AutoFocus: A Tool for Automatic Traffic Analysis. Cristian Estan, University of California, San Diego
|
|
- Oliver Jenkins
- 6 years ago
- Views:
Transcription
1 AutoFocus: A Tool for Automatic Traffic Analysis Cristian Estan, University of California, San Diego
2 Who is using my link? October 2003 AutoFocus - NANOG 29 2
3 Informal problem definition Gigabytes of measurement data Analysis Traffic reports Applications: 50% of traffic is Kazaa Sources: 20% is from Steve s PC October 2003 AutoFocus - NANOG 29 3
4 Informal problem definition Gigabytes of measurement data Analysis Traffic reports 20% is Kazaa from Steve s PC 50% is Kazaa from network A October 2003 AutoFocus - NANOG 29 4
5 AutoFocus: system structure Traffic analyzer Traffic parser Grapher names Web based GUI categories (sampled) NetFlow data or Packet header traces October 2003 AutoFocus - NANOG 29 5
6 System details Availability Downloadable Free for educational, research and non-profit use Requirements Linux or BSD (might run on other Unix OSes) 256 Megs of RAM at least 1-10 gigabytes of hard disk (depends on traffic) Recent Netscape, Mozilla or I.E. (Javascript) Needs no web server no server side scripting October 2003 AutoFocus - NANOG 29 6
7 Traffic analysis approach Characterize traffic mix by describing all important traffic clusters Multi-field clusters (e.g. flash crowd described by protocol, port number and IP address) At the the right level of granularity (e.g. computer, proper prefix length) Analysis is automated finds insightful data without human guidance October 2003 AutoFocus - NANOG 29 7
8 Traffic clusters: example Incoming web traffic for CS Dept. SrcIP=*, DestIP in /21, Proto=TCP, SrcPort=80, DestPort in [1024,65535] October 2003 AutoFocus - NANOG 29 8
9 Traffic report Traffic reports automatically list significant traffic clusters Describe only clusters above threshold (e.g. T=total of traffic/20) Compression removes redundant clusters whose traffic can be inferred from more specific clusters October 2003 AutoFocus - NANOG 29 9
10 Automatic cluster selection / / / / / / / / / / / / October 2003 AutoFocus - NANOG 29 10
11 Automatic cluster selection Threshold= / / / / / / / / / / / / October 2003 AutoFocus - NANOG 29 11
12 Automatic cluster selection / / / Compression keeps interesting clusters by removing those that can be inferred from more specific ones / / <100 October 2003 AutoFocus - NANOG 29 12
13 Single field report example Source IP Traffic pkts / / AutoFocus has both single field and multi-field traffic reports October 2003 AutoFocus - NANOG 29 13
14 Graphical user interface Web based interface Many pre-computed traffic reports Interactive drill-down Traffic categories defined by user October 2003 AutoFocus - NANOG 29 14
15 Traffic reports for weeks, days, three hour intervals and half hour intervals October 2003 AutoFocus - NANOG 29 15
16 Traffic reports measure traffic in bytes, packets and flows, have various thresholds October 2003 AutoFocus - NANOG 29 16
17 Single field report October 2003 AutoFocus - NANOG 29 17
18 October 2003 AutoFocus - NANOG 29 18
19 Colors user defined traffic categories Separate reports for each category October 2003 AutoFocus - NANOG 29 19
20 The filter and threshold allow interactive drill-down October 2003 AutoFocus - NANOG 29 20
21 The filter and threshold allow interactive drill-down October 2003 AutoFocus - NANOG 29 21
22 The filter and threshold allow interactive drill-down October 2003 AutoFocus - NANOG 29 22
23 Case study : SD-NAP Structure of regular traffic mix Backups from CAIDA to tape server FTP from SLAC Stanford Scripps web traffic Web & Squid servers Large ssh traffic Steady ICMP probing from CAIDA Unexpected events October 2003 AutoFocus - NANOG 29 23
24 Structure of regular traffic mix Backups from CAIDA to tape server SD-NAP October 2003 AutoFocus - NANOG 29 24
25 Structure of regular traffic mix Backups from CAIDA to tape server Semi-regular time pattern SD-NAP October 2003 AutoFocus - NANOG 29 25
