Evading Network Anomaly Detection Sytems - Fogla,Lee. Divya Muthukumaran
|
|
- Brian Black
- 6 years ago
- Views:
Transcription
1 Evading Network Anomaly Detection Sytems - Fogla,Lee Divya Muthukumaran
2 Intrusion detection Systems Signature Based IDS Monitor packets on the network Compare them against database of signatures/attributes from known threats Similar to Anti-virus software
3 Polymorphic attacks To evade detection by a signature based IDS Every instance looks different Payload of every instance can have different byte contents
4 Anomaly based detection Build a profile of what is Normal Any significant deviation from normal is called an attack Polymorphic attacks Instances differ from each other BUT Are NOT NORMAL GOAL : Make polymorphic attacks look like normal traffic
5 Polymorphic Blending attacks Attacks blend in with normal traffic Evade payload statistics based IDS Transform each instance - payload char to fit normal profile
6 PAYL System Analyze and model normal payloads that are expected to be delivered to the network service or application Specific to the site in which the detector is placed Learning Phase: determine the byte frequency distribution of the normal payload Incoming payloads tested against normal profile and classified based on some distance metric
7 PAYL System n-gram analysis a c q a a b a c q n = 3
8 Polymorphic attack components ATTACK VECTOR ATTACK BODY POLYMORPHIC DECRYPTOR Exploit vulnerability Malicious action Decrypts attack body and transfers control
9 How the attacker works Network A Network B Host X Host Y IDSB Artificial Profile Normal Profile
10 Attack body Encryption Byte substitution Every char in the attack body is substituted by a char observed from normal traffic using a substitution table Pad the encrypted attack body with garbage normal data - better matching Attack Char Freq p 5 q Normal Char Freq a 6 c 5....
11 Polymorphic Decryptor Removes extra padding from the encrypted attack body. Use reverse substitution to decrypt attack body to produce original attack code Decoding table: Easy to store one-to-one mappings Array where i th entry represents the normal character used to substitute attack character i
12 PBA Attack packet Attack Vector Decryptor Encrypted attack code Decryption Key (table) Padding The attack vector, decryptor and substitution table are not encrypted May alter packet statistics--> May deviate from the normal New profile = normal profile - frequencies of characters in the attack vector, decryptor and the substitution table
13 Problem Given an anomaly IDS and an attack, can we automatically generate its PBA instances? Motivation To provide the defender a means to evaluate an IDS and improve it
14 Assumptions Applies only to N/W IDS N/W IDS uses only simple statistical measures to model normal traffic Attacker knows the features and algorithms used in the IDS Given normal packets he can generate an artificial profile Attacker can roughly guess the error threshold of the IDS
15 Modeling IDS Scope is limited to payload based IDS. Why? Polymorphic attacks mutate only packet payload These IDSs can be represented by an FSA. Ex: PAYL system Records average freq of unique n-grams SFSA: Each state represents unique (n-1) gram corresponding to the last n-1 bytes in the packet A (a0,a1..,an-2) A (a1,a2,..,an-1)
16 To generate a PBA Attacker decides encryption scheme Mutated instance of attack vector and decryptor are generated Identify the encryption key Packet sections of encrypted attack code+decryption key should be accepted by the FSA Adjust FSA for decryptor and attack vector Identify the path taken If multiple paths exist, take the one with highest probabilities Reduce the probabilities of the transition according to the number that occur in the attack vector and decryptor Padding - works as above
17 The Problem PBA subfsa - Find a one-to-one mapping form attack char to normal char such that S key_ac (key encrypted attack code) is accepted by the FSA of an IDS Prove: PBA subfsa is NP-complete Problem is in NP - verifiable for correctness in polynomial time Problem should be hard
18 PROVE: Problem is in NP Given a one-to-one mapping Can generate the decryption key (table) and encrypted attack code IDS is represented as an FSA FSA is a decidable language Therefore we can verify in polynomial time
