Detecting DGA Malware Traffic Through Behavioral Models. Erquiaga, María José Catania, Carlos García, Sebastían
|
|
- Neil Rose
- 6 years ago
- Views:
Transcription
1 Detecting DGA Malware Traffic Through Behavioral Models Erquiaga, María José Catania, Carlos García, Sebastían
2 Outline Introduction Detection Method Training the threshold Dataset description Experiment setup Experiment results Conclusion
3 Introduction DGA Definition Some botnets use algorithms to generate the domain names they need to connect to their C&C servers: Domain Generation Algorithms. DGA detection Detecting the domain names generated by a DGA is difficult because they are usually randomly generated from letters or common dictionary words. Hypothesis: Behavior in the network generated by DGA is quite different from normal DNS traffic. Goal: to differentiate DGA traffic from normal DNS traffic using machine learning methods. To accomplish this goal we use the network-based behavioral models of the Stratosphere Project [1] to model the DNS traffic and to perform our experiments. [1] Stratosphere Project
4 Detection Method (I) Behavioral models Model the behavior of each connection by aggregating the flows according to a 4-tuple composed of: source IP address, destination IP address, destination port and protocol Steps: 1) Extract three features of each flow: size, duration and periodicity. 2) Assign to each flow a state letter according to the features extracted and the assignment strategy. 3) All the states of the connection are represented as a string and stored as part of the behavioral model.
5 Detection Method (II) Example behavioral model: 24.R*R.R.R*a*b*a*a*b*b*a*R.R*R.R*a*a*b*a*a*a*a
6 Detection Method (III) Markov chains First, a Markov Chain model is created (trained) for each known connection. Creating each Markov Chain model results in a transition matrix and initialization vector per connection (detection model of the connection). Second, the new unknown incoming traffic that is going to be evaluated is separated into connections and for each connection we generate the corresponding string of letters. Third, the method evaluates which is the probability that each new string of letters had been generated by each one of the trained detection models
7 Dataset For the purpose of evaluation, these groups were also separated in a dataset for training, one for cross-validation and one for testing.
8 Experiment Setup Goal: analyze the detection potential of the trained models on each of the five group of DNS behaviors. Our testing methodology uses time windows for the computation of errors (alerts should be reported at most after a fixed amount of time) We separate the testing datasets on time windows of five minutes. On each time window we apply our detection method to obtain the amount of errors: TN, TP, FP, FN.
9 Experiment Results (I) Normal DGA 1 DNS Botnet DGA 22 Fast Flux
10 Experiment Results (I) Normal DGA 1 DNS Botnet DGA 22 Fast Flux
11 Experiment Results (I) Normal DGA 1 DNS Botnet DGA 22 Fast Flux
12 Experiment Results (I) Normal DGA 1 DNS Botnet DGA 22 Fast Flux
13 Experiment Results (I) Normal DGA 1 DNS Botnet DGA 22 Fast Flux
14 Experiment Results (III) Performance of each group detection model B (DNS Botnet) on all the testing datasets :
15 Experiment Results (IV) Performance of each group detection model B (DNS Botnet) on all the testing datasets :
16 Conclusion Our detection method, has shown that the detection models from the DGA groups were able to generalize others groups of traffic behavior. The most important finding observed during our experiments was the notable difference between the behavior of normal and botnet DNS models. Such results are an important confirmation of the viability of the use of behavioral models in the detection of DGA traffic. Future work. Further research on datasets with both normal and botnet traffic for our testing.
17 Questions?
Botnets Behavioral Patterns in the Network
Botnets Behavioral Patterns in the Network Garcia Sebastian @eldracote Hack.Lu 2014 CTU University, Czech Republic. UNICEN University, Argentina. October 23, 2014 How are we detecting malware and botnets?
