocol Decoding Application Signature Heuristics App-ID is a patent-pending traffic classification technology that identifies more than
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationOnline Traffic Classification Based on Sub-Flows
Online Traffic Classification Based on SubFlows Victor Pasknel de A. Ribeiro, Raimir Holanda Filho Master s Course in Applied Computer Sciences University of Fortaleza UNIFOR Fortaleza Ceará Brazil paskel@unifor.br,
More informationCPSC 641: WAN Measurement. Carey Williamson Department of Computer Science University of Calgary
CPSC 641: WAN Measurement Carey Williamson Department of Computer Science University of Calgary WAN Traffic Measurements There have been several studies of wide area network traffic (i.e., Internet traffic)
More informationAccess Control. Access Control Overview. Access Control Rules and the Default Action
The following topics explain access control rules. These rules control which traffic is allowed to pass through the device, and apply advanced services to the traffic, such as intrusion inspection. Overview,
More informationConfiguring Health Monitoring
CHAPTER1 This chapter describes how to configure health monitoring on the ACE to track the state of a server by sending out probes. Also referred to as out-of-band health monitoring, the ACE verifies the
More informationCSC 574 Computer and Network Security. TCP/IP Security
CSC 574 Computer and Network Security TCP/IP Security Alexandros Kapravelos kapravelos@ncsu.edu (Derived from slides by Will Enck and Micah Sherr) Network Stack, yet again Application Transport Network
More informationWhen does it work? Packet Sniffers. INFO Lecture 8. Content 24/03/2009
Packet Sniffers INFO 404 - Lecture 8 24/03/2009 nfoukia@infoscience.otago.ac.nz Definition Sniffer Capabilities How does it work? When does it work? Preventing Sniffing Detection of Sniffing References
More informationAccess Control. Access Control Overview. Access Control Rules and the Default Action
The following topics explain access control rules. These rules control which traffic is allowed to pass through the device, and apply advanced services to the traffic, such as intrusion inspection. Overview,
More informationIntroduction Challenges with using ML Guidelines for using ML Conclusions
Introduction Challenges with using ML Guidelines for using ML Conclusions Misuse detection Exact descriptions of known bad behavior Anomaly detection Deviations from profiles of normal behavior First proposed
More informationDetecting Distributed Denial of Service (DDoS) Attacks Through Inductive Learning
Detecting Distributed Denial of Service (DDoS) Attacks Through Inductive Learning Sanguk Noh 1, Cheolho Lee 2, Kyunghee Choi 2, Gihyun Jung 3 1 School of Computer Science and information Engineering, The
More informationInferring Protocol State Machine from Network Traces: A Probabilistic Approach
Inferring Protocol State Machine from Network Traces: A Probabilistic Approach Yipeng Wang 1,3, Zhibin Zhang 1, Danfeng (Daphne) Yao 2, Buyun Qu 1,3,andLiGuo 1 1 Institute of Computing Technology, Chinese
More informationComputer Communications
Computer Communications 33 (2) 4 5 Contents lists available at ScienceDirect Computer Communications journal homepage: www.elsevier.com/locate/comcom Identify P2P traffic by inspecting data transfer behavior
More informationUnderstanding Traffic Decryption
The following topics provide an overview of SSL inspection, describe the prerequisites for SSL inspection configuration, and detail deployment scenarios. Traffic Decryption Overview, page 1 SSL Handshake
More informationDesign of an IP Flow Record Query Language
Design of an IP Flow Record Query Language Vladislav Marinov and Jürgen Schönwälder Computer Science, Jacobs University Bremen, Germany {v.marinov,j.schoenwaelder}@jacobs-university.de Abstract. Internet
More informationInferring the Source of Encrypted HTTP Connections
Inferring the Source of Encrypted HTTP Connections Marc Liberatore Brian Neil Levine 1 Private Communications? Does link encryption provide privacy? VPNs, SSH tunnels, WEP/WPA, etc. 2 Anonymous Communication?