19 To Prove NP- Hard Reduce the 3-SAT problem to PBA What is 3-SAT? (x1 x2 x4) (x2 x4 x5) (x3 x2 x1) Consider a 3-SAT problem: q variables, q<=128, r clauses Every xi, One attack char atti Two normal char normi, normi+128 eatti Xi = 1, if and only if eatti= normi and eatti+128 = normi+128 = 0, if and only if eatti= normi+128 and eatti+128 = norm
20 Assignment xi atti 1 0 normi normi SAT PBA
21 To Prove NP- Hard
22 Heuristic Solutions Reduce SAT to ILP and then find heuristic solutions Hill climbing algorithm: Start with an initial solution and iteratively improve it Choose random encryption key Calculate distance between Skey_ac and FSA Randomly choose Ki and modify it
23 Performance and Results Tested against PAYL 1 and 2 gram Time taken to solve ILP problem using PAYL 1-gram --> Few seconds PAYL 2-gram --> several minutes Substitution better than XOR for evading IDS Propose a method to harden the IDS against PBA attacks
24 Future Directions Study PBA by different mutation techniques - metamorphism and code obfuscation Extend current technique to determine best mutation technique and optimal padding bytes
25 So what is? Big point FOR IDS? The paper brings in some formalism although the attack described may not be very effective Is it a constant arms race? Does IDS really work? Can we beat the attacker?
26 Thank you
Polymorphic Blending Attacks. Slides by Jelena Mirkovic
Polymorphic Blending Attacks Slides by Jelena Mirkovic 1 Motivation! Polymorphism is used by malicious code to evade signature-based IDSs Anomaly-based IDSs detect polymorphic attacks because their byte
More informationPolymorphic Blending Attacks
Polymorphic Blending Attacks Prahlad Fogla Monirul Sharif Roberto Perdisci Oleg Kolesnikov Wenke Lee College of Computing, Georgia Institute of Technology 801 Atlantic Drive, Atlanta, Georgia 30332 {prahlad,
More informationRandomized Anagram Revisited
Randomized Anagram Revisited Sergio Pastrana a,, Agustin Orfila a, Juan E. Tapiador a, Pedro Peris-Lopez a a Computer Security (COSEC) Lab Department of Computer Science, Universidad Carlos III de Madrid
More informationPolygraph: Automatically Generating Signatures for Polymorphic Worms
Polygraph: Automatically Generating Signatures for Polymorphic Worms James Newsome Brad Karp Dawn Song Presented by: Jeffrey Kirby Overview Motivation Polygraph Signature Generation Algorithm Evaluation
More informationLecture 12 Malware Defenses. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422
Lecture 12 Malware Defenses Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422 Malware review How does the malware start running? Logic bomb? Trojan horse?
More informationMcPAD and HMM-Web: two different approaches for the detection of attacks against Web applications
McPAD and HMM-Web: two different approaches for the detection of attacks against Web applications Davide Ariu, Igino Corona, Giorgio Giacinto, Fabio Roli University of Cagliari, Dept. of Electrical and
More informationSimple Substitution Distance and Metamorphic Detection
San Jose State University SJSU ScholarWorks Master's Projects Master's Theses and Graduate Research Fall 2012 Simple Substitution Distance and Metamorphic Detection Gayathri Shanmugam San Jose State University
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationMahalanobis Distance Map Approach for Anomaly Detection
Edith Cowan University Research Online Australian Information Security Management Conference Conferences, Symposia and Campus Events 2010 Mahalanobis Distance Map Approach for Anomaly Detection Aruna Jamdagnil
More informationHUNTING FOR METAMORPHIC ENGINES
HUNTING FOR METAMORPHIC ENGINES Mark Stamp & Wing Wong August 5, 2006 Outline I. Metamorphic software II. III. IV. Both good and evil uses Metamorphic virus construction kits How effective are metamorphic
More information2. INTRUDER DETECTION SYSTEMS
1. INTRODUCTION It is apparent that information technology is the backbone of many organizations, small or big. Since they depend on information technology to drive their business forward, issues regarding
More informationDiverse network environments Dynamic attack landscape Adversarial environment IDS performance strongly depends on chosen classifier
Diverse network environments Dynamic attack landscape Adversarial environment IDS performance strongly depends on chosen classifier Perform differently in different environments No Free Lunch Theorem Combine