More informationDetecting malware even when it is encrypted
Detecting malware even when it is encrypted Machine Learning for network HTTPS analysis František Střasák strasfra@fel.cvut.cz @FrenkyStrasak Sebastian Garcia sebastian.garcia@agents.fel.cvut.cz @eldracote
More informationDetecting malware even when it is encrypted
Detecting malware even when it is encrypted Machine Learning for network HTTPS analysis František Střasák strasfra@fel.cvut.cz @FrenkyStrasak Sebastian Garcia sebastian.garcia@agents.fel.cvut.cz @eldracote
More informationDetecting Malicious Activity with DNS Backscatter Kensuke Fukuda John Heidemann Proc. of ACM IMC '15, pp , 2015.
Detecting Malicious Activity with DNS Backscatter Kensuke Fukuda John Heidemann Proc. of ACM IMC '15, pp. 197-210, 2015. Presented by Xintong Wang and Han Zhang Challenges in Network Monitoring Need a
More informationJohn Munro / Jason Trost / FlonCon 2013 January 7 10 Albuquerque, New Mexico
John Munro / jmunro@endgame.com Jason Trost / jtrost@endgame.com FlonCon 2013 January 7 10 Albuquerque, New Mexico Introductions John Munro (jmunro@endgame.com) Network Security Researcher and Data Scientist
More informationState of the Internet Security Q Mihnea-Costin Grigore Security Technical Project Manager
State of the Internet Security Q2 2017 Mihnea-Costin Grigore Security Technical Project Manager Topics 1. Introduction 2. DDoS Attack Trends 3. Web Application Attack Trends 4. Spotlights 5. Resources
More informationApproximate Bayesian Computation. Alireza Shafaei - April 2016
Approximate Bayesian Computation Alireza Shafaei - April 2016 The Problem Given a dataset, we are interested in. The Problem Given a dataset, we are interested in. The Problem Given a dataset, we are interested
More informationMachine learning in fmri
Machine learning in fmri Validation Alexandre Savio, Maite Termenón, Manuel Graña 1 Computational Intelligence Group, University of the Basque Country December, 2010 1/18 Outline 1 Motivation The validation
More informationStochastic Blockmodels as an unsupervised approach to detect botnet infected clusters in networked data
Stochastic Blockmodels as an unsupervised approach to detect botnet infected clusters in networked data Mark Patrick Roeling & Geoff Nicholls Department of Statistics University of Oxford Data Science
More informationWriting Reports with Report Designer and SSRS 2014 Level 1
Writing Reports with Report Designer and SSRS 2014 Level 1 Duration- 2days About this course In this 2-day course, students are introduced to the foundations of report writing with Microsoft SQL Server
More informationDetecting bots using multilevel traffic analysis
Intl. Journal on Cyber Situational Awareness, Vol. 1, No. 1, 2016 Detecting bots using multilevel traffic analysis Matija Stevanovic and Jens Myrup Pedersen Department of Electronic Systems, Aalborg University
More informationFeature Subset Selection using Clusters & Informed Search. Team 3
Feature Subset Selection using Clusters & Informed Search Team 3 THE PROBLEM [This text box to be deleted before presentation Here I will be discussing exactly what the prob Is (classification based on
More informationEvidence Gathering for Network Security and Forensics DFRWS EU Dinil Mon Divakaran, Fok Kar Wai, Ido Nevat, Vrizlynn L. L.
