State of the art and challenges
|
|
- Mitchell Snow
- 5 years ago
- Views:
Transcription
1 Advanced Monitoring in P2P Botnets State of the art and challenges Kami Memimpin We Lead Kami Memimpin We Lead
2 About Me Dr. Shankar Karuppayah Senior Lecturer (NAv6) Universiti Sains Malaysia (USM) Research Interests: Cybersecurity, Malware and IoT PhD in Cyber Security (TU Darmstadt, Germany) MSc. Software Systems Engineering (KMUTNB, Thailand) BSc. (HONS) Computer Science (USM, Malaysia) Advanced Monitoring in P2P Botnets Kami Memimpin We Lead 2
3 BOTNETS Web Server Botmaster DDoS traffic peaked at 1.7TBps in 2018 [Memcached Amplification, 2018] ZeroAccess DDoS: Crooks can milk '$100k a day' from 1-million-zombie [The Register, Sept-2012] Advanced Monitoring in P2P Botnets Kami Memimpin We Lead 3
4 WHY MONITOR? Botmaster Enumerate infected machines Infection cleanup Alert stakeholders, e.g., ISPs Identify control infrastructure(s) Arrest the botmaster Takedown servers Advanced Monitoring in P2P Botnets Kami Memimpin We Lead 4
5 ARCHITECTURES C2 Server Botmaster Centralized Uses Command and Control (C2) servers Single point of failure / monitoring Distributed (P2P) No C2 servers / No centralized monitoring Bots (inter)connected via an overlay Hop-by-hop command dissemination Resilient to node failures and attacks Advanced Monitoring in P2P Botnets Kami Memimpin We Lead 5
6 P2P BOTNETS Superpeers A B E D F J C No. Bot D 1 E 2 F 3 GI Router Neighbor Non-Superpeers Firewall *The size of an NL ranges between entries Non-superpeers rely on superpeers H G Membership Maintenance (MM) mechanism Ensures overlay remains connected Periodically maintains a Neighborlist (NL) Probes responsiveness of neighbors every MM-interval (256 sec up to 40 min) Update/Replace entries as needed Request additional neighbors Advanced Monitoring in P2P Botnets Kami Memimpin We Lead 6 I
7 Common Monitoring Techniques P2P BOTNET MONITORING Advanced Monitoring in P2P Botnets Kami Memimpin We Lead 7
8 REVERSE ENGINEERING Protocols Probe Probe-Reply Seed list NL-Req NL-Rep : : First and foremost, reverse engineer a malware: Obtain a binary, e.g, VirusTotal or an infected machine. Reverse engineer using tools like IDA Pro and OllyDbg Overcome code obfuscation and virtualization environment detection techniques Discover and understand: MM-mechanism and its communication protocol (sending requests/parsing replies) Seed list embedded in the binary Advanced Monitoring in P2P Botnets Kami Memimpin We Lead 8
9 CRAWLING Protocols A B E Seed list D F J C Router G NL-Req B Non-Superpeers E H Crawlers mimic bots in need of neighbors to: Enumerate bots (mostly superpeers) Discover interconnectivity of bots I A C D F G Drawback: Non-superpeers not reachable (60-90% of bots) Advanced Monitoring in P2P Botnets Kami Memimpin We Lead 9
10 SENSORS Superpeers Protocols A B S E Probe-Reply D F J C Router Non-Superpeers H G Advanced Monitoring in P2P Botnets Kami Memimpin We Lead 10 I Sensors mimic reliable and stable superpeers to: Enumerate both superpeers and non-superpeers Reliably respond to MM probing messages Become popular among other bots Hide among bots Drawback: Sensors are stealthier than crawlers, No connectivity Andriesse information et al., 2015
11 Challenges in Monitoring P2P BOTNET MONITORING Advanced Monitoring in P2P Botnets Kami Memimpin We Lead 11
12 Categories of Challenges Dynamic Nature of P2P Botnets Unknown Activities Anti-Monitoring Countermeasures Advanced Monitoring in P2P Botnets Kami Memimpin We Lead 12
13 DYNAMIC NATURE Inherit properties of regular P2P networks. Dynamic IP address allocation pools, (e.g., ISPs, DHCP) High churn rate and diurnal effects Network/security devices, e.g., NAT, Firewall About > 90% Absence nodes are of unique identifiers NOT reachable Owh WOW! Okay Cool! via Only > 12,000 about crawling bots < ~1,400 in 7 days! bots Over/under estimating multiple nodes behind same IP We are under-estimating Sality V3 Crawling (7-days) 690 >= Total_bots <= 1,447 Advanced Monitoring in P2P Botnets Kami Memimpin We Lead 13