More informationSymantec Ransomware Protection
Symantec Ransomware Protection Protection Against Ransomware Defense in depth across all control points is required to stop ransomware @ Email Symantec Email Security.cloud, Symantec Messaging Gateway
More informationCSCD 303 Essential Computer Security Fall 2018
CSCD 303 Essential Computer Security Fall 2018 Lecture 10 - Malware Evasion, Prevention, Detection, Removal Reading: Chapter 6 CompTIA Book, Links Overview Malware Techniques for Evasion Detection/Removal
More informationDeveloping the Sensor Capability in Cyber Security
Developing the Sensor Capability in Cyber Security Tero Kokkonen, Ph.D. +358504385317 tero.kokkonen@jamk.fi JYVSECTEC JYVSECTEC - Jyväskylä Security Technology - is the cyber security research, development
More informationIBM Security Network Protection Solutions
Systems IBM Security IBM Security Network Protection Solutions Pre-emptive protection to keep you Ahead of the Threat Tanmay Shah Product Lead Network Protection Appliances IBM Security Systems 1 IBM Security
More informationeeye Digital Security Payload Anatomy and Future Mutations Riley Hassell
Payload Anatomy and Future Mutations Riley Hassell rhassell@eeye.com What is a Payload? 2 Traditional payloads are written in assembly language and compiled to their machine code counterpart. They contain
More informationActivating Intrusion Prevention Service
Activating Intrusion Prevention Service Intrusion Prevention Service Overview Configuring Intrusion Prevention Service Intrusion Prevention Service Overview Intrusion Prevention Service (IPS) delivers
More informationCSCD 303 Essential Computer Security Fall 2017
CSCD 303 Essential Computer Security Fall 2017 Lecture 13 - Malware Evasion, Prevention, Detection, Removal Reading: Chapter 6 CompTIA Book, Links Overview Malware Techniques for Evasion Detection/Removal
More informationMeasuring Intrusion Detection Capability: An Information- Theoretic Approach
Measuring Intrusion Detection Capability: An Information- Theoretic Approach Guofei Gu, Prahlad Fogla, David Dagon, Wenke Lee Georgia Tech Boris Skoric Philips Research Lab Outline Motivation Problem Why
More informationUnit 5. System Security
Unit 5 System Security Intrusion Techniques The password file can be protected in one of two ways: One-way function: The system stores only the value of a function based on the user's password. When the
More informationUndetectable Metamorphic Viruses. COMP 116 Amit Patel
Undetectable Metamorphic Viruses COMP 116 Amit Patel Abstract Signature scanning is an efficient technique employed by anti-virus systems to detect known malware. Signature scanning involves scanning files
More informationAnagram: A Content Anomaly Detector Resistant to Mimicry Attack 1
Anagram: A Content Anomaly Detector Resistant to Mimicry Attack 1 Ke Wang Janak J. Parekh Salvatore J. Stolfo Computer Science Department, Columbia University 500 West 120 th Street, New York, NY, 10027
More informationDefending against Polymorphic Attacks: Recent Results and Open Questions
Defending against Polymorphic Attacks: Recent Results and Open Questions mikepo@ics.forth.gr Institute of Computer Science Foundation for Research and Technology Hellas Crete, Greece TERENA Networking
More informationAn Autonomic Framework for Integrating Security and Quality of Service Support in Databases
An Autonomic Framework for Integrating Security and Quality of Service Support in Databases Firas Alomari The Volgenau School of Engineering George Mason University Daniel A. Menasce Department of Computer
More informationVirus Analysis. Introduction to Malware. Common Forms of Malware
Virus Analysis Techniques, Tools, and Research Issues Part I: Introduction Michael Venable Arun Lakhotia, USA Introduction to Malware Common Forms of Malware Detection Techniques Anti-Detection Techniques
More informationCSE543 - Computer and Network Security Module: Intrusion Detection
CSE543 - Computer and Network Security Module: Intrusion Detection Professor Trent Jaeger 1 Intrusion An authorized action... that exploits a vulnerability... that causes a compromise... and thus a successful
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationThe attacker appears to use an exploit that is derived from the Metasploit FreeBSD Telnet Service Encryption Key ID Buffer Overflow?