Evidence Gathering for Network Security and Forensics DFRWS EU 2017 Dinil Mon Divakaran, Fok Kar Wai, Ido Nevat, Vrizlynn L. L. Thing Talk outline Context and problem Objective Evidence gathering framework
More informationIdentifying Malicious Hosts by Aggregation of Partial Detections
CZECH TECHNICAL UNIVERSITY IN PRAGUE FACULTY OF ELECTRICAL ENGINEERING Department of Cybernetics BACHELOR THESIS Identifying Malicious Hosts by Aggregation of Partial Detections Author: Ondřej Lukáš Advisor:
More informationNaming in Distributed Systems
Naming in Distributed Systems Dr. Yong Guan Department of Electrical and Computer Engineering & Information Assurance Center Iowa State University Outline for Today s Talk Overview: Names, Identifiers,
More informationSeceon s Open Threat Management software
Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real
More informationEvaluating Machine Learning Methods: Part 1
Evaluating Machine Learning Methods: Part 1 CS 760@UW-Madison Goals for the lecture you should understand the following concepts bias of an estimator learning curves stratified sampling cross validation
More informationDetection of DNS Traffic Anomalies in Large Networks
Detection of Traffic Anomalies in Large Networks Milan Čermák, Pavel Čeleda, Jan Vykopal {cermak celeda vykopal}@ics.muni.cz 20th Eunice Open European Summer School and Conference 2014 1-5 September 2014,
More informationINTRODUCTION TO MACHINE LEARNING. Measuring model performance or error
INTRODUCTION TO MACHINE LEARNING Measuring model performance or error Is our model any good? Context of task Accuracy Computation time Interpretability 3 types of tasks Classification Regression Clustering
More informationGlobal DDoS Measurements. Jose Nazario, Ph.D. NSF CyberTrust Workshop
Global DDoS Measurements Jose Nazario, Ph.D. jose@arbor.net NSF CyberTrust Workshop Quick Outline, Conclusions o Measurements - We re screwed o Observations - We know who o The wrong approach: point solutions
More informationNetwork Heartbeat Traffic Characterization. Mackenzie Haffey Martin Arlitt Carey Williamson Department of Computer Science University of Calgary
Network Heartbeat Traffic Characterization Mackenzie Haffey Martin Arlitt Carey Williamson Department of Computer Science University of Calgary What is a Network Heartbeat? An event that occurs repeatedly
More informationNetwork Traffic Measurements and Analysis
DEIB - Politecnico di Milano Fall, 2017 Sources Hastie, Tibshirani, Friedman: The Elements of Statistical Learning James, Witten, Hastie, Tibshirani: An Introduction to Statistical Learning Andrew Ng:
More informationJournal of Chemical and Pharmaceutical Research, 2014, 6(7): Research Article
Available online www.jocpr.com Journal of Chemical and Pharmaceutical Research, 2014, 6(7):1055-1063 Research Article ISSN : 0975-7384 CODEN(USA) : JCPRC5 The novel approach of P2P Botnet Node-based detection
More informationEvaluation Measures. Sebastian Pölsterl. April 28, Computer Aided Medical Procedures Technische Universität München
Evaluation Measures Sebastian Pölsterl Computer Aided Medical Procedures Technische Universität München April 28, 2015 Outline 1 Classification 1. Confusion Matrix 2. Receiver operating characteristics
More informationData Mining for Web Personalization
Data Mining for Web Personalization Patrick Dudas Outline Personalization Data mining Examples Web mining MapReduce Data Preprocessing Knowledge Discovery Evaluation Information High 1 Personalization
More informationBehavior Based Malware Analysis: A Perspective From Network Traces and Program Run-Time Structure
Behavior Based Malware Analysis: A Perspective From Network Traces and Program Run-Time Structure Chun-Ying Huang chuang@ntou.edu.tw Assistant Professor Department of Computer Science and Engineering National
