A Blockchain-based Architecture for Collaborative DDoS Mitigation with Smart Contracts
|
|
- Scarlett Freeman
- 6 years ago
- Views:
Transcription
1 A Blockchain-based Architecture for Collaborative DDoS Mitigation with Smart Contracts Bruno Rodrigues 1, Thomas Bocek 1, David Hausheer 2, Andri Lareida 1, Sina Rafati 1, Burkhard Stiller 1 1 Communication Systems Group (CSG) Department of Informatics (IfI) University of Zurich (UZH) 2 P2P System Engineering Lab Department of Electrical Engineering and Information Technology TU Darmstadt
2 DDoS Recent s
3 s are getting bigger DDoS s (1) Akamai Q3/2016 Akamai reports a 138% yearly increase in total DDoS attacks larger than 100 Gbps; 71% in total DDoS attacks. IoT News Nov Bleeping Computer (Leet bootnet) Dec
4 DDoS s (2) s are becoming more sophisticated and more frequent Akamai Q3/2016 In a DNS amplification attack, an attacker can send 1 Gbps of initial traffic, and 100 Gbps is delivered to the target Incapsula Identifying layer 7 attacks requires an understanding of the underlying application. It also requires proper differentiation between malicious bot traffic, regular bot traffic (such as search engine bots), and human traffic Imperva 2016
5 DDoS Mitigation Traditional scenario of DDoS mitigation Defense in a single domain AS3 detect the attack but gets overloaded er AS1 AS2 AS3 Victim DDoS Defense mechanism AS1 and AS2 do not detect the attack er er s are getting bigger and more sophisticated Opportunity for collaborative-defense mechanisms
6 Collaborative DDoS Defense Gossip-based protocol AS1 AS2 AS3 Send/receive info Defense capabilities Benefits: Allows to combine defense capabilities of different ASes Reduce the burden of detection/mitigation in a single domain Allows to block malicious traffic near its source Can reduce response time
7 Collaborative DDoS Defense IETF (draft) DOTS (DDoS Open Threat Signaling): standardization of an architecture and protocol covering both intra-organization and inter-organization communications for advertising DDoS attacks. IETF 2016 Steinberger et al., proposes an advertising protocol based on FLEX (Flow-based Event exchange) to simplify the protocol integration and deployment into existing equipment. NOMS 2016 Sahay et al., SDN-based collaborative framework which allows the customers to request DDoS mitigation from ASes. Requires an SDN controller at customer side interfaced with the AS. NDSS (Network and Distributed System Security) 2015 CoFence, cooperation between domains that implements VNFs to alleviate DDoS attacks by redirecting and reshaping excessive traffic to other collaborating domains for filtering. CNSM
8 Collaborative DDoS Defense IETF DOTS: Architecture for inter-organization DDoS protection Complex architecture and deployment Main asset: standardization power Ongoing IETF DOTS drafts 1 - DOTS requirements 2 - DOTS proposal 3 - DOTS architecture
9 Blockchain and Smart Contracts Decentralized and immutable ledger; no central repository or single administrator. Full decentralization, enabling trust among non-trusted peers. Holds and reports numbers of every transaction ensuring transparency. Available to everybody, so transactions are public. Smart contracts are a piece of software made to facilitate the negotiation or performance a contract, being able to be executed, verified or enforced on its own. Self-executing and immutable code stored on the blockchain
10 Blockchain and Smart Contracts Block Block Block Header Header Header Hash previous block header Hash previous block header Hash previous block header 5. Broadcast data 4. solve PoW Miners 2. collect transactions Proof of Work (PoW) Miners Pool of Transactions 3. execute smart contract Miners Transactions Transactions Transactions Transactions 1. submit transactions Blockchain Users
11 Blockchain and Smart Contracts Applied To Collaborative DDoS Mitigation Blockchain users: Autonomous Systems (ASes or customers) Transaction: composed by a list of addresses either to be explicitly allowed (whitelist) or blocked (blacklist) d immutable code stored on the blockchain Smart contracts: comprises the logic to report IP addresses in the blockchain and proof the authenticity of the entity is reporting the IP list. For the customer the certificate can be created with an automated challengeresponse system. Transaction ASes Customers Report Header List of addresses Collect Miner Smart Contract Broadcast Blockchain Retrieve
12 Blockchain-based Collaborative Defense Block Block Block Block Block Block Block Block AS1 AS2 AS3 Send/receive attack info Customer Advantages: Public and already available technology Appliances to read/write in the blockchain are easy to integrate to existing solutions Can be used as an additional security mechanism without modifying existing ones Independent of security policies and mechanisms Customer can also report attacks