Atlassian Home Documentation Support Blog Forums Explore Dashboard Repositories Carl Pulley owner/repo carlpulley / Challenge11 http://honeynet.org/node/829 Submission for Honeynet Challenge 11 - Dive
More informationMain idea. Demonstrate how malware can increase its robustness against detection by taking advantage of the ubiquitous Graphics Processing Unit (GPU)
-Assisted Malware Giorgos Vasiliadis Michalis Polychronakis Sotiris Ioannidis ICS-FORTH, Greece Columbia University, USA ICS-FORTH, Greece Main idea Demonstrate how malware can increase its robustness
More informationIntrusion Detection System (IDS) IT443 Network Security Administration Slides courtesy of Bo Sheng
Intrusion Detection System (IDS) IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Internet Security Mechanisms Prevent: Firewall, IPsec, SSL Detect: Intrusion Detection Survive/ Response:
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2006 Lecture 22
CIS 551 / TCOM 401 Computer and Network Security Spring 2006 Lecture 22 Nmap screen shot http://www.insecure.org/nmap http://www.insecure.org/nmap/nmap-fingerprinting-article.html 4/11/06 CIS/TCOM 551
More informationSSL Automated Signatures
SSL Automated Signatures WilliamWilsonandJugalKalita DepartmentofComputerScience UniversityofColorado ColoradoSprings,CO80920USA wjwilson057@gmail.com and kalita@eas.uccs.edu Abstract In the last few years
More informationDetecting Self-Mutating Malware Using Control-Flow Graph Matching
Detecting Self-Mutating Malware Using Control-Flow Graph Matching Danilo Bruschi Lorenzo Martignoni Mattia Monga Dipartimento di Informatica e Comunicazione Università degli Studi di Milano {bruschi,martign,monga}@dico.unimi.it
More informationMcPAD : A Multiple Classifier System for Accurate Payload-based Anomaly Detection
McPAD : A Multiple Classifier System for Accurate Payload-based Anomaly Detection Roberto Perdisci a,b, Davide Ariu c, Prahlad Fogla d, Giorgio Giacinto c, and Wenke Lee b a Damballa, Inc., Atlanta, 30308
More informationIntruders. significant issue for networked systems is hostile or unwanted access either via network or local can identify classes of intruders:
Intruders significant issue for networked systems is hostile or unwanted access either via network or local can identify classes of intruders: masquerader misfeasor clandestine user varying levels of competence
More informationEndpoint Protection : Last line of defense?
Endpoint Protection : Last line of defense? First TC Noumea, New Caledonia 10 Sept 2018 Independent Information Security Advisor OVERVIEW UNDERSTANDING ENDPOINT SECURITY AND THE BIG PICTURE Rapid development
More informationNetwork Intrusion Detection with Semantics-Aware Capability W. Scheirer, M. Chuah {wjs3, Department of Computer Science and
Network Intrusion Detection with Semantics-Aware Capability W. Scheirer, M. Chuah {wjs, chuah}@cse.lehigh.edu Department of Computer Science and Engineering Lehigh University Abstract Malicious network
More informationHandling Web and Database Requests Using Fuzzy Rules for Anomaly Intrusion Detection
Journal of Computer Science 7 (2): 255-261, 2011 ISSN 1549-3636 2011 Science Publications Handling Web and Database Requests Using Fuzzy Rules for Anomaly Intrusion Detection Selvamani Kadirvelu and Kannan
More informationYou will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent.
