Forensic Analysis for Epidemic Attacks in Federated Networks
|
|
- Jessica Cobb
- 5 years ago
- Views:
Transcription
1 Forensic Analysis for Epidemic Attacks in Federated Networks Yinglian Xie, Vyas Sekar, Michael K. Reiter, Hui Zhang Carnegie Mellon University Presented by Gaurav Shah (Based on slides by Yinglian Xie and Michael Hsiao) 1
2 Forensic Analysis for Epidemic Attacks in Federated Networks Yinglian Xie, Vyas Sekar, Michael K. Reiter, Hui Zhang Carnegie Mellon University Presented by Gaurav Shah (Based on slides by Yinglian Xie and Michael Hsiao) 1
3 Internet Attacks 2
4 Internet Attacks Worm Infection 2
5 Internet Attacks Worm Infection 2
6 Internet Attacks Worm Infection 2
7 Internet Attacks Worm Infection 2
8 Internet Attacks Worm Infection 2
9 Internet Attacks Worm Infection Distributed DoS 2
10 Internet Attacks Worm Infection Distributed DoS 2
11 Internet Attacks Worm Infection Distributed DoS 2
12 Many More Potential Attacks Different time scales Seconds, hours, days Different means Various security exploits Different propagating methods Random scan, hit list scan Potentially infect a large number of nodes before an explicit or real attack 3
13 The Structure of Attacks Attackers Involved hosts (e.g., zombies) Identified Victims Worm Infection Distributed DoS Modern attacks are multi-level Large scale: difficult to defend Hidden trail: difficult to identify initial launch point 4
14 Existing Approaches Firewall Intrusion detection Identify compromised hosts [Paxson 98], [Roesch 99], [Staniford 96], [Jung 4] IP traceback Trace to the source of a packet [Snoeren 1], [Savage ], [Bellovin 1], [Burch ] Build better perimeter or find only the lowest level of activities 5
15 Existing Approaches Firewall Intrusion detection Identify compromised hosts [Paxson 98], [Roesch 99], [Staniford 96], [Jung 4] IP traceback Trace to the source of a packet [Snoeren 1], [Savage ], [Bellovin 1], [Burch ] Build better perimeter or find only the lowest level of activities 5
16 Existing Approaches Firewall Intrusion detection Identify compromised hosts [Paxson 98], [Roesch 99], [Staniford 96], [Jung 4] IP traceback Trace to the source of a packet [Snoeren 1], [Savage ], [Bellovin 1], [Burch ] Build better perimeter or find only the lowest level of activities 5
17 Network Forensics Keep communication records Permit post-mortem analysis of patterns across network and time Scope: Internet and Intranet Correct weak points in a network perimeter Deter future similar attacks 6
18 Attacks utilize indirection Attackers and victims must communicate for the attack to propagate Independent of attacks Visible to the network Globally correlate the communication events General across all types of attacks Applicable to different attack propagation speeds Possible with/without attack signature 7
19 Host Contact Graph and Attack Trees Hosts I H G F E D C B A Causal edge Non causal attack edge Normal edge Node in infected state Node before infection t1 t2 t3 t4 t5 t6 t7 t8 Time Figure 1: Example of host contact graph showing the communication between hosts. Attack edges are shown as arrows in black (both solid and dashed). Filled nodes correspond to hosts in an infected state. 8
20 Feasibility of Network Forensics Need to collect network flow information Data to be collected around 1Gbps 4.5TB for one hour of data Given complete information, can we find needles in the haystack? Host contact graph is large and noisy Algorithms to identify global correlation 9
21 Reconstruction Methods Globally correlate local observations Step 1: Assign initial P(involved) E.g., local IDS Step 2: Identify the most likely paths Maximum likelihood estimate Random walk sampling Step 3: Refine P(involved) A feedback loop B, E are likely involved: given pattern, so are C,F 1
22 Random Moonwalks Observation: many attacks have a tree structure A random walk on the host contact graph: Start with an arbitrarily chosen flow Pick a next step flow randomly to walk backward in time Intuition Walks converge to higher levels of the host attack tree Top level causal infection flows emerge as high frequency flows Theoretical study Random walk is effective in finding the initial causal flows for fast attacks 11
23 Random Moonwalks Observation: many attacks have a tree structure A random walk on the host contact graph: Start with an arbitrarily chosen flow Pick a next step flow randomly to walk backward in time Intuition Walks converge to higher levels of the host attack tree Top level causal infection flows emerge as high frequency flows Theoretical study Random walk is effective in finding the initial causal flows for fast attacks 11