13 Blockchain-based Collaborative Defense Ethereum blockchain A new block is mined at every 14 seconds in Ethereum Either ASes and verified customers can report/retrieve IP addresses to the blockchain Ether black and whitelisted IP addresses are supported The gossip-logic is implemented in Smart Contracts
14 Blockchain-based Collaborative Defense Either the AS or customers can create contracts; customers need to be certified in order to report addresses. Smart contracts are linked using a registry-type entry so whenever a new list is reported, other contracts are updated. Smart contract data can use an URL to point to a list of addresses
15 Smart Contract code: Collaborative approach with a few lines of code
16 Summary and Future Work Summary Blockchains reduce the complexity of collaborative DDoS mitigation approaches by replacing existing gossip-based architectures/protocols by an already available infrastructure. Solution presents low development complexity (less than 100 lines of code). Easy to integrate, it can be deployed as an additional security mechanism. Existing security mechanisms and policies do not need to be modified in ASes. Future work Investigate detection and enforcement details based on the combination of SDN and NFV technologies. SDN enables the enforcement of customizable security policies and services. NFV-enabled blockchain appliance able to report and retrieve IP addresses and request traffic changes to an SDN controller
17 Discussion Reasonable approach? Could this be deployed at an ISP? Fed4Fire?
18 References K. Nishizuka, L. Xia, J. Xia, D. Zhang, L. Fang, and C. Gray Inter-organization cooperative DDoS protection mechanism. Draft. IETF Draft. Steinberger, J., Kuhnert, B., Sperotto, A., Baier, H., Pras, A. (2016, April). Collaborative DDoS defense using flow-based security event information. In Network Operations and Management Symposium (NOMS), 2016 IEEE/IFIP (pp ). Bahman Rashidi and Carol Fung CoFence: A Collaborative DDoS Defence Using Network Function Virtualization. In 12th International Conference on Network and Service Management (CNSM), IEEE. Sahay, R., Blanc, G., Zhang, Z., & Debar, H. (2015). Towards Autonomic DDoS Mitigation using Software Defined Networking. NDSS Workshop on Security of Emerging Networking Technologies, Feb 2015, San Diego, Ca, United States
A Blockchain-Based Architecture for Collaborative DDoS Mitigation with Smart Contracts
A Blockchain-Based Architecture for Collaborative DDoS Mitigation with Smart Contracts Bruno Rodrigues 1(B), Thomas Bocek 1, Andri Lareida 1, David Hausheer 2, Sina Rafati 1, and Burkhard Stiller 1 1 Communication
More informationDDoS Mitigation Using Blockchain
622 DDoS Mitigation Using Blockchain J. Dheeraj 1, S. Gurubharan 2 1,2 Student, Department of Computer Science, SRM Institute of Science and Technology, Chennai, India Abstract The rapid growth in the
More informationLeveraging Smart Contracts for Automatic SLA Compensation The Case of NFV Environments
AIMS 2018, June 4-5, Munich, Germany Leveraging Smart Contracts for Automatic SLA Compensation The Case of NFV Environments Eder John Scheid, Burkhard Stiller Department of Informatics IFI, Communication
More informationEder John Scheid and Burkhard Stiller. Automatic SLA Compensation based on Smart Contracts. April 2018
Eder John Scheid and Burkhard Stiller Automatic SLA Compensation based on Smart Contracts TECHNICAL REPORT No. IFI-2018.02 April 2018 University of Zurich Department of Informatics (IFI) Binzmühlestrasse
More informationBlockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric
Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric Elli Androulaki Staff member, IBM Research, Zurich Workshop on cryptocurrencies Athens, 06.03.2016 Blockchain systems
More informationLeveraging SDN for Collaborative DDoS Mitigation
Leveraging SDN for Collaborative DDoS Mitigation Sufian Hameed, Hassan Ahmed Khan IT Security Labs National University of Computer and Emerging Sciences, Pakistan Introduction The legacy of DDoS continues
More informationRID IETF Draft Update
RID IETF Draft Update Kathleen M. Moriarty INCH Working Group 5 August 2004 This work was sponsored by the Air Force under Air Force Contract Number F19628-00-C-0002. "Opinions, interpretations, conclusions,
More informationVFence: A Defense against Distributed Denial of Service Attacks using Network Function Virtualization
2016 IEEE 40th Annual Computer Software and Applications Conference VFence: A Defense against Distributed Denial of Service Attacks using Network Function Virtualization A H M Jakaria, Wei Yang, Bahman
More informationLeveraging SDN & NFV to Achieve Software-Defined Security