IDPS Effectiveness and Primary Takeaways You will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent. IDPS Effectiveness and Primary
More informationNetwork Anomaly Detection Using Autonomous System Flow Aggregates
Network Anomaly Detection Using Autonomous System Flow Aggregates Thienne Johnson 1,2 and Loukas Lazos 1 1 Department of Electrical and Computer Engineering 2 Department of Computer Science University
More informationPCI DSS v3.2 Mapping 1.4. Kaspersky Endpoint Security. Kaspersky Enterprise Cybersecurity
Kaspersky Enterprise Cybersecurity Kaspersky Endpoint Security v3.2 Mapping 3.2 regulates many technical security requirements and settings for systems operating with credit card data. Sub-points 1.4,
More informationDetecting Covert Timing Channels Using Normalizing Weights
Detecting Covert Timing Channels Using Normalizing Weights Edna Milgo TSYS Department of computer Science Columbus State University Georgia, USA milgo edna@colstate.edu Submitted on 06/04/2009 Abstract
More informationRandom Code Variation Compilation Automated software diversity s performance penalties
Random Code Variation Compilation Automated software diversity s performance penalties Master s thesis in Computer Science algorithms, languages and logic Christoffer Hao Andersson Department of Computer
More informationSecurity Requirements
Message Authentication and Hash Functions CSCI 454/554 Security Requirements disclosure traffic analysis masquerade content modification sequence modification timing modification source repudiation destination
More informationAuthentication System
A Biologically Inspired Password Authentication System Dipankar Dasgupta and Sudip Saha Center for Information Assurance University of Memphis Memphis, TN 38152 Outline Motivation Position Authentication
More informationNetwork Intrusion Detection with Semantics-Aware Capability
Network Intrusion Detection with Semantics-Aware Capability Walter Scheirer and Mooi Choo Chuah Lehigh University Dept. of Computer Science and Engineering Bethlehem, PA 18015 USA {wjs3, chuah}@cse.lehigh.edu
More informationGladiator Incident Alert
Gladiator Incident Alert Allen Eaves Sabastian Fazzino FINANCIAL PERFORMANCE RETAIL DELIVERY IMAGING PAYMENT SOLUTIONS INFORMATION SECURITY & RISK MANAGEMENT ONLINE & MOBILE 1 2016 Jack Henry & Associates,
More informationIC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
More informationCSE543 - Computer and Network Security Module: Intrusion Detection
CSE543 - Computer and Network Security Module: Intrusion Detection Professor Trent Jaeger CMPSC443 - Introduction to Computer and Network Security 1 2 Intrusion An authorized action... that exploits a
More informationComputer Security Fall 2006 Joseph/Tygar MT 2 Solutions
CS 161 Computer Security Fall 2006 Joseph/Tygar MT 2 Solutions Problem 1. [Covert Channels] (30 points) (a) (5 points) Write down the Fiat-Shamir zero-knowledge protocol (as presented in class) where Alice
More informationFlowzilla: A Methodology for Detecting Data Transfer Anomalies in Research Networks. Anna Giannakou, Daniel Gunter, Sean Peisert
Flowzilla: A Methodology for Detecting Data Transfer Anomalies in Research Networks Anna Giannakou, Daniel Gunter, Sean Peisert Research Networks Scientific applications that process large amounts of data
More informationArtificial Neural Network To Detect Know And Unknown DDOS Attack
IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661,p-ISSN: 2278-8727, Volume 19, Issue 2, Ver. II (Mar.-Apr. 2017), PP 56-61 www.iosrjournals.org Artificial Neural Network To Detect Know
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationIntrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis
Intrusion Detection Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 22-1 1. Intruders 2. Intrusion
More informationD1.2: Attack Detection and Signature Generation
SIXTH FRAMEWORK PROGRAMME Structuring the European Research Area Specific Programme RESEARCH INFRASTRUCTURES ACTION Contract No. RIDS-011923 D1.2: Attack Detection and Signature Generation Abstract: The
More informationERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016
Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds
More informationIS-2150/TEL-2810 Introduction to Computer Security Quiz 2 Thursday, Dec 14, 2006
IS-2150/TEL-2810 Introduction to Computer Security Quiz 2 Thursday, Dec 14, 2006 Name: Email: Total Time : 1:00 Hour Total Score : 100 There are three parts. Part I is worth 20 points. Part II is worth
More informationIntrusion Detection Systems
Intrusion Detection Systems Dr. Ahmad Almulhem Computer Engineering Department, KFUPM Spring 2008 Ahmad Almulhem - Network Security Engineering - 2008 1 / 15 Outline 1 Introduction Overview History 2 Types
More informationOutline. Intrusion Detection. Intrusion Detection History. Some Challenges. Network-based Host Compromises. Host-based Network Intrusion Detection
Intrusion Detection CS 161/194-1 Anthony D. Joseph September 14, 2005 History Outline Network-based Host Compromise Host-based Network Intrusion Detection Signature-based Anomaly-based Distributed Network
More informationCharacteristics of Buffer Overflow Attacks Tunneled in HTTP Traffic
Characteristics of Buffer Overflow Attacks Tunneled in HTTP Traffic Ivan Homoliak, Daniel Ovsonka, Karel Koranda and Petr Hanacek Faculty of Information Technology, Brno University of Technology, Bozetechova
More informationHardening the Education. with NGFW. Narongveth Yutithammanurak Business Development Manager 23 Feb 2012
Hardening the Education IT Environment with NGFW Narongveth Yutithammanurak Business Development Manager 23 Feb 2012 Technology Trends Security Performance Bandwidth Efficiency Manageability Page 2 What
More informationMaximum Security with Minimum Impact : Going Beyond Next Gen
SESSION ID: SP03-W10 Maximum Security with Minimum Impact : Going Beyond Next Gen Wendy Moore Director, User Protection Trend Micro @WMBOTT Hyper-competitive Cloud Rapid adoption Social Global Mobile IoT
More informationAchieve deeper network security
Achieve deeper network security SonicWall next-generation firewalls Abstract Next-generation firewalls (NGFWs) have become the new norm in network security for organizations of all sizes. Unlike their
More informationReliably Determining the Outcome of Computer Network Attacks
Reliably Determining the Outcome of Computer Network Attacks 18 th Annual FIRST Conference Capt David Chaboya Air Force Research Labs Anti-Tamper and Software Protection Initiative (AT-SPI) Technology
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
Comparison of Firewall, Intrusion Prevention and Antivirus Technologies (How each protects the network) Dr. Gaurav Kumar Jain Email: gaurav.rinkujain.jain@gmail.com Mr. Pradeep Sharma Mukul Verma Abstract
More informationSide channel attack: Power Analysis. Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut
Side channel attack: Power Analysis Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut Conventional Cryptanalysis Conventional cryptanalysis considers crypto systems as mathematical objects Assumptions:
More informationPractical Anti-virus Evasion
Practical Anti-virus Evasion by Daniel Sauder During a penetration test, situation might occur where it is possible to upload and remotely execute a binary file. For example, you can execute the file on
More informationImproved Signature-Based Antivirus System
Improved Signature-Based Antivirus System Osaghae E. O. Department of Computer Science Federal University, Lokoja, Kogi State, Nigeria Abstract: The continuous updating of antivirus database with malware
More informationAccess Control Using Intelligent Application Bypass
Access Control Using Intelligent Application Bypass The following topics describe how to configure access control policies to use Intelligent Application Bypass: Introducing Intelligent Application Bypass,
More informationMost Common Security Threats (cont.)
Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?