14 Categories of Major Challenges Dynamic Nature of P2P Botnets Unknown Activities Anti-Monitoring Countermeasures Advanced Monitoring in P2P Botnets Kami Memimpin We Lead 14
15 Geo-IP location of other researchers/parties crawling in Sality V3 on 1 st April 2015 Advanced Monitoring in P2P Botnets Kami Memimpin We Lead 15
16 UNKNOWN ACTIVITIES Many third-parties snooping around P2P botnets Introduce a lot of noise from their activities Attacks (e.g., Neighbor list poisoning, sybil attacks) Spoofing of invalid addresses/ids Over-estimation prone to happen Aggressive monitoring Requests as high as 15 request/min (consistent and constant rate, 24x7) Generate random IDs on-the-fly Artificial nodes Low/high uptime Skew churn measurements Stress-test our crawlers and sensors Malformed packets / commands / contents: Require a LOT of bug-fixing! Testing our system s assumptions: Replay REAL commands Advanced Monitoring in P2P Botnets Kami Memimpin We Lead 16
17 Categories of Major Challenges Dynamic Nature of P2P Botnets Unknown Activities Anti-Monitoring Countermeasures Advanced Monitoring in P2P Botnets Kami Memimpin We Lead 17
18 ANTI-MONITORING COUNTERMEASURES Try to get into NL of D FULL D Is this bot If yes, contacting blacklist me too frequently? this bot NL is full and all neighbors are having positive F reputation E J Crawler Bot goes offline before crawling Challenges in crawling: Delay introduces noise in crawl data Botnet anti-crawling countermeasures: 1. Restricted NL-reply mechanisms Disclosing only a subset of neighbors 2. Automated blacklisting mechanisms Force crawlers to rate-limit their crawl frequency G I Challenges in deploying sensors: Local reputation mechanism E (Sality) Prefer existing neighbors than newly F discovered ones D G I Advanced Monitoring in P2P Botnets Kami Memimpin We Lead 18
19 (Selected) Botnet Anti-Monitoring Mechanisms 1. Blacklisting (P2P Zeus) Crawlers contacting bots too aggressively (>6 request / min) 2. Local reputation mechanism (Sality) Older bots are preferred over newer bots (Could even be > 7 years old) 3. Restricted NL return size (P2P Zeus, Sality, ZeroAccess) Only a subset of neighbors returned for every request P2P Zeus = 10/50 (XOR-metric based selection mechanism) Sality = 1/1000 ZeroAccess = 16/ Restricted Subnet/Address (P2P Zeus, Sality, ZeroAccess) One entry for a /20 subnet Non-duplicate IP address Advanced Monitoring in P2P Botnets Kami Memimpin We Lead 19
20 State of the art P2P BOTNET MONITORING Advanced Monitoring in P2P Botnets Kami Memimpin We Lead 20
21 (Selected) State of the art Mechanisms Crawlers 1. P2P Zeus neighborlist return mechanism ZeusMilker: Retrieve entire neighborlist from a single bot with a max. of 2N requests 2. Noise in dataset due to high churn Strobocrawler: High speed crawler that takes successive snapshots of the topology in high frequency 3. BoobyTrap: Crawler detection techniques Sensors Previously, no clear mechanisms were available to distinguish them Now, 3 mechanisms exists: LCC: Local Clustering Coefficient SensorRanker: PageRank inspired algorithm to distinguish artificially-popular nodes SensorBuster: Uses Strongly Connected Components to distinguish them Advanced Monitoring in P2P Botnets Kami Memimpin We Lead 21
22 Outlook Now (Simple) Anti-Monitoring Countermeasures Independent Monitoring Future Advanced Anti-Monitoring Countermeasures Collaborative Monitoring Review Existing Cyber Laws Advanced Monitoring in P2P Botnets Kami Memimpin We Lead 22