More informationBotnet Behaviour Analysis using IP Flows
2014 28th International Conference on Advanced Information Networking and Applications Workshops Botnet Behaviour Analysis using IP Flows With HTTP filters using classifiers Fariba Haddadi, Jillian Morgan,
More informationNoise-based Feature Perturbation as a Selection Method for Microarray Data
Noise-based Feature Perturbation as a Selection Method for Microarray Data Li Chen 1, Dmitry B. Goldgof 1, Lawrence O. Hall 1, and Steven A. Eschrich 2 1 Department of Computer Science and Engineering
More informationEx-Ray: Detection of History-Leaking Browser Extensions
Ex-Ray: Detection of History-Leaking Browser Extensions Michael Weissbacher, Enrico Mariconti, Guillermo Suarez-Tangil, Gianluca Stringhini, William Robertson, Engin Kirda Northeastern University, University
More informationEmpirical Study of Automatic Dataset Labelling
Empirical Study of Automatic Dataset Labelling Francisco J. Aparicio-Navarro, Konstantinos G. Kyriakopoulos, David J. Parish School of Electronic, Electrical and System Engineering Loughborough University
More informationImproved C&C Traffic Detection Using Multidimensional Model and Network Timeline Analysis
Improved C&C Traffic Detection Using Multidimensional Model and Elad Menahem Avidan Avraham Modern Threats Are More Sophisticated & Evasive CYBER KILL CHAIN: Infection Phase Post-Infection Recon Weaponization
More informationA SUBSYSTEM FOR FAST (IP) FLUX BOTNET DETECTION
Chapter 6 A SUBSYSTEM FOR FAST (IP) FLUX BOTNET DETECTION 6.1 Introduction 6.1.1 Motivation Content Distribution Networks (CDNs) and Round-Robin DNS (RRDNS) are the two standard methods used for resource
More informationAvoiding Information Overload: Automated Data Processing with n6
Avoiding Information Overload: Automated Data Processing with n6 Paweł Pawliński pawel.pawlinski@cert.pl 26th annual FIRST conference Boston, June 23rd 2014 Who we are part of national CERT for Poland
More informationModeling Intrusion Detection Systems With Machine Learning And Selected Attributes
Modeling Intrusion Detection Systems With Machine Learning And Selected Attributes Thaksen J. Parvat USET G.G.S.Indratrastha University Dwarka, New Delhi 78 pthaksen.sit@sinhgad.edu Abstract Intrusion
More informationERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016
Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds
More informationCisco CCIE Security Written.
Cisco 400-251 CCIE Security Written http://killexams.com/pass4sure/exam-detail/400-251 QUESTION: 193 Which two of the following ICMP types and code should be allowed in a firewall to enable traceroute?
More information3CX Technical Application (For Fusion Static Configuration) 09/20/2017 USER GUIDE
3CX Technical Application (For Fusion Static Configuration) 09/20/2017 USER GUIDE Contents: Introduction...3 Service Records...4 Preferred Codecs...5 Configuring the 3CX Phone System...5 Copyright 2017
More informationIntrusion Detection in Containerized Environments
San Jose State University SJSU ScholarWorks Master's Projects Master's Theses and Graduate Research Spring 2018 Intrusion Detection in Containerized Environments Shyam Sundar Durairaju San Jose State University
More informationA Network Intrusion Detection System Architecture Based on Snort and. Computational Intelligence
2nd International Conference on Electronics, Network and Computer Engineering (ICENCE 206) A Network Intrusion Detection System Architecture Based on Snort and Computational Intelligence Tao Liu, a, Da
More informationCan t you hear me knocking
Can t you hear me knocking Identification of user actions on Android apps via traffic analysis Candidate: Supervisor: Prof. Mauro Conti Riccardo Spolaor Co-Supervisor: Dr. Nino V. Verde April 17, 2014
More informationMeasuring Intrusion Detection Capability: An Information- Theoretic Approach