More informationExscind: A Faster Pattern Matching For Intrusion Detection Using Exclusion and Inclusion Filters
Exscind: A Faster Pattern Matching For Intrusion Detection Using Exclusion and Inclusion Filters 1 Monther Aldwairi and Duaa Alansari Seventh International Conference on Next Generation Web Services Practices
More informationIdentifying Stepping Stone Attack using Trace Back Based Detection Approach
International Journal of Security Technology for Smart Device Vol.3, No.1 (2016), pp.15-20 http://dx.doi.org/10.21742/ijstsd.2016.3.1.03 Identifying Stepping Stone Attack using Trace Back Based Detection
More informationAn Efficient Scheme for Detecting Malicious Nodes in Mobile ad Hoc Networks
An Efficient Scheme for Detecting Malicious Nodes in Mobile ad Hoc Networks December 1. 2006 Jong Oh Choi Department of Computer Science Yonsei University jochoi@emerald.yonsei.ac.kr Contents Motivation
More informationDeliverable 4.1: Experimental Evaluation and Real-world Deployment
SCIENTIFIC and TECHNOLOGICAL COOPERATION between RTD ORGANISATIONS in GREECE and RTD ORGANISATIONS in U.S.A, CANADA, AUSTRALIA, NEW ZEALAND, JAPAN, SOUTH KOREA, TAIWAN, MALAISIA and SINGAPORE HELLENIC
More information: Practical Cryptographic Systems March 25, Midterm
650.445: Practical Cryptographic Systems March 25, 2010 Instructor: Matthew Green Midterm Name: As with any exam, please do not collaborate or otherwise share information with any other person. You are
More informationTraffic Classification Using Visual Motifs: An Empirical Evaluation
Traffic Classification Using Visual Motifs: An Empirical Evaluation Wilson Lian 1 Fabian Monrose 1 John McHugh 1,2 1 University of North Carolina at Chapel Hill 2 RedJack, LLC VizSec 2010 Overview Background
More informationProxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking
NETWORK MANAGEMENT II Proxy Servers Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking resources from the other
More informationwriting detection signatures
CHRISTOPHER JORDAN ( WITH CONTRIBUTIONS FROM JASON ROYES AND JESSE WHYTE) writing detection signatures Christopher Jordan is the principal investigator for the Dynamic Response System, an Advanced Research
More informationIntroduction Challenges with using ML Guidelines for using ML Conclusions
Introduction Challenges with using ML Guidelines for using ML Conclusions Misuse detection Exact descriptions of known bad behavior Anomaly detection Deviations from profiles of normal behavior First proposed
More informationCollaborative Intrusion Detection System : A Framework for Accurate and Efficient IDS. Outline
Collaborative Intrusion Detection System : A Framework for Accurate and Efficient IDS Yu-Sung Wu, Bingrui Foo, Yongguo Mei, Saurabh Bagchi Dependable Computing Systems Lab School of Electrical and Computer
More informationArtificial Immune System against Viral Attack
Artificial Immune System against Viral Attack Hyungjoon Lee 1, Wonil Kim 2*, and Manpyo Hong 1 1 Digital Vaccine Lab, G,raduated School of Information and Communication Ajou University, Suwon, Republic
More informationNBA of Obfuscated Network Vulnerabilities Exploitation Hidden into HTTPS Traffic
NBA of Obfuscated Network Vulnerabilities Exploitation Hidden into HTTPS Traffic Ivan Homoliak, Daniel Ovsonka, Matej Gregr and Petr Hanacek Department of Intelligent Systems Faculty of Information Technology,
More informationDifferent attack manifestations Network packets OS calls Audit records Application logs Different types of intrusion detection Host vs network IT
Different attack manifestations Network packets OS calls Audit records Application logs Different types of intrusion detection Host vs network IT environment (e.g., Windows vs Linux) Levels of abstraction
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 3 Protecting Systems Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define
More informationIDS: Signature Detection