23 Selected Publications Shankar Karuppayah, Mathias Fischer, Christian Rossow, and Max Mühlhäuser. On Advanced Monitoring in Resilient and Unstructured P2P Botnets. In IEEE International Conference on Communications (ICC), Shankar Karuppayah, Stefanie Roos, Christian Rossow, Max Mühlhäuser, and Mathias Fischer. ZeusMilker: Circumventing the P2P Zeus Neighbor List Restriction Mechanism. In IEEE International Conference on Distributed Computing Systems (ICDCS), Leon Böck, Shankar Karuppayah, Tim Grube, Max Mühlhäuser, and Mathias Fischer. Hide And Seek: Detecting Sensors In P2P Botnets. (Extended Abstract) In IEEE Conference on Communications and Network Security, Emmanouil Vasilomanolakis, Shankar Karuppayah, Max Mühlhäuser, and Mathias Fischer. Taxonomy and Survey of Collaborative Intrusion Detection. ACM Computing Surveys 47 (4)., Shankar Karuppayah, Emmanouil Vasilomanolakis, Steffen Haas, Max Mühlhäuser, and Mathias Fischer. BoobyTrap: On Autonomously Detecting and Characterizing Crawlers in P2P Botnets. In IEEE International Conference on Communications (ICC), Steffen Haas, Shankar Karuppayah, Selvakumar Manickam, Max Mühlhäuser, and Mathias Fischer. On the Resilience of P2P-Based Botnet Graphs., IEEE Conference on Communications and Network Security (CNS), Shankar Karuppayah, Leon Böck, Tim Grube, Selvakumar Manickam, Max Mühlhäuser, and Mathias Fischer. SensorBuster: On Identifying Sensor Nodes in P2P Botnets. International Conference on Availability, Reliability and Security (ARES), Advanced Monitoring in P2P Botnets Kami Memimpin We Lead 23
24 Kami Memimpin We Lead Thank You Dr. Shankar Karuppayah Advanced Monitoring in P2P Botnets 24
BoobyTrap: On Autonomously Detecting and Characterizing Crawlers in P2P Botnets
BoobyTrap: On Autonomously Detecting and Characterizing Crawlers in P2P Botnets Shankar Karuppayah, Emmanouil Vasilomanolakis, Steffen Haas, Max Mühlhäuser, Mathias Fischer Telecooperation Group TU Darmstadt
More informationNext Generation P2P Botnets: Monitoring under Adverse Conditions
Next Generation P2P Botnets: Monitoring under Adverse Conditions Leon Böck 1, Emmanouil Vasilomanolakis 1, Max Mühlhäuser 1, and Shankar Karuppayah 2 1 Telecooperation Lab, Technische Universität Darmstadt,
More informationZEUSMILKER: Circumventing the P2P Zeus Neighbor List Restriction Mechanism
ZEUSMILKER: Circumventing the P2P Zeus Neighbor List Restriction Mechanism Shankar Karuppayah, Stefanie Roos, Christian Rossow, Max Mühlhäuser, Mathias Fischer Telecooperation Group Technische Universität
More informationOn Advanced Monitoring in Resilient and Unstructured P2P Botnets
On Advanced Monitoring in Resilient and Unstructured P2P Botnets Shankar Karuppayah, Mathias Fischer, Christian Rossow, Max Mühlhäuser Telecooperation Group, Technische Universität Darmstadt / CASED firstname.lastname@cased.de
More informationA Comparative Analysis of the Resilience of Peer to Peer Botnets
Master s Thesis A Comparative Analysis of the Resilience of Peer to Peer Botnets Dennis Andriesse Amsterdam, August 2012 VU University Amsterdam Advisors: Herbert Bos and Christian Rossow Abstract Botnets
More informationA Review on ICMPv6 Vulnerabilities and its Mitigation Techniques: Classification and Art
2015 IEEE 2015 International Conference on Computer, Communication, and Control Technology (I4CT 2015), April 21-23 in Imperial Kuching Hotel, Kuching, Sarawak, Malaysia A Review on ICMPv6 Vulnerabilities
More informationAnalyzing Flow-based Anomaly Intrusion Detection using Replicator Neural Networks. Carlos García Cordero Sascha Hauke Max Mühlhäuser Mathias Fischer
Analyzing Flow-based Anomaly Intrusion Detection using Replicator Neural Networks Carlos García Cordero Sascha Hauke Max Mühlhäuser Mathias Fischer The Beautiful World of IoT 06.03.2018 garcia@tk.tu-darmstadt.de
More informationAutomating Security Response based on Internet Reputation
Add Your Logo here Do not use master Automating Security Response based on Internet Reputation IP and DNS Reputation for the IPS Platform Anthony Supinski Senior Systems Engineer www.h3cnetworks.com www.3com.com
More informationA Taxonomy of Botnet Structures
A Taxonomy of Botnet Structures Martin Lyckander martily 08/04/2016 About the paper David Dagon, Guofei Gu, Christopher P. Lee, Wenke Lee Georgia Institute of Technology Published in 2007 What is a botnet?