Measuring Intrusion Detection Capability: An Information- Theoretic Approach Guofei Gu, Prahlad Fogla, David Dagon, Wenke Lee Georgia Tech Boris Skoric Philips Research Lab Outline Motivation Problem Why
More informationRegular Paper Classification Method of Unknown Web Sites Based on Distribution Information of Malicious IP addresses
International Journal of Informatics Society, VOL.10, NO.1 (2018) 41-50 41 Regular Paper Classification Method of Unknown Web Sites Based on Distribution Information of Malicious IP addresses Shihori Kanazawa
More informationEvaluating Classifiers
Evaluating Classifiers Reading for this topic: T. Fawcett, An introduction to ROC analysis, Sections 1-4, 7 (linked from class website) Evaluating Classifiers What we want: Classifier that best predicts
More informationNetFlow-based bandwidth estimation in IP networks
NetFlow-based bandwidth estimation in IP networks Rodrigo Alarcón-Reyes Department of Electrical and Computer Engineering McGill University March 3, 22 Outline. Introduction to NetFlow 2. Definition of
More informationThe PEPA Eclipse Plug-in
The PEPA Eclipse Plug-in A modelling, analysis and verification platform for PEPA Adam Duguid, Stephen Gilmore, Michael Smith and Mirco Tribastone Wednesday 01 December 2010 Abstract: This user manual
More informationToward a Source Detection of Botclouds: a PCA-based Approach
Toward a Source Detection of Botclouds: a PCA-based Approach Badis HAMMI Guillaume DOYEN Rida KHATOUN Autonomous Network Environment (ERA) team Troyes University of Technology (UTT) CNRS UMR 6281 ICD Contrôle
More informationInternet Path Stability: Exploring the Impact of MPLS. Zakaria Al-Qudah, PhD. Yarmouk University April 2, 2015
Internet Path Stability: Exploring the Impact of MPLS Zakaria Al-Qudah, PhD. Yarmouk University April 2, 2015 1 Outline Introduction Related Work Contribution Methodology Results Conclusions 2 About Myself
More informationDiscovering new malicious domains using DNS and big data Case study: Fast Flux domains. Dhia Mahjoub OpenDNS May 25 th, 2013
Discovering new malicious domains using DNS and big data Case study: Fast Flux domains Dhia Mahjoub OpenDNS May 25 th, 2013 Background A@ackers seek to keep their operabons online at all Bmes The Network
More informationExtracting Rankings for Spatial Keyword Queries from GPS Data
Extracting Rankings for Spatial Keyword Queries from GPS Data Ilkcan Keles Christian S. Jensen Simonas Saltenis Aalborg University Outline Introduction Motivation Problem Definition Proposed Method Overview
More informationModel-based the gap from the functional requirements to TestStand test sequences!
Model-based the gap from the functional requirements to TestStand test sequences! Abstract: Validation still need optimization and tools support to efficiently deal with today complex systems. TestStand
More informationINTRODUCTION TO DATA MINING. Daniel Rodríguez, University of Alcalá
INTRODUCTION TO DATA MINING Daniel Rodríguez, University of Alcalá Outline Knowledge Discovery in Datasets Model Representation Types of models Supervised Unsupervised Evaluation (Acknowledgement: Jesús
More informationMalicious Activity and Risky Behavior in Residential Networks
Malicious Activity and Risky Behavior in Residential Networks Gregor Maier 1, Anja Feldmann 1, Vern Paxson 2,3, Robin Sommer 2,4, Matthias Vallentin 3 1 TU Berlin / Deutsche Telekom Laboratories 2 International
More informationInternet Traffic Classification using Machine Learning
Internet Traffic Classification using Machine Learning by Alina Lapina 2018, UiO, INF5050 Alina Lapina, Master student at IFI, Full stack developer at Ciber Experis 2 Based on Thuy T. T. Nguyen, Grenville
More information.. Cal Poly CSC 466: Knowledge Discovery from Data Alexander Dekhtyar.. for each element of the dataset we are given its class label.