24 Random Moonwalks Observation: many attacks have a tree structure A random walk on the host contact graph: Start with an arbitrarily chosen flow Pick a next step flow randomly to walk backward in time Intuition Walks converge to higher levels of the host attack tree Top level causal infection flows emerge as high frequency flows Theoretical study Random walk is effective in finding the initial causal flows for fast attacks
25 Random Moonwalks Observation: many attacks have a tree structure A random walk on the host contact graph: Start with an arbitrarily chosen flow Pick a next step flow randomly to walk backward in time Intuition Walks converge to higher levels of the host attack tree Top level causal infection flows emerge as high frequency flows Theoretical study Random walk is effective in finding the initial causal flows for fast attacks
26 Random Moonwalks Observation: many attacks have a tree structure A random walk on the host contact graph: Start with an arbitrarily chosen flow Pick a next step flow randomly to walk backward in time Intuition Walks converge to higher levels of the host attack tree Top level causal infection flows emerge as high frequency flows Theoretical study Random walk is effective in finding the initial causal flows for fast attacks
27 Random Moonwalks Observation: many attacks have a tree structure A random walk on the host contact graph: Start with an arbitrarily chosen flow Pick a next step flow randomly to walk backward in time Intuition Walks converge to higher levels of the host attack tree Top level causal infection flows emerge as high frequency flows Theoretical study Random walk is effective in finding the initial causal flows for fast attacks
28 Random Moonwalks Observation: many attacks have a tree structure A random walk on the host contact graph: Start with an arbitrarily chosen flow Pick a next step flow randomly to walk backward in time Intuition Walks converge to higher levels of the host attack tree Top level causal infection flows emerge as high frequency flows Theoretical study Random walk is effective in finding the initial causal flows for fast attacks
29 Random Moonwalks Observation: many attacks have a tree structure A random walk on the host contact graph: Start with an arbitrarily chosen flow Pick a next step flow randomly to walk backward in time Intuition Walks converge to higher levels of the host attack tree Top level causal infection flows emerge as high frequency flows Theoretical study Random walk is effective in finding the initial causal flows for fast attacks
30 Random Moonwalks Observation: many attacks have a tree structure A random walk on the host contact graph: Start with an arbitrarily chosen flow Pick a next step flow randomly to walk backward in time Intuition Walks converge to higher levels of the host attack tree Top level causal infection flows emerge as high frequency flows Theoretical study Random walk is effective in finding the initial causal flows for fast attacks
31 Random Moonwalks Observation: many attacks have a tree structure A random walk on the host contact graph: Start with an arbitrarily chosen flow Pick a next step flow randomly to walk backward in time Intuition Walks converge to higher levels of the host attack tree Top level causal infection flows emerge as high frequency flows Theoretical study Random walk is effective in finding the initial causal flows for fast attacks
32 Random Moonwalks Observation: many attacks have a tree structure A random walk on the host contact graph: Start with an arbitrarily chosen flow Pick a next step flow randomly to walk backward in time Intuition Walks converge to higher levels of the host attack tree Top level causal infection flows emerge as high frequency flows Theoretical study Random walk is effective in finding the initial causal flows for fast attacks
33 Random Moonwalks Observation: many attacks have a tree structure A random walk on the host contact graph: Start with an arbitrarily chosen flow Pick a next step flow randomly to walk backward in time Intuition Walks converge to higher levels of the host attack tree Top level causal infection flows emerge as high frequency flows Theoretical study Random walk is effective in finding the initial causal flows for fast attacks
34 Random Moonwalks Observation: many attacks have a tree structure A random walk on the host contact graph: Start with an arbitrarily chosen flow Pick a next step flow randomly to walk backward in time Intuition Walks converge to higher levels of the host attack tree Top level causal infection flows emerge as high frequency flows Theoretical study Random walk is effective in finding the initial causal flows for fast attacks