More informationCS 425 / ECE 428 Distributed Systems Fall 2015
CS 425 / ECE 428 Distributed Systems Fall 2015 Indranil Gupta (Indy) Measurement Studies Lecture 23 Nov 10, 2015 Reading: See links on website All Slides IG 1 Motivation We design algorithms, implement
More information(Im)possibility of Enumerating Zombies. Yongdae Kim (U of Minnesota - Twin Cities)
(Im)possibility of Enumerating Zombies Yongdae Kim (U of Minnesota - Twin Cities) From Gunter Ollmann at Damballa's blog Botnet and DDoS Botnets becoming the major tool for DDoS 5 million nodes Botnet
More informationReliable Recon in Adversarial Peer-to-Peer Botnets
Reliable Recon in Adversarial Peer-to-Peer Botnets Dennis Andriesse VU University Amsterdam The Netherlands d.a.andriesse@vu.nl Christian Rossow Saarland University, Germany crossow@mmci.unisaarland.de
More informationChapter 2 Malicious Networks for DDoS Attacks
Chapter 2 Malicious Networks for DDoS Attacks Abstract In this chapter, we explore botnet, the engine of DDoS attacks, in cyberspace. We focus on two recent techniques that hackers are using to sustain
More informationYour projected and optimistically projected grades should be in the grade center soon o Projected: Your current weighted score /30 * 100
You should worry if you are below this point Your projected and optimistically projected grades should be in the grade center soon o Projected: Your current weighted score /0 * 100 o Optimistic: (Your
More informationFast and Evasive Attacks: Highlighting the Challenges Ahead
Fast and Evasive Attacks: Highlighting the Challenges Ahead Moheeb Rajab, Fabian Monrose, and Andreas Terzis Computer Science Department Johns Hopkins University Outline Background Related Work Sampling
More informationOverlay and P2P Networks. Introduction and unstructured networks. Prof. Sasu Tarkoma
Overlay and P2P Networks Introduction and unstructured networks Prof. Sasu Tarkoma 14.1.2013 Contents Overlay networks and intro to networking Unstructured networks Overlay Networks An overlay network
More informationdeseo: Combating Search-Result Poisoning Yu USF
deseo: Combating Search-Result Poisoning Yu Jin @MSCS USF Your Google is not SAFE! SEO Poisoning - A new way to spread malware! Why choose SE? 22.4% of Google searches in the top 100 results > 50% for
More informationBeyond Blind Defense: Gaining Insights from Proactive App Sec
Beyond Blind Defense: Gaining Insights from Proactive App Sec Speaker Rami Essaid CEO Distil Networks Blind Defense Means Trusting Half Your Web Traffic 46% of Web Traffic is Bots Source: Distil Networks
More information15-441: Computer Networking. Wireless Networking
15-441: Computer Networking Wireless Networking Outline Wireless Challenges 802.11 Overview Link Layer Ad-hoc Networks 2 Assumptions made in Internet Host are (mostly) stationary Address assignment, routing
More informationSecurity activities in Japan towards the future standardization. Cybersecurity
Security activities in Japan towards the future standardization Side Event Cybersecurity Koji NAKAO KDDI, Japan Content Current threats - Internet User in Japan - However, observation of many scans (by
More informationDDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH
DDoS Protector Block Denial of Service attacks within seconds Simon Yu Senior Security Consultant CISSP-ISSAP, MBCS, CEH 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012
More informationStreamWorks A System for Real-Time Graph Pattern Matching on Network Traffic
StreamWorks A System for Real-Time Graph Pattern Matching on Network Traffic GEORGE CHIN, SUTANAY CHOUDHURY AND KHUSHBU AGARWAL Pacific Northwest National Laboratory 1 Emerging Graph Patterns Goal: Detect
More informationCSc 450/550 Computer Networks Internet Routing
CSc 450/550 Computer Networks Internet Routing Jianping Pan Summer 2007 7/12/07 CSc 450/550 1 Review Internet Protocol (IP) IP header addressing class-based, classless, hierarchical, NAT routing algorithms
More informationHOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL
HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL CONTENTS EXECUTIVE SUMMARY 1 WEB APPLICATION SECURITY CHALLENGES 2 INSIST ON BEST-IN-CLASS CORE CAPABILITIES 3 HARNESSING ARTIFICIAL INTELLIGENCE
More informationLecture 21 P2P. Napster. Centralized Index. Napster. Gnutella. Peer-to-Peer Model March 16, Overview:
PP Lecture 1 Peer-to-Peer Model March 16, 005 Overview: centralized database: Napster query flooding: Gnutella intelligent query flooding: KaZaA swarming: BitTorrent unstructured overlay routing: Freenet
More informationDetect & Respond to IoT Botnets AS AN ISP. Christoph Giese Telekom Security; Cyber DefenSe Center
Detect & Respond to IoT Botnets AS AN ISP Christoph Giese Telekom Security; Cyber DefenSe Center Management Summary Mirai hit us hard; IoT Botnets are on the rise and rapidly evolving We developed a three-stage
More informationDistributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by
More informationOverview. Overview. OTV Fundamentals. OTV Terms. This chapter provides an overview for Overlay Transport Virtualization (OTV) on Cisco NX-OS devices.