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ slide 1 D. Moore, G. Voelker, S. Savage Inferring Internet Denial-of-Service Activity (USENIX
More informationAccess Control Using Intelligent Application Bypass
Access Control Using Intelligent Application Bypass The following topics describe how to configure access control policies to use Intelligent Application Bypass: Introducing Intelligent Application Bypass,
More informationEmpirical Models of TCP and UDP End User Network Traffic from Data Analysis
Empirical Models of TCP and UDP End User Network Traffic from NETI@home Data Analysis Charles R. Simpson, Jr., Dheeraj Reddy, George F. Riley School of Electrical and Computer Engineering Georgia Institute
More informationSet Up with Microsoft Outlook 2013 using POP3
Page 1 of 14 Help Center Set Up E-mail with Microsoft Outlook 2013 using POP3 Learn how to configure Microsoft Outlook 2013 for use with your 1&1 e-mail account using the POP3 Protocol. Before you begin,
More informationOn the Stability of the Information Carried by Traffic Flow Features at the Packet Level
On the Stability of the Information Carried by Traffic Flow Features at the Packet Level Alice Este, Francesco Gringoli, Luca Salgarelli DEA, Università degli Studi di Brescia, Italy Email: @ing.unibs.it
More informationClassifying Encrypted Traffic with TLSaware
Classifying Encrypted Traffic with TLSaware Telemetry Blake Anderson, David McGrew, and Alison Kendler blaander@cisco.com, mcgrew@cisco.com, alkendle@cisco.com FloCon 2016 Problem Statement I need to understand
More informationCSC Network Security
CSC 474 -- Security Topic 9. Firewalls CSC 474 Dr. Peng Ning 1 Outline Overview of Firewalls Filtering Firewalls Proxy Servers CSC 474 Dr. Peng Ning 2 Overview of Firewalls CSC 474 Dr. Peng Ning 3 1 Internet
More informationAn study of the concepts necessary to create, as well as the implementation of, a flexible data processing and reporting engine for large datasets.
An study of the concepts necessary to create, as well as the implementation of, a flexible data processing and reporting engine for large datasets. Ignus van Zyl 1 Statement of problem Network telescopes
More informationTransport Level Security
2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,
More informationDeveloping the Sensor Capability in Cyber Security
Developing the Sensor Capability in Cyber Security Tero Kokkonen, Ph.D. +358504385317 tero.kokkonen@jamk.fi JYVSECTEC JYVSECTEC - Jyväskylä Security Technology - is the cyber security research, development
More informationMcAfee Certified Assessment Specialist Network
McAfee MA0-150 McAfee Certified Assessment Specialist Network Version: 4.0 Topic 1, Volume A QUESTION NO: 1 An attacker has compromised a Linux/Unix host and discovers a suspicious file called "password"
More informationImplementing Cisco Network Security (IINS) 3.0
Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationUnderstanding Traffic Decryption
The following topics provide an overview of SSL inspection, describe the prerequisites for SSL inspection configuration, and detail deployment scenarios. About Traffic Decryption, page 1 SSL Inspection
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 6 Intrusion Detection First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Intruders significant issue hostile/unwanted
More informationIntroduction to Information Science and Technology 2017 Networking II. Sören Schwertfeger 师泽仁
II Sören Schwertfeger 师泽仁 Outline Review Network Layer Routing Transport Layer Applications HTTP Demos Internet: Huge network of networks Billions of hosts (computers) Internet Structure Network Edge:
More informationA Graphical User Interface Framework for Detecting Intrusions using Bro IDS
A Graphical User Interface Framework for Detecting Intrusions using Bro IDS Shaffali Gupta M.Tech Scholar Thapar University, Patiala Rachit Goel M.tech Scholar Doon Valley, Karnal ABSTRACT Internet has
More informationSecurity & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of
Contents Security & Privacy Contents Web Architecture and Information Management [./] Spring 2009 INFO 190-02 (CCN 42509) Erik Wilde, UC Berkeley School of Information Abstract 1 Security Concepts Identification
More informationCategorizing Interactive IP Traffic-Skype
IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661, p- ISSN: 2278-8727Volume 9, Issue 6 (Mar. - Apr. 2013), PP 57-63 Categorizing Interactive IP Traffic-Skype P.Pinky 1, S E Vinodh Ewards
More informationdfence: Transparent Network- based Denial of Service Mitigation