IDS: Signature Detection Idea: What is bad, is known What is not bad, is good Determines whether a sequence of instructions being executed is known to violate the site security policy Signatures: Descriptions
More informationSecurity Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management
Seven Habits of Cyber Security for SMEs Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management Security Policy is an important
More informationLecture 12. Application Layer. Application Layer 1
Lecture 12 Application Layer Application Layer 1 Agenda The Application Layer (continue) Web and HTTP HTTP Cookies Web Caches Simple Introduction to Network Security Various actions by network attackers
More informationA different kind of Crypto
A different kind of Crypto Parker Schmitt November 16, 2014 1 Contents 1 Introduction 3 2 A brief discussion of modern crypto 3 2.1 How modern (non-payload) crypto works............. 4 2.2 Known Plaintext
More informationSelection of Next Generation Anti-Virus against Virus Attacks in Networks Using AHP
I. J. Computer Network and Information Security, 2013, 2, 29-35 Published Online February 2013 in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijcnis.2013.02.04 Selection of Next Generation Anti-Virus
More informationSIPS: A Stateful and Flow-Based Intrusion Prevention System for Applications
SIPS: A Stateful and Flow-Based Intrusion Prevention System for Email Applications Bo-Chao Cheng 1, Ming-Jen Chen 1, Yuan-Sun Chu 1, Andrew Chen 1, Sujadi Yap 1, and Kuo-Pao Fan 2 1 Dept. of Electronic
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationOperating Systems. Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000) alphapeeler.sf.net/pubkeys/pkey.htm
Operating Systems Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000) armahmood786@yahoo.com alphasecure@gmail.com alphapeeler.sf.net/pubkeys/pkey.htm http://alphapeeler.sourceforge.net pk.linkedin.com/in/armahmood
More informationA WICK HILL & FINJAN WHITE PAPER
A WICK HILL & FINJAN WHITE PAPER TRADITONAL SECURITY SYTEMS WILL NOT PROTECT AGAINST ALL WEB-BORNE THREATS By Ian Kilpatrick, chairman of security specialist Wick Hill Group. Ian Kilpatrick, chairman of
More informationThe GenCyber Program. By Chris Ralph
The GenCyber Program By Chris Ralph The Mission of GenCyber Provide a cybersecurity camp experience for students and teachers at the K-12 level. The primary goal of the program is to increase interest
More informationEvolutionary Algorithm Approaches for Detecting Computer Network Intrusion (Extended Abstract)
Evolutionary Algorithm Approaches for Detecting Computer Network Intrusion (Extended Abstract) Kevin P. Anchor, Paul D. Williams, Gregg H. Gunsch, and Gary B. Lamont Department of Electrical and Computer
More informationCHAPTER 6 EFFICIENT TECHNIQUE TOWARDS THE AVOIDANCE OF REPLAY ATTACK USING LOW DISTORTION TRANSFORM
109 CHAPTER 6 EFFICIENT TECHNIQUE TOWARDS THE AVOIDANCE OF REPLAY ATTACK USING LOW DISTORTION TRANSFORM Security is considered to be the most critical factor in many applications. The main issues of such
More information1) Write the characteristics of a problem with suitable example. 2) Explain Hill climbing and its variant Steepest-ascent hill climbing step by step.
(DMCA 301) ASSIGNMENT - 1, MAY - 2016. PAPER- I : ARTIFICIAL INTELLIGENCE 1) Write the characteristics of a problem with suitable example. 2) Explain Hill climbing and its variant Steepest-ascent hill
More informationNetwork Security. Chapter 0. Attacks and Attack Detection
Network Security Chapter 0 Attacks and Attack Detection 1 Attacks and Attack Detection Have you ever been attacked (in the IT security sense)? What kind of attacks do you know? 2 What can happen? Part
More informationAutomated Signature Generation: Overview and the NoAH Approach. Bernhard Tellenbach
Automated Signature Generation: Overview and the NoAH Approach Structure Motivation: The speed of insecurity Overview Building Blocks and Techniques The NoAH approach 2 The speed of insecurity Source:
More information