This chapter provides an overview for Overlay Transport Virtualization (OTV) on Cisco NX-OS devices., page 1 Sample Topologies, page 6 OTV is a MAC-in-IP method that extends Layer 2 connectivity across
More informationInformation Technology Enhancing Productivity and Securing Against Cyber Attacks
Information Technology Enhancing Productivity and Securing Against Cyber Attacks AGENDA Brief Overview of PortMiami Enhancing Productivity Using Technology Technology Being Using at the Port Cyber Attacks
More informationPeer-to-Peer Systems. Chapter General Characteristics
Chapter 2 Peer-to-Peer Systems Abstract In this chapter, a basic overview is given of P2P systems, architectures, and search strategies in P2P systems. More specific concepts that are outlined include
More informationCSC 4900 Computer Networks: Routing Protocols
CSC 4900 Computer Networks: Routing Protocols Professor Henry Carter Fall 2017 Last Time Link State (LS) versus Distance Vector (DV) algorithms: What are some of the differences? What is an AS? Why do
More informationCapability Analysis of Internet of Things (IoT) Devices in Botnets & Implications for Cyber Security Risk Assessment Processes (Part One)
Capability Analysis of Internet of Things (IoT) Devices in Botnets & Implications for Cyber Security Risk Assessment Processes (Part One) Presented by: Andrew Schmitt Theresa Chasar Mangaya Sivagnanam
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationThink You re Safe from DDoS Attacks? As an AWS customer, you probably need more protection. Discover the vulnerabilities and how Neustar can help.
Think You re Safe from DDoS Attacks? As an AWS customer, you probably need more protection. Discover the vulnerabilities and how Neustar can help. www.home.neustar 02 Think You're Safe from DDos Attacks?
More informationChapter 7. Denial of Service Attacks
Chapter 7 Denial of Service Attacks DoS attack: An action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units (CPU),
More informationAssessing the Security of Internet Connected Critical Infrastructures
Assessing the Security of Internet Connected Critical Infrastructures The Comifin Project Approach H. Ghani, A. Khelil, N. Suri, G. Csertán, L. Gönczy, G. Urbanics, J. Clarke Dept of Computer Science,
More informationLab10: NATing. addressing conflicts, routers must never route private IP addresses.
Introduction These are reserved private Internet addresses drawn from the three blocks shown in the figure. These addresses are for private, internal network use only. Packets containing these addresses
More informationOn the Robustness of Random Walk Algorithms for the Detection of Unstructured P2P Botnets
On the Robustness of Random Walk Algorithms for the Detection of Unstructured P2P Botnets Dominik Muhs 1 1 Stefen Haas 2 Technische Universität Dresden Dresden, Germany firstllast@tuddresdenlde Thorsten
More informationNetwork Heartbeat Traffic Characterization. Mackenzie Haffey Martin Arlitt Carey Williamson Department of Computer Science University of Calgary
Network Heartbeat Traffic Characterization Mackenzie Haffey Martin Arlitt Carey Williamson Department of Computer Science University of Calgary What is a Network Heartbeat? An event that occurs repeatedly
More informationRouting, Routing Algorithms & Protocols
Routing, Routing Algorithms & Protocols Computer Networks Lecture 6 http://goo.gl/pze5o8 Circuit-Switched and Packet-Switched WANs 2 Circuit-Switched Networks Older (evolved from telephone networks), a
More informationUTM 5000 WannaCry Technote
UTM 5000 WannaCry Technote The news is full of reports of the massive ransomware infection caused by WannaCry. Although these security threats are pervasive, and ransomware has been around for a decade,
More informationDetecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine
Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray, Sven Krasser Motivation Spam: More than Just a
More informationScalable overlay Networks
overlay Networks Dr. Samu Varjonen 1 Contents Course overview Lectures Assignments/Exercises 2 Course Overview Overlay networks and peer-to-peer technologies have become key components for building large
More informationTHE UTILITY OF DNS TRAFFIC MANAGEMENT
SECURITY SERVICES WHITE PAPER THE UTILITY OF DNS TRAFFIC MANAGEMENT TABLE OF CONTENTS 2 ABOUT DNS 3 DNS TRAFFIC MANAGEMENT 4 MONITORING AND FAILOVER 5 TRAFFIC MANAGEMENT MONITORING PROBES 6 GLOBAL LOAD
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 18: Network Attacks Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Network attacks denial-of-service (DoS) attacks SYN
More informationTowards Complete Node Enumeration in a Peer-to-Peer Botnet
Towards Complete Node Enumeration in a Peer-to-Peer Botnet Brent ByungHoon Kang 1, Eric Chan-Tin 2, Christopher P. Lee 3, James Tyra 2, Hun Jeong Kang 2, Chris Nunnery 1, Zachariah Wadler 1, Greg Sinclair
More informationANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS
ANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS Saulius Grusnys, Ingrida Lagzdinyte Kaunas University of Technology, Department of Computer Networks, Studentu 50,
More informationStochastic Blockmodels as an unsupervised approach to detect botnet infected clusters in networked data
Stochastic Blockmodels as an unsupervised approach to detect botnet infected clusters in networked data Mark Patrick Roeling & Geoff Nicholls Department of Statistics University of Oxford Data Science
More informationDemystifying Service Discovery: Implementing an Internet-Wide Scanner
Demystifying Service Discovery: Implementing an Internet-Wide Scanner Derek Leonard Joint work with Dmitri Loguinov Internet Research Lab Department of Computer Science and Engineering Texas A&M University,
More informationExit from Hell? Reducing the Impact of Amplification DDoS Attacks Marc Kührer, Thomas Hupperich, Christian Rossow, and Thorsten Holz
Exit from Hell? Reducing the Impact of Amplification DDoS Attacks Marc Kührer, Thomas Hupperich, Christian Rossow, and Thorsten Holz Presented By : Richie Noble Distributed Denial-of-Service (DDoS) Attacks
More informationAkamai's V6 Rollout Plan and Experience from a CDN Point of View. Christian Kaufmann Director Network Architecture Akamai Technologies, Inc.