26 Structure of regular traffic mix Steady ICMP probing from CAIDA SD-NAP The flow view highlights different traffic clusters October 2003 AutoFocus - NANOG 29 26
27 Analysis of unusual events Sapphire/SQL Slammer worm Find worm port & proto automatically October 2003 AutoFocus - NANOG 29 27
28 Analysis of unusual events Sapphire/SQL Slammer worm Can identify infected hosts October 2003 AutoFocus - NANOG 29 28
29 How can AutoFocus help you? Understand your regular traffic mix better Better planning of network growth Better traffic policing Understand unusual events More effective reactions to worms, DoS attacks Notice effects of route changes on traffic October 2003 AutoFocus - NANOG 29 29
30 Benefits w.r.t.. existing tools Multi-field aggregation Automatically finds right granularity Drill-down Per category reports Using filter October 2003 AutoFocus - NANOG 29 30
31 Thank you! Beta version of AutoFocus downloadable from Any questions? Acknowledgements: Stefan Savage, George Varghese, Vern Paxson, David Moore, Liliana Estan, Mike Hunter, Pat Wilson, Jennifer Rexford, K Claffy, Alex Snoeren, Geoff Voelker, NIST,NSF October 2003 AutoFocus - NANOG 29 31
32 October 2003 AutoFocus - NANOG 29 32
33 Definition: unexpectedness To highlight non-obvious traffic clusters by using unexpectedness label 50% of all traffic is web Prefix B receives 20% of all traffic The web traffic received by prefix B is 15% instead of 50%*20%=10%, unexpectedness label is 15%/10%=150% October 2003 AutoFocus - NANOG 29 33
KNOM Tutorial Internet Traffic Matrix Measurement and Analysis. Sue Bok Moon Dept. of Computer Science
KNOM Tutorial 2003 Internet Traffic Matrix Measurement and Analysis Sue Bok Moon Dept. of Computer Science Overview Definition of Traffic Matrix 4Traffic demand, delay, loss Applications of Traffic Matrix
More informationWorldwide Detection of Denial of Service (DoS) Attacks
Worldwide Detection of Denial of Service (DoS) Attacks David Moore, Geoff Voelker and Stefan Savage August 15, 2001 dmoore @ caida.org www.caida.org Outline The Backscatter Analysis Technique Observations
More informationPower of Slicing in Internet Flow Measurement. Ramana Rao Kompella Cristian Estan
Power of Slicing in Internet Flow Measurement Ramana Rao Kompella Cristian Estan 1 IP Network Management Network Operator What is happening in my network? How much traffic flows towards a given destination?
More informationRob Sherwood Bobby Bhattacharjee Ryan Braud. University of Maryland. Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse p.
Rob Sherwood Bobby Bhattacharjee Ryan Braud University of Maryland UCSD Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse p.1 Sender Receiver Sender transmits packet 1:1461 Time Misbehaving
More informationAn study of the concepts necessary to create, as well as the implementation of, a flexible data processing and reporting engine for large datasets.
An study of the concepts necessary to create, as well as the implementation of, a flexible data processing and reporting engine for large datasets. Ignus van Zyl 1 Statement of problem Network telescopes
More informationDesign of an IP Flow Record Query Language
Design of an IP Flow Record Query Language Vladislav Marinov and Jürgen Schönwälder Computer Science, Jacobs University Bremen, Germany {v.marinov,j.schoenwaelder}@jacobs-university.de Abstract. Internet
More informationSome Observations of Internet Stream Lifetimes
Some Observations of Internet Stream Lifetimes Nevil Brownlee CAIDA, UC San Diego, and The University of Auckland, New Zealand nevil@auckland.ac.nz Abstract. We present measurements of stream lifetimes
More informationFlowIntegrator. Integrating Flow Technologies with Mainstream Event Management Systems. Sasha Velednitsky
FlowIntegrator Integrating Flow Technologies with Mainstream Event Management Systems Sasha Velednitsky svelednitsky@netflowlogic.com NetFlow Logic Corporation January 2012 Problem Network infrastructure
More informationMAD 12 Monitoring the Dynamics of Network Traffic by Recursive Multi-dimensional Aggregation. Midori Kato, Kenjiro Cho, Michio Honda, Hideyuki Tokuda