dfence: Transparent Network- based Denial of Service Mitigation Ajay Mahimkar, Jasraj Dange, Vitaly Shmatikov, Harrick Vin, Yin Zhang University of Texas at Austin mahimkar@cs.utexas.edu The Problem Denial
More informationCS Paul Krzyzanowski
Computer Security 17. Tor & Anonymous Connectivity Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2018 1 2 Anonymity on the Internet Often considered bad Only criminals need to hide
More informationNETWORK PROBE FOR FLEXIBLE FLOW MONITORING
NETWORK PROBE FOR FLEXIBLE FLOW MONITORING Martin Žádník, Jan Kořenek, Faculty of Information Technology Brno University of Technology Brno, Czech Republic email: {izadnik,korenek}@fit.vutbr.cz Petr Kobierský
More informationConfigure Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) Service Settings on a Switch
Configure Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) Service Settings on a Switch Objective Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are transportation
More informationLecture 12. Application Layer. Application Layer 1
Lecture 12 Application Layer Application Layer 1 Agenda The Application Layer (continue) Web and HTTP HTTP Cookies Web Caches Simple Introduction to Network Security Various actions by network attackers
More informationSecurity Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)
Security Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings) Lecture Outline Network Attacks Attive Attacks Passive Attacks TCP Attacks Contermeasures IPSec SSL/TLS Firewalls
More informationitmbench: Generalized API for Internet Traffic Managers
itmbench: Generalized API for Internet Traffic Managers Traffic Controllers as Building Blocks Toward Safely Composing New Network Services Ibrahim Matta Computer Science Department Boston University Joint
More informationNetwork Security. Kitisak Jirawannakool Electronics Government Agency (public organisation)
1 Network Security Kitisak Jirawannakool Electronics Government Agency (public organisation) A Brief History of the World 2 OSI Model vs TCP/IP suite 3 TFTP & SMTP 4 ICMP 5 NAT/PAT 6 ARP/RARP 7 DHCP 8
More informationConnection Logging. Introduction to Connection Logging
The following topics describe how to configure the Firepower System to log connections made by hosts on your monitored network: Introduction to, page 1 Strategies, page 2 Logging Decryptable Connections
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 24a December 2, 2013 CPSC 467, Lecture 24a 1/20 Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management and Trusted
More informationProtocol Layers, Security Sec: Application Layer: Sec 2.1 Prof Lina Battestilli Fall 2017
CSC 401 Data and Computer Communications Networks Protocol Layers, Security Sec:1.5-1.6 Application Layer: Sec 2.1 Prof Lina Battestilli Fall 2017 Outline Computer Networks and the Internet (Ch 1) 1.1
More informationConnection Logging. About Connection Logging
The following topics describe how to configure the Firepower System to log connections made by hosts on your monitored network: About, page 1 Strategies, page 2 Logging Decryptable Connections with SSL
More informationStatistical and Visualization Techniques for Streaming Data
Statistical and Visualization Techniques for Streaming Data David J. Marchette david.marchette@navy.mil Naval Surface Warfare Center Code B10 Statistical and Visualization Techniques for Streaming Data
More informationnetwork security s642 computer security adam everspaugh
network security s642 adam everspaugh ace@cs.wisc.edu computer security today Announcement: HW3 to be released WiFi IP, TCP DoS, DDoS, prevention 802.11 (wifi) STA = station AP = access point BSS = basic
More informationCIT 380: Securing Computer Systems. Network Security Concepts
CIT 380: Securing Computer Systems Network Security Concepts Topics 1. Protocols and Layers 2. Layer 2 Network Concepts 3. MAC Spoofing 4. ARP 5. ARP Spoofing 6. Network Sniffing Protocols A protocol defines
More informationTraining on multiple sub-flows to optimise the use of Machine Learning classifiers in real-world IP networks
Training on multiple sub-flows to optimise the use of Machine Learning classifiers in real-world IP networks Thuy T.T. Nguyen, Grenville Armitage Centre for Advanced Internet Architectures Swinburne University
More informationsurveillance & anonymity cs642 computer security adam everspaugh
surveillance & anonymity cs642 computer security adam everspaugh ace@cs.wisc.edu today Internet-wide scanning, zmap Massive surveillance, packet inspection Anonymous browsing, TOR TCP handshake Client