Akamai's V6 Rollout Plan and Experience from a CDN Point of View Christian Kaufmann Director Network Architecture Akamai Technologies, Inc. Agenda About Akamai General IPv6 transition technologies Challenges
More informationHost Identity Indirection Infrastructure Hi 3. Jari Arkko, Pekka Nikander and Börje Ohlman Ericsson Research
Host Identity Indirection Infrastructure Hi 3 Jari Arkko, Pekka Nikander and Börje Ohlman Ericsson Research Presentation outline Motivation Background Secure i 3 Hi 3 Summary 2 Hi 3 motivation Question:
More informationAkamai's V6 Rollout Plan and Experience from a CDN Point of View. Christian Kaufmann Director Network Architecture Akamai Technologies, Inc.
Akamai's V6 Rollout Plan and Experience from a CDN Point of View Christian Kaufmann Director Network Architecture Akamai Technologies, Inc. Agenda About Akamai General IPv6 transition technologies Challenges
More informationPeer-to-Peer Botnet Detection Using NetFlow. Connor Dillon
Peer-to-Peer Botnet Detection Using NetFlow Connor Dillon System and Network Engineering University of Amsterdam Master thesis presentation, July 3 rd 2014 Supervisor: Pepijn Janssen RedSocks Botnets Large
More informationStrobeLight: Lightweight Availability Mapping and Anomaly Detection. James Mickens, John Douceur, Bill Bolosky Brian Noble
StrobeLight: Lightweight Availability Mapping and Anomaly Detection James Mickens, John Douceur, Bill Bolosky Brian Noble At any given moment, how can we tell which enterprise machines are online and
More information15-441: Computer Networking. Lecture 24: Ad-Hoc Wireless Networks
15-441: Computer Networking Lecture 24: Ad-Hoc Wireless Networks Scenarios and Roadmap Point to point wireless networks (last lecture) Example: your laptop to CMU wireless Challenges: Poor and variable
More informationFP7 NEMESYS Project: Advances on Mobile Network Security
Enhanced Network Security for Seamless Service Provisioning in the Smart Mobile Ecosystem FP7 NEMESYS Project: Advances on Mobile Network Security Elina Theodoropoulou R&D Projects Section Manager etheodorop@cosmote.gr
More informationKapitel 5: Mobile Ad Hoc Networks. Characteristics. Applications of Ad Hoc Networks. Wireless Communication. Wireless communication networks types
Kapitel 5: Mobile Ad Hoc Networks Mobilkommunikation 2 WS 08/09 Wireless Communication Wireless communication networks types Infrastructure-based networks Infrastructureless networks Ad hoc networks Prof.
More informationCitation for published version (APA): Stevanovic, M., & Pedersen, J. M. (2013). Machine learning for identifying botnet network traffic.
Aalborg Universitet Machine learning for identifying botnet network traffic Stevanovic, Matija; Pedersen, Jens Myrup Publication date: 2013 Document Version Accepted author manuscript, peer reviewed version
More informationA Unified Threat Defense: The Need for Security Convergence
A Unified Threat Defense: The Need for Security Convergence Udom Limmeechokchai, Senior system Engineer Cisco Systems November, 2005 1 Agenda Evolving Network Security Challenges META Group White Paper
More informationOn the State of the Inter-domain and Intra-domain Routing Security
On the State of the Inter-domain and Intra-domain Routing Security Mingwei Zhang April 19, 2016 Mingwei Zhang Internet Routing Security 1 / 54 Section Internet Routing Security Background Internet Routing
More informationConfiguring DHCP Features and IP Source Guard
CHAPTER 21 This chapter describes how to configure DHCP snooping and option-82 data insertion, and the DHCP server port-based address allocation features on the switch. It also describes how to configure
More informationSize Matters Measuring a Botnet Operator s Pinkie
VB2010, Vancouver Size Matters Measuring a Botnet Operator s Pinkie Gunter Ollmann, VP Research gollmann@damballa.com About Gunter Ollmann VP of Research, Damballa Inc. Board of Advisors, IOActive Inc.