35 Structure of the Selected Flows Worm source Top Frequency Flows display a tree-like structure 12
36 Federated Forensics Administrative Domain (AD) a network under a single administrative authority possesses an independent traffic monitor Network Forensic Alliance (NFA) a collaborative effort involving multiple ADs to provide network-wide & localized forensic capabilities 13
37 Distributed Random Moonwalks Each AD performs its own local random moonwalk ADs do cross-domain exchanges For flows whose source lies in another AD Other AD might start its own local moonwalk Post-processing Identify top frequency flows locally Exchange and identify top flows globally 14
38 Distributed Random Moonwalks Parameters: Maximum number of AD hops to traverse (H) Sampling Window Size Local walk-length d(i) Traffic Normalization factor 15
39 Partial Deployment Not all ADs might participate Different Strategies to continue Discard Random selection Routing-path based selection Routing-horizon based selection 16
40 Evaluation Performance of distributed approach (accuracy) Overhead of federated forensics Is architecture incentive-compatible? Effect of partial deployment on performance 17
41 Performance and Overhead Detection accuracy closely matches that of a centralized random moonwalk Increases with increase in worm propagation rate Communication overhead increases with increase in AD-hops (H) So does accuracy Overhead is of the order of 1-3 fraction of total traffic records 18
42 Incentive Compatibility Causal Flow detection accuracy increases with collaboration Can detect more initial infected hosts Can detect more initial causal flows along the edge Large ADs gain more by collaboration 19
43 Partial Deployment Important for large ADs to participate Accuracy drop can be significant Much less significant impact if worm is localpreferential scanning 2
44 Issues and Limitations Slow-rate attacks Server-targeted attacks Latent-period varying attacks Topology-aware attacks Information leakage attacks Mis-information and information-hiding attacks 21
45 Summary Distributed Random Moonwalks can be useful in attack identification and reconstruction Many Challenges Storage and Archival Anonymization of network traces and flow information for exchange Query Management Distributed Query Infrastructure? Vulnerability to different attack strategies 22
CE Advanced Network Security Network Forensics
CE 817 - Advanced Network Security Network Forensics Lecture 22 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially
More informationModerated by: Moheeb Rajab Background singers: Jay and Fabian
Network Forensics and Next Generation Internet Attacks Moderated by: Moheeb Rajab Background singers: Jay and Fabian 1 Agenda Questions and Critique of Timezones paper Extensions Network Monitoring (recap)
More informationOnline Accumulation: Reconstruction of Worm Propagation Path
Online Accumulation: Reconstruction of Worm Propagation Path Yang Xiang, Qiang Li, and Dong Guo College of Computer Science and Technology, JiLin University ChangChun, JiLin 32, China sharang@yahoo.cn,
More informationOur Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II
Our Narrow Focus 15-441 15-441 Computer Networking 15-641 Lecture 22 Security: DOS Peter Steenkiste Fall 2016 www.cs.cmu.edu/~prs/15-441-f16 Yes: Creating a secure channel for communication (Part I) Protecting
More informationVery Fast Containment of Scanning Worms. Nicholas Weaver, Stuart Staniford, Vern Paxson ICSI, Nevis Networks, ICSI & LBNL
Very Fast Containment of Scanning Worms Nicholas Weaver, Stuart Staniford, Vern Paxson ICSI, Nevis Networks, ICSI & LBNL 1 Outline Worm Containment Scan Suppression Hardware Implementation Cooperation
More informationIs Host-Based Anomaly Detection + Temporal Correlation = Worm Causality?
Is Host-Based Anomaly Detection + Temporal Correlation = Worm Causality? Vyas Sekar, Yinglian Xie, Michael K. Reiter, Hui Zhang March 6, 27 CMU-CS-7-112 School of Computer Science Carnegie Mellon University
More informationThe Reconnaissance Phase
The Reconnaissance Phase Detecting the Enemy Before the Attack Carrie Gates PhD Candidate, Dalhousie University Visiting Scientist, CERT, Carnegie Mellon University Outline! Indicate a gap in our defences!
More informationDoS Attacks. Network Traceback. The Ultimate Goal. The Ultimate Goal. Overview of Traceback Ideas. Easy to launch. Hard to trace.