Leveraging SDN & NFV to Achieve Software-Defined Security Zonghua Zhang @imt-lille-douai.fr NEPS: NEtwork Performance and Security Group 2 Topics Anomaly detection, root cause analysis Security evaluation
More informationSENSS Against Volumetric DDoS Attacks
SENSS Against Volumetric DDoS Attacks Sivaram Ramanathan 1, Jelena Mirkovic 1, Minlan Yu 2 and Ying Zhang 3 1 University of Southern California/Information Sciences Institute 2 Harvard University 3 Facebook
More informationPrivacy based Public Key Infrastructure (PKI) using Smart Contract in Blockchain Technology
2 nd Advanced Workshop on Blockchain, IIT Bombay Privacy based Public Key Infrastructure (PKI) using Smart Contract in Blockchain Technology Sivakumar.P M.Tech (CSE), Sem-III, NIT Trichy Guide:- Dr Kunwar
More informationBuilding Security Services on top of SDN
Building Security Services on top of SDN Gregory Blanc Télécom SudParis, IMT 3rd FR-JP Meeting on Cybersecurity WG7 April 25th, 2017 Keio University Mita Campus, Tokyo Table of Contents 1 SDN and NFV as
More informationSecuring connected devices and critical IoT infrastructure with Blockchain-enabled Cybersecurity
Securing connected devices and critical IoT infrastructure with Blockchain-enabled Cybersecurity Blockchain-based digital identity for connected devices Locked-down & secured access to critical IoT systems
More informationIoT security based on the DPK platform
Zz S E C U M O B I. WHITE PAPER IoT security based on the DPK platform Powered by Ethereum David Khoury Elie Kfoury ABSTRACT Public key distribution remains one of the main security weaknesses in many
More informationDesign Patterns which Facilitate Message Digest Collision Attacks on Blockchains
Symposium on Distributed Ledger Technology SDLT'2017 Gold Coast Campus, Griffith University June 13, 2017 Design Patterns which Facilitate Message Digest Collision Attacks on Blockchains Peter Robinson,
More informationInter-domain routing validator based spoofing defence system
University of Wollongong Research Online Faculty of Informatics - Papers (Archive) Faculty of Engineering and Information Sciences 2010 Inter-domain routing validator based spoofing defence system Lei
More informationEthereum Consortium Blockchain in Azure Marketplace Christine Avanessians Senior Program Manager
Ethereum Consortium Blockchain in Azure Marketplace Christine Avanessians Senior Program Manager Overview The next phase of our support of blockchain on Microsoft Azure is the release of the Ethereum Consortium
More informationA Blockchain-based Mapping System
A Blockchain-based Mapping System IETF 98 Chicago March 2017 Jordi Paillissé, Albert Cabellos, Vina Ermagan, Fabio Maino jordip@ac.upc.edu http://openoverlayrouter.org 1 A short Blockchain tutorial 2 Blockchain
More informationDNS Authentication-as-a-Service Preventing Amplification Attacks
DNS Authentication-as-a-Service Preventing Amplification Attacks Amir Herzberg Bar-Ilan University Haya Shulman Technische Universität Darmstadt Denial of Service Attacks: Statistics Reported bandwidths
More informationA Collaborative Network Security Management System in Metropolitan Area Network
211 Third International Conference on Communications and Mobile Computing A Collaborative Network Security Management System in Metropolitan Area Network Beipeng Mu and Xinming Chen Department of Automation
More informationDecentralized Internet Resource Trust Infrastructure
Decentralized Internet Resource Trust Infrastructure Bingyang Liu, Fei Yang, Marcelo Bagnulo, Zhiwei Yan, and Qiong Sun Huawei UC3M CNNIC China Telecom 1 Critical Internet Trust Infrastructures are Centralized
More informationUnblockable Chains. Is Blockchain the ultimate malicious infrastructure? Omer Zohar
Unblockable Chains Is Blockchain the ultimate malicious infrastructure? Omer Zohar #WhoAmI Researching malware backbones for the past decade Following blockchain eco-system since 2013 Finally had some
More informationApplication Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks
Application Security Rafal Chrusciel Senior Security Operations Analyst, F5 Networks r.chrusciel@f5.com Agenda Who are we? Anti-Fraud F5 Silverline DDOS protection WAFaaS Threat intelligence & malware
More informationBlockchain-based Firmware Update Framework for Internet-of-Things Environment
Int'l Conf. Information and Knowledge Engineering IKE'18 151 Blockchain-based Firmware Update Framework for Internet-of-Things Environment Alexander Yohan 1, Nai-Wei Lo 2, Suttawee Achawapong 3 Department
More informationEthereum Consortium Network Deployments Made Easy Christine Avanessians Senior Program Manager
Ethereum Consortium Network Deployments Made Easy Christine Avanessians Senior Program Manager Update History October 19, 2016: The document was revised to reflect the most recent update to the template.