.. Cal Poly CSC 466: Knowledge Discovery from Data Alexander Dekhtyar.. Data Mining: Classification/Supervised Learning Definitions Data. Consider a set A = {A 1,...,A n } of attributes, and an additional
More informationPerformance Analysis of Storage-Based Routing for Circuit-Switched Networks [1]
Performance Analysis of Storage-Based Routing for Circuit-Switched Networks [1] Presenter: Yongcheng (Jeremy) Li PhD student, School of Electronic and Information Engineering, Soochow University, China
More informationA brief Incursion into Botnet Detection
A brief Incursion into Anant Narayanan Advanced Topics in Computer and Network Security October 5, 2009 What We re Going To Cover 1 2 3 Counter-intelligence 4 What Are s? Networks of zombie computers The
More informationEvaluating Machine-Learning Methods. Goals for the lecture
Evaluating Machine-Learning Methods Mark Craven and David Page Computer Sciences 760 Spring 2018 www.biostat.wisc.edu/~craven/cs760/ Some of the slides in these lectures have been adapted/borrowed from
More informationINF4820 Algorithms for AI and NLP. Evaluating Classifiers Clustering
INF4820 Algorithms for AI and NLP Evaluating Classifiers Clustering Murhaf Fares & Stephan Oepen Language Technology Group (LTG) September 27, 2017 Today 2 Recap Evaluation of classifiers Unsupervised
More informationDEFEATING MASQUERADE DETECTION
San Jose State University SJSU ScholarWorks Master's Projects Master's Theses and Graduate Research Spring 2012 DEFEATING MASQUERADE DETECTION Avani Kothari San Jose State University Follow this and additional
More informationCS145: INTRODUCTION TO DATA MINING
CS145: INTRODUCTION TO DATA MINING 08: Classification Evaluation and Practical Issues Instructor: Yizhou Sun yzsun@cs.ucla.edu October 24, 2017 Learnt Prediction and Classification Methods Vector Data
More informationKernel Spectral Clustering
Kernel Spectral Clustering Ilaria Giulini Université Paris Diderot joint work with Olivier Catoni introduction clustering is task of grouping objects into classes (clusters) according to their similarities
More informationP2P Botnet Detection Based on Traffic Behavior Analysis and Classification
Int. J. of Comp. & Info. Tech., (2018) 6(1): 01-12 ISBN: 2345-3877 www.ijocit.org Volume 6, Issue 1 Original Research_ P2P Botnet Detection Based on Traffic Behavior Analysis and Classification Hojjat
More informationConfiguring the Botnet Traffic Filter
CHAPTER 46 Malware is malicious software that is installed on an unknowing host. Malware that attempts network activity such as sending private data (passwords, credit card numbers, key strokes, or proprietary
More informationEULER Project Path-Vector Routing Stability Analysis
EULER Project Path-Vector Routing Stability Analysis Florin Coras, Albert Lopez, Albert Cabellos UPC Dimitri Papadimitriou Alcatel-Lucent Introduction BGP Inter-domain routing protocol used in the Internet
More informationOracle Database 12c Performance Management and Tuning
Course Code: OC12CPMT Vendor: Oracle Course Overview Duration: 5 RRP: POA Oracle Database 12c Performance Management and Tuning Overview In the Oracle Database 12c: Performance Management and Tuning course,
More informationAn Anomaly-Based Intrusion Detection System for the Smart Grid Based on CART Decision Tree
An Anomaly-Based Intrusion Detection System for the Smart Grid Based on CART Decision Tree P. Radoglou-Grammatikis and P. Sarigiannidis* University of Western Macedonia Department of Informatics & Telecommunications
More informationM. Zubair Rafique and Mudassar Farooq
SMS SPAM DETECTION BY OPERATING ON BYTE LEVEL DISTRIBUTIONS USING HIDDEN MARKOV MODELS (HMMs) (Be Liberal in What you Receive on Your Mobile Phone) M. Zubair Rafique and Mudassar Farooq Next Generation
More informationConditional Random Fields for Word Hyphenation
Conditional Random Fields for Word Hyphenation Tsung-Yi Lin and Chen-Yu Lee Department of Electrical and Computer Engineering University of California, San Diego {tsl008, chl260}@ucsd.edu February 12,
More informationQueuing Delay and Achievable Throughput in Random Access Wireless Ad Hoc Networks
Queuing Delay and Achievable Throughput in Random Access Wireless Ad Hoc Networks Nabhendra Bisnik and Alhussein Abouzeid Rensselaer Polytechnic Institute Troy, NY bisnin@rpi.edu, abouzeid@ecse.rpi.edu