DoS Attacks Network Traceback Eric Stone Easy to launch Hard to trace Zombie machines Fake header info The Ultimate Goal Stopping attacks at the source To stop an attack at its source, you need to know
More informationDistributed Denial of Service
Distributed Denial of Service John Ioannidis ji@research.att.com AT&T Labs Research Joint work with Steve Bellovin, Matt Blaze (AT&T), Sally Floyd, Vern Paxson, Scott Shenker (ICIR), Ratul Mahajan (University
More informationComputer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2009 Lecture 5 Announcements First project: Due: 6 Feb. 2009 at 11:59 p.m. http://www.cis.upenn.edu/~cis551/project1.html Group project: 2 or 3 students
More informationCheck Point DDoS Protector Simple and Easy Mitigation
Check Point DDoS Protector Simple and Easy Mitigation Jani Ekman janie@checkpoint.com Sales Engineer DDoS Protector 1 (D)DoS Attacks 2 3 4 DDoS Protector Behavioral DoS Protection Summary 2 What is an
More informationFlashback.. Internet design goals. Security Part One: Attacks and Countermeasures. Why did they leave it out? Security Vulnerabilities
Flashback.. Internet design goals Security Part One: Attacks and Countermeasures 15-441 With slides from: Debabrata Dash,Nick Feamster, Vyas Sekar 15-411: F08 security 1 1. Interconnection 2. Failure resilience
More informationDistributed Denial-of-Service Attack Prevention using Route-Based Distributed Packet Filtering. Heejo Lee
CERIAS Security Seminar Jan. 17, 2001 Distributed Denial-of-Service Attack Prevention using Route-Based Distributed Packet Filtering Heejo Lee heejo@cerias.purdue.edu Network Systems Lab and CERIAS This
More informationThe Protocols that run the Internet
The Protocols that run the Internet Attack types in the Internet Seminarvortrag Sommersemester 2003 Jens Gerken Content Internet Attacks Introduction Network Service Attacks Distributed Denial of Service
More informationIntrusion prevention systems are an important part of protecting any organisation from constantly developing threats.
Network IPS Overview Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats. By using protocol recognition, identification, and traffic analysis
More informationSingle Packet IP Traceback in AS-level Partial Deployment Scenario
Single Packet IP Traceback in AS-level Partial Deployment Scenario Chao Gong, Trinh Le, Turgay Korkmaz, Kamil Sarac Department of Computer Science, University of Texas at San Antonio 69 North Loop 64 West,
More informationDetection and Analysis of Threats to the Energy Sector (DATES)
Detection and Analysis of Threats to the Energy Sector (DATES) Sponsored by the Department of Energy National SCADA Test Bed Program Managed by the National Energy Technology Laboratory The views herein
More informationKen Hines, Ph.D GraniteEdge Networks
Ken Hines earned his Ph.D. in computer science at the University of Washington in 2000, by successfully defending his dissertation, which applied causal analysis to debugging heterogeneous distributed
More informationOSSIR. 8 Novembre 2005
OSSIR 8 Novembre 2005 Arbor Networks: Security Industry Leader Arbor s Peakflow products ensure the security and operational integrity of the world s most critical networks Solid Financial Base Sales have
More informationDifferent attack manifestations Network packets OS calls Audit records Application logs Different types of intrusion detection Host vs network IT
Different attack manifestations Network packets OS calls Audit records Application logs Different types of intrusion detection Host vs network IT environment (e.g., Windows vs Linux) Levels of abstraction
More informationOur Narrow Focus Computer Networking Security Vulnerabilities. IP-level vulnerabilities
Our Narrow Focus 15-441 15-441 Computer Networking 15-641 Lecture 22 Security: DOS Peter Steenkiste Fall 2014 www.cs.cmu.edu/~prs/15-441-f14 Yes: Creating a secure channel for communication (Part I) Protecting
More informationHow AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More information«On the Internet, nobody knows you are a dog» Twenty years later
«On the Internet, nobody knows you are a dog» Twenty years later This lecture is about identity and authenticity, but also other security properties. It is largely about the Internet, but some of this
More informationNISCC Technical Note 06/02: Response to Distributed Denial of Service (DDoS) Attacks
NISCC Technical Note 06/02: Response to Distributed Denial of Service (DDoS) Attacks Background This NISCC technical note is intended to provide information to enable organisations in the UK s Critical
More informationIDS: Signature Detection
IDS: Signature Detection Idea: What is bad, is known What is not bad, is good Determines whether a sequence of instructions being executed is known to violate the site security policy Signatures: Descriptions
More informationIP Traceback Based on Chinese Remainder Theorem
IP Traceback Based on Chinese Remainder Theorem LIH-CHYAU WUU a, CHI-HSIANG HUNG b AND JYUN-YAN YANG a a Department of Computer Science and Information Engineering National Yunlin University of Science
More informationExam : Title : Security Solutions for Systems Engineers(SSSE) Version : Demo
Exam : 642-565 Title : Security Solutions for Systems Engineers(SSSE) Version : Demo 1. SomeCompany, Ltd. wants to implement the the PCI Data Security Standard to protect sensitive cardholder information.