MAD 12 Monitoring the Dynamics of Network Traffic by Recursive Multi-dimensional Aggregation Midori Kato, Kenjiro Cho, Michio Honda, Hideyuki Tokuda 1 Background Traffic monitoring is important to detect
More informationScalability, Fidelity, and Containment in the Potemkin Virtual Honeyfarm
Scalability, Fidelity, and in the Potemkin Virtual Honeyfarm Michael Vrable, Justin Ma, Jay Chen, David Moore, Erik Vandekieft, Alex C. Snoeren, Geoffrey M. Voelker, Stefan Savage Collaborative Center
More informationNew Directions in Traffic Measurement and Accounting. Need for traffic measurement. Relation to stream databases. Internet backbone monitoring
New Directions in Traffic Measurement and Accounting C. Estan and G. Varghese Presented by Aaditeshwar Seth 1 Need for traffic measurement Internet backbone monitoring Short term Detect DoS attacks Long
More informationComputer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2009 Lecture 5 Announcements First project: Due: 6 Feb. 2009 at 11:59 p.m. http://www.cis.upenn.edu/~cis551/project1.html Group project: 2 or 3 students
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ slide 1 D. Moore, G. Voelker, S. Savage Inferring Internet Denial-of-Service Activity (USENIX
More informationIntroduction to Netflow
Introduction to Netflow Campus Network Design & Operations Workshop These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)
More informationVisFlowConnect-IP: An Animated Link Analysis Tool For Visualizing Netflows
VisFlowConnect-IP: An Animated Link Analysis Tool For Visualizing Netflows Xiaoxin Yin*, William Yurcik, Adam Slagell SIFT Research Group (NCSA) University of Illinois at Urbana-Champaign Motivations Network
More informationInteractive Traffic Analysis and Visualization with Wisconsin Netpy
Interactive Traffic Analysis and Visualization with Wisconsin Netpy Cristian Estan and Garret Magin University of Wisconsin-Madison ABSTRACT Monitoring traffic on important links allows network administrators
More informationInternet Measurement Huaiyu Zhu, Rim Kaddah CS538 Fall 2011
Internet Measurement Huaiyu Zhu, Rim Kaddah CS538 Fall 2011 OUTLINE California Fault Lines: Understanding the Causes and Impact of Network Failures. Feng Wang, Zhuoqing Morley MaoJia Wang3, Lixin Gao and
More informationESVT (Experiment Specification and Visualization Tools) Version II MANUAL
EMIST GUI MANUAL ESVT (Experiment Specification and Visualization Tools) Version II MANUAL Web: http://emist.ist.psu.edu Newsgroup: pubnews.cse.psu.edu/psu.cse.research.emist ESVT (GUI) MANUAL Page 1 of
More informationTraffic in Network /8. Background. Initial Experience. Geoff Huston George Michaelson APNIC R&D. April 2010
Traffic in Network 1.0.0.0/8 Geoff Huston George Michaelson APNIC R&D April 2010 Background The address plan for IPv4 has a reservation for Private Use address space. This reservation, comprising of 3
More informationCS268: Beyond TCP Congestion Control
TCP Problems CS68: Beyond TCP Congestion Control Ion Stoica February 9, 004 When TCP congestion control was originally designed in 1988: - Key applications: FTP, E-mail - Maximum link bandwidth: 10Mb/s
More informationNetwork Management and Monitoring
Network Management and Monitoring Introduction to Netflow These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)
More informationVisualizing Network Data for Intrusion Detection. Kulsoom Abdullah, Chris Lee, Gregory Conti, John A. Copeland June 16, 2005
Visualizing for Intrusion Detection Kulsoom Abdullah, Chris Lee, Gregory Conti, John A. Copeland June 16, 2005 Motivation/Background traffic capacity is greater than systems can process. attacks have not
More informationESVT (Experiment Specification and Visualization Tools) Version III MANUAL
EMIST GUI MANUAL ESVT (Experiment Specification and Visualization Tools) Version III MANUAL Web: http://emist.ist.psu.edu Newsgroup: pubnews.cse.psu.edu/psu.cse.research.emist ESVT (GUI) MANUAL Page 1
More informationCommon problems in production Wireless Networks. Jigsaw: Solving the Puzzle of Enterprise Analysis. Sounds Familiar?
Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Written by Yu-Chung Cheng, John Bellardo, Peter Benko, Alex C. Snoeren, Geoffrey M. Voelker and Stefan Savage Analysis by Carlos Troncoso CS388
More informationWhat is New in Cisco ACE 4710 Application Control Engine Software Release 3.1
What is New in Cisco ACE 4710 Application Control Engine Software Release 3.1 PB478675 Product Overview The Cisco ACE Application Control Engine 4710 represents the next generation of application switches
More informationThe UCSD Network Telescope
The UCSD Network Telescope Colleen Shannon cshannon @ caida.org NSF CIED Site Visit November 22, 2004 UCSD CSE Motivation Blocking technologies for automated exploits is nascent and not widely deployed
More informationTwo-Stage Opportunistic Sampling for Network Anomaly Detection
Two-Stage Opportunistic Sampling for Network Anomaly Detection Venkata Rama Prasad Vaddella, Member IEEE and Sridevi Rachakulla Abstract In this paper we propose the two stage opportunistic sampling technique
More informationExposing server performance to network managers through passive network measurements
Exposing server performance to network managers through passive network measurements Jeff Terrell Dept. of Computer Science University of North Carolina at Chapel Hill October 19, 2008 1 databases web
More informationOutwitting the Witty Worm Exploiting Underlying Structure for Detailed Reconstruction of an Internet-Scale Event
Outwitting the Witty Worm Exploiting Underlying Structure for Detailed Reconstruction of an Internet-Scale Event Abhishek Kumar Georgia Institute of Technology akumar@cc.gatech.edu Vern Paxson ICSI vern@icir.org
More informationOur Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II
Our Narrow Focus 15-441 15-441 Computer Networking 15-641 Lecture 22 Security: DOS Peter Steenkiste Fall 2016 www.cs.cmu.edu/~prs/15-441-f16 Yes: Creating a secure channel for communication (Part I) Protecting
More informationA Two-Layered Anomaly Detection Technique based on Multi-modal Flow Behavior Models
A Two-Layered Anomaly Detection Technique based on Multi-modal Flow Behavior Models Marc Ph. Stoecklin Jean-Yves Le Boudec Andreas Kind
More informationA FRESH LOOK AT SCALABLE FORWARDING THROUGH ROUTER FIB CACHING. Kaustubh Gadkari, Dan Massey and Christos Papadopoulos
A FRESH LOOK AT SCALABLE FORWARDING THROUGH ROUTER FIB CACHING Kaustubh Gadkari, Dan Massey and Christos Papadopoulos Problem: RIB/FIB Growth Global RIB directly affects FIB size FIB growth is a big concern:
More informationMeasurement: Techniques, Strategies, and Pitfalls. David Andersen CMU
Measurement: Techniques, Strategies, and Pitfalls David Andersen CMU 15-744 Many (most) slides in this lecture from Nick Feamster's measurement lecture Internet Measurement Process of collecting data that
More informationFrom Correlation to Causation: Active Delay Injection for Service Dependency Detection
From Correlation to Causation: Active Delay Injection for Service Dependency Detection Christopher Kruegel Computer Security Group ARO MURI Meeting ICSI, Berkeley, November 15, 2012 Correlation Engine
More informationVisualization of Internet Traffic Features
Visualization of Internet Traffic Features Jiraporn Pongsiri, Mital Parikh, Miroslova Raspopovic and Kavitha Chandra Center for Advanced Computation and Telecommunications University of Massachusetts Lowell,
More informationDoS Attacks. Network Traceback. The Ultimate Goal. The Ultimate Goal. Overview of Traceback Ideas. Easy to launch. Hard to trace.