More informationCopyright 2011 Sakun Sharma
Communication at Network Layer (Layer 3) Network layer is layer 3 of OSI Model. Network layer adds support of connecting multiple networks with each other. Network layer uses its own unique addressing
More informationWeka ( )
Weka ( http://www.cs.waikato.ac.nz/ml/weka/ ) The phases in which classifier s design can be divided are reflected in WEKA s Explorer structure: Data pre-processing (filtering) and representation Supervised
More informationNetwork Anomaly Detection Using Autonomous System Flow Aggregates
Network Anomaly Detection Using Autonomous System Flow Aggregates Thienne Johnson 1,2 and Loukas Lazos 1 1 Department of Electrical and Computer Engineering 2 Department of Computer Science University
More informationPoP Level Mapping And Peering Deals
PoP Level Mapping And Peering Deals Mapping Internet Methodology Data Collection IP Classification to PoP PoP Geolocation PoP locations on Peering estimations Outline Internet Service Providers ISPs are
More informationA Comparative Study of Locality Preserving Projection and Principle Component Analysis on Classification Performance Using Logistic Regression
Journal of Data Analysis and Information Processing, 2016, 4, 55-63 Published Online May 2016 in SciRes. http://www.scirp.org/journal/jdaip http://dx.doi.org/10.4236/jdaip.2016.42005 A Comparative Study
More informationInstruction Guide for Ad Hoc Data Extract : Progress Notes
Instruction Guide for Ad Hoc Data Extract : Progress Notes 01/31/2012 Ad-Hoc Extracts Progress Notes Instructions for Use and Exporting Table of Contents I. Introduction... 2 II. Accessing the Extract...
More informationConfiguring Antivirus Devices
CHAPTER 9 Revised: November 11, 2007 Antivirus (AV) devices provide detection and prevention against known viruses and anomalies. This chapter describes how to configure and add the following devices and
More informationOn Exploiting Transient Contact Patterns for Data Forwarding in Delay Tolerant Networks
On Exploiting Transient Contact Patterns for Data Forwarding in Delay Tolerant Networks Wei Gao and Guohong Cao Dept. of Computer Science and Engineering Pennsylvania State University Outline Introduction
More informationUser and Entity Behavior Analytics
User and Entity Behavior Analytics Shankar Subramaniam Co-Founder, Niara Senior Director of Customer Solutions, HPE Aruba Introspect shasubra@hpe.com THE SECURITY GAP SECURITY SPEND DATA BREACHES 146 days
More informationAnnotation of Human Motion Capture Data using Conditional Random Fields
Annotation of Human Motion Capture Data using Conditional Random Fields Mert Değirmenci Department of Computer Engineering, Middle East Technical University, Turkey mert.degirmenci@ceng.metu.edu.tr Anıl
More informationSynchronized Security
Synchronized Security 2 Endpoint Firewall Synchronized Security Platform and Strategy Admin Manage All Sophos Products Self Service User Customizable Alerts Partner Management of Customer Installations
More informationChapter-3. Reasons and Remedies of False Positive
3.1 False Positive Basics Chapter-3 In this chapter, we have started with few real life examples of false positive and their effects. We have discussed about few basic terminologies about normal and attack
More informationDNSSM: A Large Scale Passive DNS Security Monitoring Framework
samuel.marchal@uni.lu 16/04/12 DNSSM: A Large Scale Passive DNS Security Monitoring Framework Samuel Marchal, Jérôme François, Cynthia Wagner, Radu State, Alexandre Dulaunoy, Thomas Engel, Olivier Festor
More informationScalable Selective Traffic Congestion Notification
Scalable Selective Traffic Congestion Notification Győző Gidófalvi Division of Geoinformatics Deptartment of Urban Planning and Environment KTH Royal Institution of Technology, Sweden gyozo@kth.se Outline
More informationSeminar Heidelberg University
Seminar Heidelberg University Mobile Human Detection Systems Pedestrian Detection by Stereo Vision on Mobile Robots Philip Mayer Matrikelnummer: 3300646 Motivation Fig.1: Pedestrians Within Bounding Box
More informationCSI33 Data Structures