More informationWorm Evolution Tracking via Timing Analysis
Worm Evolution Tracking via Timing Analysis Moheeb Abu Rajab Fabian Monrose Andreas Terzis Computer Science Department Johns Hopkins University {moheeb,fabian,terzis}@cs.jhu.edu ABSTRACT We present a technique
More informationInternational Journal of Advance Engineering and Research Development
Scientific Journal of Impact Factor (SJIF): 3.134 ISSN (Online): 2348-4470 ISSN (Print) : 2348-6406 International Journal of Advance Engineering and Research Development Volume 1, Issue 11, November -2014
More informationWorm Detection, Early Warning and Response Based on Local Victim Information
Worm Detection, Early Warning and Response Based on Local Victim Information Guofei Gu, Monirul Sharif, Xinzhou Qin, David Dagon, Wenke Lee, and George Riley Georgia Institute of Technology ACSAC'04 1
More informationFIREWALL BEST PRACTICES TO BLOCK
Brought to you by Enterprie Control Systems FIREWALL BEST PRACTICES TO BLOCK Recent ransomware attacks like Wanna and Petya have spread largely unchecked through corporate networks in recent months, extorting
More informationNational Cyber Security Operations Center (N-CSOC) Stakeholders' Conference
National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference Benefits to the Stakeholders A Collaborative and Win-Win Strategy Lal Dias Chief Executive Officer Sri Lanka CERT CC Cyber attacks
More informationNetwork Wide Policy Enforcement. Michael K. Reiter (joint work with V. Sekar, R. Krishnaswamy, A. Gupta)
Network Wide Policy Enforcement Michael K. Reiter (joint work with V. Sekar, R. Krishnaswamy, A. Gupta) 1 Enforcing Policy in Future Networks MF vision includes enforcement of rich policies in the network
More informationRadware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper
Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Abstract...3 Understanding Online Business
More informationGeographical Division Traceback for Distributed Denial of Service
Journal of Computer Science 8 (2): 216-221, 2012 ISSN 1549-3636 2012 Science Publications Geographical Division Traceback for Distributed Denial of Service 1 Viswanathan, A., 2 V.P. Arunachalam and 3 S.
More informationDynamic Datacenter Security Solidex, November 2009
Dynamic Datacenter Security Solidex, November 2009 Deep Security: Securing the New Server Cloud Virtualized Physical Servers in the open Servers virtual and in motion Servers under attack 2 11/9/09 2 Dynamic
More informationYour projected and optimistically projected grades should be in the grade center soon o Projected: Your current weighted score /30 * 100
You should worry if you are below this point Your projected and optimistically projected grades should be in the grade center soon o Projected: Your current weighted score /0 * 100 o Optimistic: (Your
More informationARAKIS An Early Warning and Attack Identification System
ARAKIS An Early Warning and Attack Identification System Piotr Kijewski Piotr.Kijewski@cert.pl 16th Annual FIRST Conference June 13-18, Budapest, Hungary Presentation outline Trends in large scale malicious
More informationA Survey on Different IP Traceback Techniques for finding The Location of Spoofers Amruta Kokate, Prof.Pramod Patil
www.ijecs.in International Journal Of Engineering And Computer Science ISSN: 2319-7242 Volume 4 Issue 12 Dec 2015, Page No. 15132-15135 A Survey on Different IP Traceback Techniques for finding The Location
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST IT Certification Guaranteed, The Easy Way! \ http://www.pass4test.com We offer free update service for one year Exam : 156-210 Title : Check Point CCSA NG Vendors : CheckPoint Version : DEMO
More informationError-Free correlation in Encrypted Attack Traffic by Watermarking flow through Stepping Stones
e t International Journal on Emerging Technologies 6(2): 235-239(2015) ISSN No. (Print) : 0975-8364 ISSN No. (Online) : 2249-3255 Error-Free correlation in Encrypted Attack Traffic by Watermarking flow
More informationOn the Effectiveness of Distributed Worm Monitoring
On the Effectiveness of Distributed Worm Monitoring Moheeb Abu Rajab Fabian Monrose Andreas Terzis Computer Science Department Johns Hopkins University 1 Monitoring Internet Threats Threat monitoring techniques:
More informationAgile Security Solutions
Agile Security Solutions Piotr Linke Security Engineer CISSP CISA CRISC CISM Open Source SNORT 2 Consider these guys All were smart. All had security. All were seriously compromised. 3 The Industrialization
More informationCheckpoint Exam Check Point NG with Application Intelligence - Management I Version: 3.2 [ Total Questions: 241 ]
s@lm@n Checkpoint Exam 156-210 Check Point NG with Application Intelligence - Management I Version: 3.2 [ Total Questions: 241 ] Question No : 1 Once you have installed Secure Internal Communcations (SIC)
More informationACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems
ACS-3921/4921-001 Computer Security And Privacy Chapter 9 Firewalls and Intrusion Prevention Systems ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been
More informationA hybrid IP Trace Back Scheme Using Integrate Packet logging with hash Table under Fixed Storage
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 2, Issue. 12, December 2013,
More informationFast and Evasive Attacks: Highlighting the Challenges Ahead
Fast and Evasive Attacks: Highlighting the Challenges Ahead Moheeb Rajab, Fabian Monrose, and Andreas Terzis Computer Science Department Johns Hopkins University Outline Background Related Work Sampling
More informationSecurity: Worms. Presenter: AJ Fink Nov. 4, 2004
Security: Worms Presenter: AJ Fink Nov. 4, 2004 1 It s a War Out There 2 Analogy between Biological and Computational Mechanisms The spread of self-replicating program within computer systems is just like
More informationChapter 10: Denial-of-Services
Chapter 10: Denial-of-Services Technology Brief This chapter, "Denial-of-Service" is focused on DoS and Distributed Denial-of-Service (DDOS) attacks. This chapter will cover understanding of different
More informationICS Security Monitoring
ICS Security Monitoring INFRASTRUCTURE MINING & METALS NUCLEAR, SECURITY & ENVIRONMENTAL OIL, GAS & CHEMICALS Moses Schwartz Security Engineer Computer Incident Response Team Bechtel Corporation State
More informationMapping Internet Sensors with Probe Response Attacks
Mapping Internet Sensors with Probe Response Attacks Computer Sciences Department University of Wisconsin, Madison Introduction Outline Background Example Attack Introduction to the Attack Basic Probe
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 22 - Denial of Service November 15, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ 1 Denial of Service Intentional prevention of access to valued resource CPU,
More informationA Self-Learning Worm Using Importance Scanning
A Self-Learning Worm Using Importance Scanning Zesheng Chen and Chuanyi Ji Communication Networks and Machine Learning Group School of Electrical and Computer Engineering Georgia Institute of Technology,
More informationDenial of Service. Serguei A. Mokhov SOEN321 - Fall 2004
Denial of Service Serguei A. Mokhov SOEN321 - Fall 2004 Contents DOS overview Distributed DOS Defending against DDOS egress filtering References Goal of an Attacker Reduce of an availability of a system
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationChapter 9. Firewalls
Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled link however
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationA New Path for Reconstruction Based on Packet Logging & Marking Scheme
A New Path for Reconstruction Based on Packet Logging & Marking Scheme K.Praveen Kumar. Asst Professor, Department of CSE, Mallineni Lakshmaiah Womens Engineering College Abstract Computer network attacks
More informationCommunication Pattern Anomaly Detection in Process Control Systems
Communication Pattern Anomaly Detection in Process Control Systems Sponsored by the Department of Energy National SCADA Test Bed Program Managed by the National Energy Technology Laboratory The views herein
More informationTOPO: A Topology-aware Single Packet Attack Traceback Scheme
TOPO: A Topology-aware Single Packet Attack Traceback Scheme Linfeng Zhang and Yong Guan Department of Electrical and Computer Engineering Iowa State University Ames, Iowa 5 {zhanglf, yguan}@iastate.edu
More informationCisco IOS Inline Intrusion Prevention System (IPS)
Cisco IOS Inline Intrusion Prevention System (IPS) This data sheet provides an overview of the Cisco IOS Intrusion Prevention System (IPS) solution. Product Overview In today s business environment, network
More informationBest Practices With IP Security.
Best Practices With IP Security Presented by Stuart Strong Presented by Stuart Strong s.strong@fecinc.com What are the threats? Know your enemy Network telescope research Current measurement of network
More informationDDOS Attack Prevention Technique in Cloud
DDOS Attack Prevention Technique in Cloud Priyanka Dembla, Chander Diwaker CSE Department, U.I.E.T Kurukshetra University Kurukshetra, Haryana, India Email: priyankadembla05@gmail.com Abstract Cloud computing
More informationDesign and Simulation Implementation of an Improved PPM Approach
I.J. Wireless and Microwave Technologies, 2012, 6, 1-9 Published Online December 2012 in MECS (http://www.mecs-press.net) DOI: 10.5815/ijwmt.2012.06.01 Available online at http://www.mecs-press.net/ijwmt
More informationIP TRACEBACK Scenarios. By Tenali. Naga Mani & Jyosyula. Bala Savitha CSE Gudlavalleru Engineering College. GJCST-E Classification : C.2.