DoS Attacks Network Traceback Eric Stone Easy to launch Hard to trace Zombie machines Fake header info The Ultimate Goal Stopping attacks at the source To stop an attack at its source, you need to know
More information"Dark" Traffic in Network /8
"Dark" Traffic in Network 49.0.0.0/8 September 2010 Geoff Huston George Michaelson APNIC R&D research@apnic.net APNIC is now regularly examining the unused state of IPv4 address blocks before they are
More informationCPSC 641: WAN Measurement. Carey Williamson Department of Computer Science University of Calgary
CPSC 641: WAN Measurement Carey Williamson Department of Computer Science University of Calgary WAN Traffic Measurements There have been several studies of wide area network traffic (i.e., Internet traffic)
More informationMonitoring and Analysis
CHAPTER 3 Cisco Prime Network Analysis Module 5.1 has two types of dashboards: One type is the summary views found under the Monitor menu, and the other type is the over time views found under the Analyze
More informationNetwork traffic characterization
Network traffic characterization A historical perspective 1 Incoming AT&T traffic by port (18 hours of traffic to AT&T dial clients on July 22, 1997) Name port % bytes %packets bytes per packet world-wide-web
More informationNetwork traffic characterization. A historical perspective
Network traffic characterization A historical perspective 1 Incoming AT&T traffic by port (18 hours of traffic to AT&T dial clients on July 22, 1997) Name port %bytes %packets bytes per packet world-wide-web
More informationA trace-driven analysis of disk working set sizes
A trace-driven analysis of disk working set sizes Chris Ruemmler and John Wilkes Operating Systems Research Department Hewlett-Packard Laboratories, Palo Alto, CA HPL OSR 93 23, 5 April 993 Keywords: UNIX,
More informationThe Bro Cluster The Bro Cluster
The Bro Cluster The Bro Cluster Intrusion Detection at 10 Gig and A High-Performance beyond using the NIDS Bro Architecture IDS for the Lawrence Berkeley National Lab Robin International Computer Science
More informationEvaluation of Prefix Hijacking Impact Based on Hinge-Transmit Property of BGP Routing System
Evaluation of Prefix Hijacking Impact Based on Hinge-Transmit Property of BGP Routing System Evaluation of Prefix Hijacking Impact Based on Hinge-Transmit Property of BGP Routing System School of Computer,
More informationA framework of designing a Packet Filter for Low Cost Network Monitoring
4th International Conference on Electrical and Computer Engineering ICECE 2006, 19-21 December 2006, Dhaka, Bangladesh A framework of designing a Packet Filter for Low Cost Network Monitoring Dr. Shishir
More informationDENIAL OF SERVICE ATTACKS
DENIAL OF SERVICE ATTACKS Ezell Frazier EIS 4316 November 6, 2016 Contents 7.1 Denial of Service... 2 7.2 Targets of DoS attacks... 2 7.3 Purpose of flood attacks... 2 7.4 Packets used during flood attacks...
More informationImpact of Sampling on Anomaly Detection
Impact of Sampling on Anomaly Detection DIMACS/DyDan Workshop on Internet Tomography Chen-Nee Chuah Robust & Ubiquitous Networking (RUBINET) Lab http://www.ece.ucdavis.edu/rubinet Electrical & Computer
More informationLanguages for Software-Defined Networks
Languages for Software-Defined Networks Nate Foster, Michael J. Freedman, Arjun Guha, Rob Harrison, Naga Praveen Katta, Christopher Monsanto, Joshua Reich, Mark Reitblatt, Jennifer Rexford, Cole Schlesinger,
More informationSoftware Systems for Surveying Spoofing Susceptibility
Software Systems for Surveying Spoofing Susceptibility Matthew Luckie, Ken Keys, Ryan Koga, Bradley Huffaker, Robert Beverly, kc claffy https://spoofer.caida.org/ NANOG68, October 18th 2016 www.caida.o
More informationBloom Filters. References:
Bloom Filters References: Li Fan, Pei Cao, Jussara Almeida, Andrei Broder, Summary Cache: A Scalable Wide-Area Web Cache Sharing Protocol, IEEE/ACM Transactions on Networking, Vol. 8, No. 3, June 2000.
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 12
CIS 551 / TCOM 401 Computer and Network Security Spring 2007 Lecture 12 Announcements Project 2 is on the web. Due: March 15th Send groups to Jeff Vaughan (vaughan2@seas) by Thurs. Feb. 22nd. Plan for
More informationDixit Verma Characterization and Implications of Flash Crowds and DoS attacks on websites
Characterization and Implications of Flash Crowds and DoS attacks on websites Dixit Verma Department of Electrical & Computer Engineering Missouri University of Science and Technology dv6cb@mst.edu 9 Feb
More informationMaster Course Computer Networks IN2097
Chair for Network Architectures and Services Prof. Carle Department for Computer Science TU München Master Course Computer Networks IN2097 Prof. Dr.-Ing. Georg Carle Christian Grothoff, Ph.D. Dr. Nils
More informationDefending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial
Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial Paper by Rocky K C Chang, The Hong Kong Polytechnic University Published in the October 2002 issue of IEEE Communications
More informationCumulus: Filesystem Backup to the Cloud
Cumulus: Filesystem Backup to the Cloud 7th USENIX Conference on File and Storage Technologies (FAST 09) Michael Vrable Stefan Savage Geoffrey M. Voelker University of California, San Diego February 26,
More informationLog Management. Configuring Syslog
Table of Contents Log Management 1 Configuring Syslog 1 Configuring User Logging 3 Configuring Flow Logging 3 Session Logging 6 Session Logging Overview 6 Configuring a Session Logging Policy 7 Setting
More informationThe Phoenix Recovery System: Rebuilding from the ashes of an Internet catastrophe
The Phoenix Recovery System: Rebuilding from the ashes of an Internet catastrophe Flavio Junqueira Ranjita Bhagwan Keith Marzullo Stefan Savage Geoffrey M. Voelker Department of Computer Science and Engineering
More informationQuick Heal AntiVirus Pro. Tough on malware, light on your PC.