Outline Department of Mathematics and Computer Science Bronx Community College November 30, 2016 Outline Outline 1 Chapter 13: Heaps, Balances Trees and Hash Tables Hash Tables Outline 1 Chapter 13: Heaps,
More informationOptimizing Capacity-Heterogeneous Unstructured P2P Networks for Random-Walk Traffic
Optimizing Capacity-Heterogeneous Unstructured P2P Networks for Random-Walk Traffic Chandan Rama Reddy Microsoft Joint work with Derek Leonard and Dmitri Loguinov Internet Research Lab Department of Computer
More informationSection I: Dual Retrieval Models
Created by Carlos Gomes (cf365@cornell.edu) and Ryan Yeh (ry58@cornell.edu) 1 The purpose of this tutorial is to outline the application of a group of two-stage Markov models that have been used to quantify
More informationMachine Learning for. Artem Lind & Aleskandr Tkachenko
Machine Learning for Object Recognition Artem Lind & Aleskandr Tkachenko Outline Problem overview Classification demo Examples of learning algorithms Probabilistic modeling Bayes classifier Maximum margin
More informationUnknown Malicious Code Detection Based on Bayesian
Available online at www.sciencedirect.com Procedia Engineering 15 (2011) 3836 3842 Advanced in Control Engineering and Information Science Unknown Malicious Code Detection Based on Bayesian Yingxu Lai
More informationConfiguring Bills User Reports
CHAPTER 4 CAR provides reporting capabilities for three levels of users: Administrators Generate system reports to help with load balancing, system performance, and troubleshooting. Managers Generate reports
More informationMultidimensional Aggregation for DNS monitoring
Multidimensional Aggregation for DNS monitoring Jérôme François, Lautaro Dolberg, Thomas Engel jerome.francois@inria.fr 03/11/15 2 1 Motivation 2 Aggregation 3 MAM 4 DNS applications 5 DNS monitoring 6
More informationDepending on your job function, you may not have access to every report that is described in this chapter.
CAR provides reporting capabilities for three levels of users: Administrators - Generate system reports to help with load balancing, system performance, and troubleshooting. Managers - Generate reports
More informationSOFTWARE REQUIREMENTS ANALYSIS (SWRA) Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU
SOFTWARE REQUIREMENTS ANALYSIS (SWRA) Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU OUTLINE Introduction to Requirements Analysis and the SW Requirements Specifications
More informationData Mining Classification: Alternative Techniques. Imbalanced Class Problem
Data Mining Classification: Alternative Techniques Imbalanced Class Problem Introduction to Data Mining, 2 nd Edition by Tan, Steinbach, Karpatne, Kumar Class Imbalance Problem Lots of classification problems
More informationActivation Patterns. and Event Correlation Peter Teufl, Udo Payer, Reinhard Fellner
Activation Patterns and Event Correlation Peter Teufl, Udo Payer, Reinhard Fellner TOC Event Correlation, Knowledge/Data Mining/ Extraction AI and Machine Learning methods Activation Patterns Examples
More informationKeywords Machine learning, Traffic classification, feature extraction, signature generation, cluster aggregation.
Volume 3, Issue 12, December 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com A Survey on
More informationConfiguring Local Firewalls
All Mediatrix Products v. 43.3.1398 2019-01-10 Table of Contents Table of Contents Local Firewall 3 Firewall Rule Order - Important 3 Configuring the Local Firewall 4 Disabling the Local Firewall 5 Configuring
More informationConfiguring and Managing the IP Camera
CHAPTER 3 The Cisco Video Surveillance IP Camera provides configuration windows that you use to configure and manage the IP camera. This chapter explains how to access the configuration windows, describes
More informationCLASSIFICATION JELENA JOVANOVIĆ. Web:
CLASSIFICATION JELENA JOVANOVIĆ Email: jeljov@gmail.com Web: http://jelenajovanovic.net OUTLINE What is classification? Binary and multiclass classification Classification algorithms Naïve Bayes (NB) algorithm
More informationToward Efficient Querying of Compressed Network Payloads!
Toward Efficient Querying of Compressed Network Payloads By Teryl Taylor and Fabian Monrose University of North Carolina at Chapel Hill Scott E. Coull and John McHugh RedJack Motivation Get /BadExe Please
More information