More informationEthernet / TCP-IP - Training Suite Application level protocols
Ethernet / TCP-IP - Training Suite 05 - Application level protocols Application layer protocols 2 World Wide Web HTTP I want HTTP this resource. Hypertext Transfer Protocol (HTTP) Used by the World Wide
More informationClassification of Traffic Flows into QoS Classes by Unsupervised Learning and KNN Clustering
KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS VOL. 3, NO. 2, April 2009 134 Copyright c 2009 KSII Classification of Traffic Flows into QoS Classes by Unsupervised Learning and KNN Clustering Yi
More informationAccess Control Rules: Network-Based
The following topics describe how to configure network traffic logging and handling: Introduction to Network-Based Access Control Rules, page 1 Access Control Rules: Security Zone Conditions, page 2 Access
More informationUnderstanding user experience on mobile devices with the ICSI Netalyzr
Understanding user experience on mobile devices with the ICSI Netalyzr Narseo Vallina-Rodriguez, Srikanth Sundaresan, Christian Kreibich, Nicholas Weaver and Vern Paxson ICSI-UC Berkeley Moritz Steiner
More informationADVANCED, UNKNOWN MALWARE IN THE HEART OF EUROPE
ADVANCED, UNKNOWN MALWARE IN THE HEART OF EUROPE AGENDA Network Traffic Analysis: What, Why, Results Malware in the Heart of Europe Bonus Round 2 WHAT: NETWORK TRAFFIC ANALYSIS = Statistical analysis,
More informationCSE543 Computer and Network Security Module: Network Security
CSE543 Computer and Network Security Module: Network Security Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 2 Communication Security Want to establish a secure channel
More informationprecise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet protocol (bottom level)
Protocols precise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet protocol (bottom level) all packets shipped from network to network as IP packets
More informationIX Series Protocol APPLICATION NOTE. Wiring
IX-DA ABC JKL TUV MNO PRIVACY TRANSFER LIST SETTING IX Series Protocol APPLICATION NOTE The IX Series has a variety of IP video door stations, IP audio only door stations, and 2-wire adaptors for legacy
More informationCSEE 4119 Computer Networks. Chapter 1 Introduction (4/4) Introduction 1-1
CSEE 4119 Computer Networks Chapter 1 Introduction (4/4) Introduction 1-1 Chapter 1: roadmap 1.1 What is the Internet? 1.2 Network edge! end systems, access networks, links 1.3 Network core! circuit switching,
More informationEnhancing Byte-Level Network Intrusion Detection Signatures with Context
Enhancing Byte-Level Network Intrusion Detection Signatures with Context Robin Sommer sommer@in.tum.de Technische Universität München Germany Vern Paxson vern@icir.org International Computer Science Institute
More informationApplication Firewall-Instant Message Traffic
Application Firewall-Instant Message Traffic Enforcement Finding Feature Information Application Firewall-Instant Message Traffic Enforcement Last Updated: June 14, 2011 The Application Firewall--Instant
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationNetworking interview questions
Networking interview questions What is LAN? LAN is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected
More informationComparison of Maxwell Family of Network Emulators. Kings Village Center #66190 Scotts Valley, CA iwl.com
Comparison of Maxwell Family of Network Emulators Kings Village Center #66190 Scotts Valley, CA 95067 +1.831.460.7010 info@ 1 Point-and-Click Scenarios Cross-Atlantic T1 ATM Link X X Low earth orbit satellite
More informationCSC 4900 Computer Networks: Security Protocols (2)
CSC 4900 Computer Networks: Security Protocols (2) Professor Henry Carter Fall 2017 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication
More informationGetting Started with Access Control Policies
Getting Started with Control Policies The following topics describe how to start using access control policies: Introduction to Control, page 1 Managing Control Policies, page 6 Creating a Basic Control
More informationApplication Detection
The following topics describe Firepower System application detection : Overview:, on page 1 Custom Application Detectors, on page 6 Viewing or Downloading Detector Details, on page 14 Sorting the Detector
More informationA Hybrid Approach for Accurate Application Traffic Identification
A Hybrid for Accurate Application Traffic Identification Young J. Won 1, Byung-Chul Park 1, Hong-Taek Ju 2, Myung-Sup Kim 3 and James W. Hong 1 1 Dept. of Computer Science and Engineering, POSTECH {yjwon,
More information