Tough on malware, light on your PC. Features List Ransomware Protection Quick Heal anti-ransomware feature is more effective and advanced than other anti-ransomware tools. Signature based detection Detects
More informationWorm Detection, Early Warning and Response Based on Local Victim Information
Worm Detection, Early Warning and Response Based on Local Victim Information Guofei Gu, Monirul Sharif, Xinzhou Qin, David Dagon, Wenke Lee, and George Riley Georgia Institute of Technology ACSAC'04 1
More informationECEN 689 Special Topics in Data Science for Communications Networks
ECEN 689 Special Topics in Data Science for Communications Networks Nick Duffield Department of Electrical & Computer Engineering Texas A&M University Organization Instructor: Nick Duffield Contact: duffieldng
More informationIncorporating Network Flows in Intrusion Incident Handling and Analysis
Regional Visualization and Analytics Center Incorporating Network Flows in Intrusion Incident Handling and Analysis John Gerth Stanford University gerth@stanford.edu FloCon 2008 1 EE/CS Network Infrastructure
More informationDifference Engine 24 ; LOGIN : VO L. 3 4, N O. 2
D i w a k e r G u p ta, S a n g m i n L e e, M i c h a e l V r a b l e, S t e f a n S a v a g e, A l e x C. S n o e r e n, G e o r g e V a r g h e s e, G e o f f r e y M. Voelker, and Amin Vahdat Difference
More informationAudacity 101. Steve Holden Blog: sholden.typepad.com
Audacity 101 Steve Holden Blog: sholden.typepad.com Email: sholden@pobox.com http://creativecommons.org/licenses/by/2.5/ Affiliations TechNewsRadio.com JerseyBoysPodcast.com FriendsInTech.com San Diego
More informationTRAFFIC measurement and monitoring are crucial to
1 Entropy Based Adaptive Flow Aggregation Yan Hu, Dah-Ming Chiu, Fellow, IEEE, and John C. S. Lui, Senior Member, IEEE Abstract Internet traffic flow measurement is vitally important for network management,
More informationStealthwatch System v6.9.0 Internal Alarm IDs
Stealthwatch System v6.9.0 Internal Alarm IDs Copyrights and Trademarks 2017 Cisco Systems, Inc. All rights reserved. NOTICE THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE
More informationHitlist Worm Detection using Source IP Address History
Hitlist Worm Detection using Source IP Address History Jeffrey Chan, Christopher Leckie, Tao Peng NICTA Victoria Research Laboratory, Department of Computer Science and Software Engineering The University
More informationGraph-based Detection of Anomalous Network Traffic
Graph-based Detection of Anomalous Network Traffic Do Quoc Le Supervisor: Prof. James Won-Ki Hong Distributed Processing & Network Management Lab Division of IT Convergence Engineering POSTECH, Korea lequocdo@postech.ac.kr
More informationFirewalls. Content. Location of firewalls Design of firewalls. Definitions. Forwarding. Gateways, routers, firewalls.
Firewalls INFO 404 - Lecture 10 31/03/2009 nfoukia@infoscience.otago.ac.nz Credit: Cameron Kerr : ckerr@cs.otago.ac.nz Definitions Content Gateways, routers, firewalls Location of firewalls Design of firewalls
More informationUsing Visual Motifs to Classify Encrypted Traffic
Using Visual Motifs to Classify Encrypted Traffic VizSEC'06 - November 3, 2006 Charles V Wright Fabian Monrose Gerald M Masson Johns Hopkins University Information Security Institute Traffic Classification:
More informationThe following describes an example Learning Network License deployment and example use cases.