Global Journal of Computer Science and Technology Network, Web & Security Volume 13 Issue 3 Version 1.0 Year 2013 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals
More informationDDoS and Traceback 1
DDoS and Traceback 1 Denial-of-Service (DoS) Attacks (via Resource/bandwidth consumption) malicious server legitimate Tecniche di Sicurezza dei Sistemi 2 TCP Handshake client SYN seq=x server SYN seq=y,
More informationIdentifying Stepping Stone Attack using Trace Back Based Detection Approach
International Journal of Security Technology for Smart Device Vol.3, No.1 (2016), pp.15-20 http://dx.doi.org/10.21742/ijstsd.2016.3.1.03 Identifying Stepping Stone Attack using Trace Back Based Detection
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationIncorporating Network Flows in Intrusion Incident Handling and Analysis
Regional Visualization and Analytics Center Incorporating Network Flows in Intrusion Incident Handling and Analysis John Gerth Stanford University gerth@stanford.edu FloCon 2008 1 EE/CS Network Infrastructure
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationNext-Generation Firewall Overview
Next-Generation Firewall Overview Contact NextGig Systems, Inc. 805-277-2400 NextGigSystems.com Business and technology advancements have steadily eroded the protection that the traditional firewall provided.
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (9 th Week) 9. Firewalls and Intrusion Prevention Systems 9.Outline The Need for Firewalls Firewall Characterictics and Access Policy Type of Firewalls
More informationRob Sherwood Bobby Bhattacharjee Ryan Braud. University of Maryland. Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse p.
Rob Sherwood Bobby Bhattacharjee Ryan Braud University of Maryland UCSD Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse p.1 Sender Receiver Sender transmits packet 1:1461 Time Misbehaving
More informationCYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta
CYBER ANALYTICS Architecture Overview Technical Brief May 2016 novetta.com 2016, Novetta Novetta Cyber Analytics: Technical Architecture Overview 1 INTRODUCTION 2 CAPTURE AND PROCESS ALL NETWORK TRAFFIC
More informationA Precise and Practical IP Traceback Technique Based on Packet Marking and Logging *
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 28, 453-470 (2012) A Precise and Practical IP Traceback Technique Based on Packet Marking and Logging * State Key Laboratory of Networking and Switching Technology
More informationWHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief
WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION A Novetta Cyber Analytics Brief Why SIEMs with advanced network-traffic analytics is a powerful combination. INTRODUCTION Novetta
More informationHardening the Education. with NGFW. Narongveth Yutithammanurak Business Development Manager 23 Feb 2012
Hardening the Education IT Environment with NGFW Narongveth Yutithammanurak Business Development Manager 23 Feb 2012 Technology Trends Security Performance Bandwidth Efficiency Manageability Page 2 What
More informationTHE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson
THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1 Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various
More informationAnonymous Connections and Onion Routing
Anonymous Connections and Onion Routing David Goldschlag, Michael Reed, and Paul Syverson Center for High Assurance Computer Systems Naval Research Laboratory Washington, D.C. 1 Who is Talking to Whom?
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect
Cisco Cyber Range Paul Qiu Senior Solutions Architect Cyber Range Service A platform to experience the intelligent Cyber Security for the real world What I hear, I forget What I see, I remember What I
More informationStopping Advanced Persistent Threats In Cloud and DataCenters
Stopping Advanced Persistent Threats In Cloud and DataCenters Frederik Van Roosendael PSE Belgium Luxembourg 10/9/2015 Copyright 2013 Trend Micro Inc. Agenda How Threats evolved Transforming Your Data
More informationA Novel Approach to Denial-of-Service Attack Detection with Tracebacking
International Journal On Engineering Technology and Sciences IJETS 35 A Novel Approach to Denial-of-Service Attack Detection with Tracebacking Jasheeda P M.tech. Scholar jashi108@gmail.com Faisal E M.tech.