More informationQOS Quality Of Service
QOS Quality Of Service Michael Schär Seminar in Distributed Computing Outline Definition QOS Attempts and problems in the past (2 Papers) A possible solution for the future: Overlay networks (2 Papers)
More informationEEC-684/584 Computer Networks
EEC-684/584 Computer Networks Lecture 14 wenbing@ieee.org (Lecture nodes are based on materials supplied by Dr. Louise Moser at UCSB and Prentice-Hall) Outline 2 Review of last lecture Internetworking
More informationIntroduction to Mobile Ad hoc Networks (MANETs)
Introduction to Mobile Ad hoc Networks (MANETs) 1 Overview of Ad hoc Network Communication between various devices makes it possible to provide unique and innovative services. Although this inter-device
More informationTopology Enhancement in Wireless Multihop Networks: A Top-down Approach
Topology Enhancement in Wireless Multihop Networks: A Top-down Approach Symeon Papavassiliou (joint work with Eleni Stai and Vasileios Karyotis) National Technical University of Athens (NTUA) School of
More informationTrisul Network Analytics - Traffic Analyzer
Trisul Network Analytics - Traffic Analyzer Using this information the Trisul Network Analytics Netfllow for ISP solution provides information to assist the following operation groups: Network Operations
More informationWar Stories from the Cloud Going Behind the Web Security Headlines. Emmanuel Mace Security Expert
War Stories from the Cloud Going Behind the Web Security Headlines Emmanuel Mace Security Expert The leading cloud platform for enabling secure, high-performing user experiences on any device, anywhere.
More informationCOM-208: Computer Networks - Homework 6
COM-208: Computer Networks - Homework 6. (P22) Suppose you are interested in detecting the number of hosts behind a NAT. You observe that the IP layer stamps an identification number sequentially on each
More informationNovetta Cyber Analytics
Know your network. Arm your analysts. Introduction Novetta Cyber Analytics is an advanced network traffic analytics solution that empowers analysts with comprehensive, near real time cyber security visibility
More informationImma Chargin Mah Lazer
Imma Chargin Mah Lazer How to protect against (D)DoS attacks Oliver Matula omatula@ernw.de #2 Denial of Service (DoS) Outline Why is (D)DoS protection important? Infamous attacks of the past What types
More informationCopyright 2014 NTT corp. All Rights Reserved.
Credential Honeytoken for Tracking Web-based Attack Cycle Mitsuaki Akiyama (akiama.mitsuaki@lab.ntt.co.jp) NTT Secure Platform Laboratories / NTT-CERT Who I am Mitsuaki Akiyama Security Researcher (Ph.D)
More informationAN INTRUSION PREVENTION SYSTEM USING FIRECOL FOR THE DETECTION AND MITIGATION OF FLOODING DDOS ATTACKS
AN INTRUSION PREVENTION SYSTEM USING FIRECOL FOR THE DETECTION AND MITIGATION OF FLOODING DDOS ATTACKS Abstract Distributed denial-of-service (DDoS) attacks remain a major security problem, the mitigation
More informationScalable overlay Networks
overlay Networks Dr. Samu Varjonen 1 Lectures MO 15.01. C122 Introduction. Exercises. Motivation. TH 18.01. DK117 Unstructured networks I MO 22.01. C122 Unstructured networks II TH 25.01. DK117 Bittorrent
More informationDDoS: Coordinated Attacks Analysis
DDoS: Coordinated Attacks Analysis This article will cover some concepts about a well-known attack named DDoS (Distributed Denial-of-Service) with some lab demonstrations as a Proof of Concept with countermeasures.
More informationCharacterizing Dark DNS Behavior
Characterizing Dark DNS Behavior Jon Oberheide*, Manish Karir, Z. Morley Mao*, Farnam Jahanian* *University of Michigan Merit Network, Inc. DIMVA 2007 July 12, 2007 Presentation Summary Sell/short/don't
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Network Attacks Denial of service Attacks
Security+ Guide to Network Security Fundamentals, Fourth Edition Network Attacks Denial of service Attacks Introduction: What is DoS? DoS attack is an attempt (malicious or selfish) by an attacker to cause
More informationThe OSI model of network communications
The OSI model of network communications The TCP/IP networking layers are mapped to the OSI model The Next Generation TCP/IP stack IPv6 is supported natively in Windows Vista, Windows 7, Windows Server
More informationHTTP BASED BOT-NET DETECTION TECHNIQUE USING APRIORI ALGORITHM WITH ACTUAL TIME DURATION
International Journal of Computer Engineering and Applications, Volume XI, Issue III, March 17, www.ijcea.com ISSN 2321-3469 HTTP BASED BOT-NET DETECTION TECHNIQUE USING APRIORI ALGORITHM WITH ACTUAL TIME
More informationInsight Guide into Securing your Connectivity
Insight Guide I Securing your Connectivity Insight Guide into Securing your Connectivity Cyber Security threats are ever present in todays connected world. This guide will enable you to see some of the
More informationSynchronized Security