The following describes an example Learning Network License deployment and example use cases. Example Deployment, page 2 Example Learning Network License Deployment, page 3 Example Deployment Use Cases,
More informationMaster Course Computer Networks IN2097
Chair for Network Architectures and Services Prof. Carle Department for Computer Science TU München Master Course Computer Networks IN2097 Chapter 7 - Network Measurements Introduction Architecture & Mechanisms
More informationEnhancing Telescope Imagery
Exploiting Underlying Structure for Detailed Reconstruction of an Internet-scale Event Abhishek Kumar (Georgia Tech / Google) Vern Paxson (ICSI) Nicholas Weaver (ICSI) Proc. ACM Internet Measurement Conference
More informationCS395/495 Computer Security Project #2
CS395/495 Computer Security Project #2 Important Dates Out: 1/19/2005 Due: 2/15/2005 11:59pm Winter 2005 Project Overview Intrusion Detection System (IDS) is a common tool to detect the malicious activity
More informationDesign of a Stream-based IP Flow Record Query Language
Design of a Stream-based IP Flow Record Query Language Vladislav Marinov, Jürgen Schönwälder DSOM 2009, Venice, 2009-10-27 Support: EU IST-EMANICS Network of Excellence (#26854) 1 / 21 Outline of the Talk
More informationStructural Mining of. Thesis Defense Mark Meiss
Structural Mining of Large-Scale Behavioral Data from the Internet Thesis Defense Mark Meiss April 30, 2010 The Internet in 1969 The Internet in 2010 SQL Server FTP IRC World of Warcraft a USENET WWW
More informationIdentifying Anomalous Traffic Using Delta Traffic. Tsuyoshi KONDOH and Keisuke ISHIBASHI Information Sharing Platform Labs. NTT
Identifying Anomalous Traffic Using Delta Traffic Tsuyoshi KONDOH and Keisuke ISHIBASHI Information Sharing Platform Labs. NTT Flocon2008, January 7 10, 2008, Savannah GA Outline Background and Motivation
More informationHP Dynamic Deduplication achieving a 50:1 ratio
HP Dynamic Deduplication achieving a 50:1 ratio Table of contents Introduction... 2 Data deduplication the hottest topic in data protection... 2 The benefits of data deduplication... 2 How does data deduplication
More informationDO NOT OPEN UNTIL INSTRUCTED
CS 378 - Network Security and Privacy Spring 2017 FINAL May 3, 2017 DO NOT OPEN UNTIL INSTRUCTED YOUR NAME: Collaboration policy No collaboration is permitted on this exam. Any cheating (e.g., submitting
More informationOutline. Motivation. Our System. Conclusion
Outline Motivation Our System Evaluation Conclusion 1 Botnet A botnet is a collection of bots controlled by a botmaster via a command and control (C&C) channel Centralized C&C, P2P-based C&C Botnets serve
More informationMultidimensional Aggregation for DNS monitoring
Multidimensional Aggregation for DNS monitoring Jérôme François, Lautaro Dolberg, Thomas Engel jerome.francois@inria.fr 03/11/15 2 1 Motivation 2 Aggregation 3 MAM 4 DNS applications 5 DNS monitoring 6
More informationIntroduction TELE 301. Routers. Firewalls. Gateways. Sample Large Network
Introduction TELE 301 Lecture 21: s David Eyers (dme@cs.otago.ac.nz) Telecommunications Programme University of Otago Discernment of Routers, s, Gateways Placement of such devices Elementary firewalls
More informationMeasuring and Characterizing IPv6 Router Availability
Measuring and Characterizing IPv6 Router Availability Robert Beverly, Matthew Luckie, Lorenza Mosley, kc claffy Naval Postgraduate School UCSD/CAIDA March 20, 2015 PAM 2015-16th Passive and Active Measurement
More informationAutomated Classification of Network Traffic Anomalies
Automated Classification of Network Traffic Anomalies Guilherme Fernandes and Philippe F. Owezarski LAAS - CNRS Université detoulouse 7 Avenue du Colonel Roche 31077 Toulouse, France owe@laas.fr Abstract.