More informationNETWORK THREATS DEMAN
SELF-DEFENDING NETWORK NETWORK THREATS DEMAN NEW SECURITY: STRATEGIES TECHNOLOGIES Self-Propagating Threats A combination of: self propagating threats Collaborative applications Interconnected environments
More informationHerd Intelligence: true protection from targeted attacks. Ryan Sherstobitoff, Chief Corporate Evangelist
Herd Intelligence: true protection from targeted attacks Ryan Sherstobitoff, Chief Corporate Evangelist Complexity Web Based Malware Attacks Crimeware Intelligent Botnets Vulnerabilities Worm/ Outbreaks
More informationA Survey of Defense Mechanisms Against DDoS Flooding A
DDoS Defense: Scope And A Survey of Defense Mechanisms Against DDoS Flooding Attacks IIT Kanpur IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 15, NO. 4, FOURTH QUARTER 2013 DDoS Defense: Scope And Outline
More informationCheck Point DDoS Protector Introduction
Check Point DDoS Protector Introduction Petr Kadrmas SE Eastern Europe pkadrmas@checkpoint.com Agenda 1 (D)DoS Trends 2 3 4 DDoS Protector Overview Protections in Details Summary 2 (D)DoS Attack Methods
More informationDriving Network Visibility
Flowmon Price List EUR Driving Network Visibility Flowmon Hardware Appliances... 2 Flowmon Virtual Appliances... 3 Flowmon Cloud... 3 Flowmon ADS Anomaly Detection System... 4 Flowmon DDoS Defender...
More informationA Secure Method to Deliver Access Tokens to End Hosts
A Secure Method to Deliver Access Tokens to End Hosts Dr.V Asha 1, Ashwini M 2, Divyansh 3 1,2,3 Department of Master of Computer Applications, New Horizon College of Engineering, Abstract--IP traceback
More informationCyber Moving Targets. Yashar Dehkan Asl
Cyber Moving Targets Yashar Dehkan Asl Introduction An overview of different cyber moving target techniques, their threat models, and their technical details. Cyber moving target technique: Defend a system
More informationEnhancing the Reliability and Accuracy of Passive IP Traceback using Completion Condition
Enhancing the Reliability and Accuracy of Passive IP Traceback using Completion Condition B.Abhilash Reddy 1, P.Gangadhara 2 M.Tech Student, Dept. of CSE, Shri Shiridi Sai Institute of Science and Engineering,
More informationVisibility: The Foundation of your Cybersecurity Infrastructure. Marlin McFate Federal CTO, Riverbed
Visibility: The Foundation of your Cybersecurity Infrastructure Marlin McFate Federal CTO, Riverbed Detection is Only One Part of the Story Planning and Remediation are just as critical 20 18 Hackers Went
More informationMultivariate Correlation Analysis based detection of DOS with Tracebacking
1 Multivariate Correlation Analysis based detection of DOS with Tracebacking Jasheeda P Student Department of CSE Kathir College of Engineering Coimbatore jashi108@gmail.com T.K.P.Rajagopal Associate Professor
More informationEndpoint Protection : Last line of defense?
Endpoint Protection : Last line of defense? First TC Noumea, New Caledonia 10 Sept 2018 Independent Information Security Advisor OVERVIEW UNDERSTANDING ENDPOINT SECURITY AND THE BIG PICTURE Rapid development
More informationCIH
mitigating at host level, 23 25 at network level, 25 26 Morris worm, characteristics of, 18 Nimda worm, characteristics of, 20 22 replacement login, example of, 17 signatures. See signatures SQL Slammer
More informationIBM Zürich Research Laboratory. Billy Goat Overview. James Riordan Diego Zamboni Yann Duponchel IBM Research Zurich Switzerland IBM Corporation
Laboratory Billy Goat Overview James Riordan Diego Zamboni Yann Duponchel IBM Research Zurich Switzerland 2006 IBM Corporation Short Worm Summary Attackers, attacks, worms,... Faster propagation with faster
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Intrusion Detection Systems Intrusion Actions aimed at compromising the security of the target (confidentiality, integrity, availability of computing/networking
More informationSymantec Client Security. Integrated protection for network and remote clients.
Symantec Client Security Integrated protection for network and remote clients. Complex Internet threats require comprehensive security. Today's complex threats require comprehensive security solutions
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 3 Protecting Systems Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define
More informationProf. N. P. Karlekar Project Guide Dept. computer Sinhgad Institute of Technology
Volume 4, Issue 7, July 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Advance Deterministic
More informationTowards a Theoretical Framework for Trustworthy Cyber Sensing
Towards a Theoretical Framework for Trustworthy Cyber Sensing Shouhuai Xu Department of Computer Science University of Texas at San Antonio shxu@cs.utsa.edu ABSTRACT Cyberspace is an indispensable part
More information