Synchronized Security 2 Endpoint Firewall Synchronized Security Platform and Strategy Admin Manage All Sophos Products Self Service User Customizable Alerts Partner Management of Customer Installations
More informationPeerfactSim.KOM: A Simulation Framework for Peer-to-Peer Systems
PeerfactSim.KOM: A Simulation Framework for Peer-to-Peer Systems The 2011 International Conference on High Performance Computing & Simulation July 4 8, 2011, Istanbul, Turkey Dominik Stingl Christian Gross
More informationLie. Cheat. Deceive. How to Practice the Art of Deception at Machine Speed
SESSION ID: ECO-R03 Lie. Cheat. Deceive. How to Practice the Art of Deception at Machine Speed Jason Bird Head of EMEA Technical Solutions CSG Invotas @securedsensibly Why continue to do things the way
More informationIllegitimate Source IP Addresses At Internet Exchange Points
Illegitimate Source IP Addresses At Internet Exchange Points @ DENOG8, Darmstadt Franziska Lichtblau, Florian Streibelt, Philipp Richter, Anja Feldmann 23.11.2016 Internet Network Architectures, TU Berlin
More informationLocal & National Government
Use Cases Local & National Government Enterprise INTRODUCTION This document provides a selection of customer use cases applicable for the governmental sector. Each use case describes an individual challenge
More informationMulticast Technology White Paper
Multicast Technology White Paper Keywords: Multicast, IGMP, IGMP Snooping, PIM, MBGP, MSDP, and SSM Mapping Abstract: The multicast technology implements high-efficiency point-to-multipoint data transmission
More informationITEC310 Computer Networks II
ITEC310 Computer Networks II Chapter 22 Network Layer:, and Routing Department of Information Technology Eastern Mediterranean University Objectives 2/131 After completing this chapter you should be able
More informationCASE STUDY: REGIONAL BANK
CASE STUDY: REGIONAL BANK Concerned about unauthorised network traffic, a regional bank in the MD/DC/VA area contracted GBMS Tech Ltd to monitor the banks various security systems. GBMS Tech Ltd uncovered
More informationCISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline
CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment
More informationFiberstoreOS IPv6 Service Configuration Guide
FiberstoreOS IPv6 Service Configuration Guide Contents 1 Configuring IPv6 over IPv4 Tunnel...5 1.1 Overview...5 1.1.2 Manual Tunnel...6 1.1.3 6to4 Tunnel...6 1.1.4 ISATAP Tunnel...7 1.2 Configure Manual
More informationEMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security
EMERGING THREATS & STRATEGIES FOR DEFENSE Paul Fletcher Cyber Security Evangelist @_PaulFletcher Threats by Customer Environment Cloud Environment On Premise Environment 1.96% 0.13% 0.02% application-attack
More informationStratum Filtering for DDoS Resilient Clouds
Stratum Filtering for DDoS Resilient Clouds Michael Waidner Joint work with Amir Herzberg and Haya Shulman A CRISP Member 8rd ACM Cloud Computing Security Workshop Vienna,
More informationFile Sharing in Less structured P2P Systems
File Sharing in Less structured P2P Systems. Bhosale S.P. 1, Sarkar A.R. 2 Computer Science And Engg. Dept., SVERI s College of Engineering Pandharpur Solapur, India1 Asst.Prof, Computer Science And Engg.
More informationChapter 10: Denial-of-Services
Chapter 10: Denial-of-Services Technology Brief This chapter, "Denial-of-Service" is focused on DoS and Distributed Denial-of-Service (DDOS) attacks. This chapter will cover understanding of different
More informationDenial of Service. Denial of Service. A metaphor: Denial-of-Dinner Attack. DDoS over the years. Ozalp Babaoglu
Denial of Service Denial of Service Ozalp Babaoglu Availability refers to the ability to use a desired information resource or service A Denial of Service attack is an attempt to make that information
More informationHierarchical Routing. Our routing study thus far - idealization all routers identical network flat not true in practice
Hierarchical Routing Our routing study thus far - idealization all routers identical network flat not true in practice scale: with 200 million destinations: can t store all destinations in routing tables!
More informationIPv6 Snooping. Finding Feature Information. Restrictions for IPv6 Snooping
The feature bundles several Layer 2 IPv6 first-hop security features, including IPv6 neighbor discovery inspection, IPv6 device tracking, IPv6 address glean, and IPv6 binding table recovery, to provide
More information@IJMTER-2016, All rights Reserved ,2 Department of Computer Science, G.H. Raisoni College of Engineering Nagpur, India
Secure and Flexible Communication Technique: Implementation Using MAC Filter in WLAN and MANET for IP Spoofing Detection Ashwini R. Vaidya 1, Siddhant Jaiswal 2 1,2 Department of Computer Science, G.H.
More informationWireless Network Security Spring 2011
Wireless Network Security 14-814 Spring 2011 Patrick Tague Feb 17, 2011 Class #12 Network layer security Announcements No more scheduled office hours after today Email or call me to make an appointment
More information