More informationOverview of the NetFlow FlowAnalyzer
CHAPTER 1 Overview of the NetFlow FlowAnalyzer NetFlow FlowAnalyzer Version 2.0 is a network analysis tool that you can use to display and analyze network traffic information collected from Cisco NetFlow-enabled
More informationCS 458 Internet Engineering Spring First Exam
CS 458 Internet Engineering Spring 2005 First Exam Instructions (read carefully): There are 6 problems for a total of 60 points. This is a closed book and closed notes in-class exam. If any problem is
More informationImpact of TCP Window Size on a File Transfer
Impact of TCP Window Size on a File Transfer Introduction This example shows how ACE diagnoses and visualizes application and network problems; it is not a step-by-step tutorial. If you have experience
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST \ http://www.pass4test.com We offer free update service for one year Exam : E20-329 Title : Technology Architect Backup and Recovery Solutions Design Exam Vendor : EMC Version : DEMO Get Latest
More informationCisco SGE Port Gigabit Switch Cisco Small Business Managed Switches
Cisco SGE2000 24-Port Gigabit Switch Cisco Small Business Managed Switches High-Performance, Reliable, Stacking Switch for Small Businesses Highlights 24 high-speed ports optimized for the network core
More informationBuilding Efficient and Reliable Software-Defined Networks. Naga Katta
FPO Talk Building Efficient and Reliable Software-Defined Networks Naga Katta Jennifer Rexford (Advisor) Readers: Mike Freedman, David Walker Examiners: Nick Feamster, Aarti Gupta 1 Traditional Networking
More informationNetwork Working Group. Category: Experimental February TCP Congestion Control with Appropriate Byte Counting (ABC)
Network Working Group M. Allman Request for Comments: 3465 BBN/NASA GRC Category: Experimental February 2003 TCP Congestion Control with Appropriate Byte Counting (ABC) Status of this Memo This memo defines
More informationProviding a first class, enterprise-level, backup and archive service for Oxford University
Providing a first class, enterprise-level, backup and archive service for Oxford University delivering responsive, innovative IT 11th June 2013 11 th June 2013 Contents Service description Service infrastructure
More informationKeywords Network flows, intrusion detection, attacks, DoS, scan.
Volume 4, Issue 12, December 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Detecting
More informationJunos Security. Chapter 4: Security Policies Juniper Networks, Inc. All rights reserved. Worldwide Education Services
Junos Security Chapter 4: Security Policies 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net Worldwide Education Services Chapter Objectives After successfully completing this chapter,
More informationCS 425 / ECE 428 Distributed Systems Fall 2015
CS 425 / ECE 428 Distributed Systems Fall 2015 Indranil Gupta (Indy) Measurement Studies Lecture 23 Nov 10, 2015 Reading: See links on website All Slides IG 1 Motivation We design algorithms, implement
More informationAutomating Cross-Layer Diagnosis of Enterprise Wireless Networks
Automating Cross-Layer Diagnosis of Enterprise 802.11 Wireless Networks Yu-Chung Cheng Department of Computer Science & Engineering University of California, San Diego 1 Diagnosing distributed systems
More informationNfSen and NFDUMP 16th TF-CSIRT Meeting Sept 15th 2005, Lisbon Peter Haag
NfSen and NFDUMP 16th TF-CSIRT Meeting Sept 15th 2005, Lisbon Peter Haag 2005 SWITCH NfSen/nfdump What I am going to present: Review: What are NfSen and nfdump. The Tools in Action. Plugins. Outlook -
More informationQuick Heal AntiVirus Pro Advanced. Protects your computer from viruses, malware, and Internet threats.
AntiVirus Pro Advanced Protects your computer from viruses, malware, and Internet threats. Features List Ransomware Protection anti-ransomware feature is more effective and advanced than other anti-ransomware
More informationAdvanced Application Reporting USER GUIDE
Advanced Application Reporting USER GUIDE CONTENTS 1.0 Preface: About This Document 5 2.0 Conventions 5 3.0 Chapter 1: Introducing Advanced Application Reporting 6 4.0 Features and Benefits 7 5.0 Product
More informationCisco ASR 9000 Series Aggregation Services Router Netflow Command Reference, Release 4.3.x
Cisco ASR 9000 Series Aggregation Services Router Netflow Command Reference, Release 4.3.x First Published: 2012-12-01 Last Modified: 2013-05-01 Americas Headquarters Cisco Systems, Inc. 170 West Tasman
More informationEE 122: IP Forwarding and Transport Protocols
EE 1: IP Forwarding and Transport Protocols Ion Stoica (and Brighten Godfrey) TAs: Lucian Popa, David Zats and Ganesh Ananthanarayanan http://inst.eecs.berkeley.edu/~ee1/ (Materials with thanks to Vern
More information