More informationENEE 457: E-Cash and Bitcoin
ENEE 457: E-Cash and Bitcoin Charalampos (Babis) Papamanthou cpap@umd.edu Money today Any problems? Cash is cumbersome and can be forged Credit card transactions require centralized online bank are not
More informationWe are innovating in security
We are innovating in security Security Network Network Innovation Day Day 2018 2018 We are We in are in threat and defense Complex mix of multiple vendors without effective orchestration IoT connected
More informationVERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 4, ISSUE 4 4TH QUARTER 2017 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q4 2017 4 DDoS
More informationREM: Resource Efficient Mining for Blockchains
REM: Resource Efficient Mining for Blockchains Fan Zhang, Ittay Eyal, Robert Escriva, Ari Juels, Robbert van Renesse Vancouver, Canada 13 September 2017 USENIX Security 2017 1 The Cryptocurrency Vision
More informationddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks
ddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks 2 WHAT IS A DDOS-ATTACK AND WHY ARE THEY DANGEROUS? Today's global network is a dynamically developing
More informationLeveraging SDN for Collaborative DDoS Mitigation
Leveraging SDN for Collaborative DDoS Mitigation Sufian Hameed, Hassan Ahmed Khan IT Security Labs, National University of Computer and Emerging Sciences (FAST-NUCES), Pakistan sufian.hameed@nu.edu.pk
More informationBlockstack, a New Internet for Decentralized Apps. Muneeb Ali
Blockstack, a New Internet for Decentralized Apps Muneeb Ali The New Internet Problems with the traditional internet End-to-end design principle for the Internet. *1981 Saltzer, Reed, and Clark paper End-to-end
More informationLECTURE 2 BLOCKCHAIN TECHNOLOGY EVOLUTION
LECTURE 2 BLOCKCHAIN TECHNOLOGY EVOLUTION THE PAST: THE VENDING MACHINE DAYS NEW USE CASES Namecoin 2011 Bytecoin 2012 Dogecoin 2013 Decentralized domain name service Privacy, first to use the CryptoNote
More informationTable of contents. Technical Features. Our approach. Technical Overview. Stage 1 (Using Ethereum blockchain) Participants. Data Owner.
Table of contents Technical Features Our approach Technical Overview Stage 1 (Using Ethereum blockchain) Participants Data Owner Data Verifier Marketplace Data Buyer Creditor Data Platform Architecture
More informationBitBill: Scalable, Robust, Verifiable Peer-to-Peer Billing for Cloud Computing
BitBill: Scalable, Robust, Verifiable Peer-to-Peer Billing for Cloud Computing Li Chen, Kai Chen SING Lab Computer Science and Engineering Hong Kong University of Science and Technology Trust in the Cloud
More informationBlockchain & Distributed Internet Infrastructure
Blockchain & Distributed Internet Infrastructure Dirk Kutscher NEC Laboratories Europe 1 Purpose of this Meeting Discuss blockchain-based and Distributed Internet Infrastructure concepts, state of the
More informationRID IETF Draft Update
RID IETF Draft Update Kathleen M. Moriarty INCH Working Group 29 March 2005 This work was sponsored by the Air Force under Air Force Contract Number F19628-00-C-0002. "Opinions, interpretations, conclusions,
More informationAPNIC s role in stability and security. Adam Gosling Senior Policy Specialist, APNIC 4th APT Cybersecurity Forum, 3-5 December 2013
APNIC s role in stability and security Adam Gosling Senior Policy Specialist, APNIC 4th APT Cybersecurity Forum, 3-5 December 2013 Overview Introducing APNIC Working with LEAs The APNIC Whois Database
More informationImperva Incapsula Product Overview
Product Overview DA T A SH E E T Application Delivery from the Cloud Whether you re running a small e-commerce business or in charge of IT operations for an enterprise, will improve your website security
More informationSMARTDATA: Leveraging Blockchain to Securely Capture & Verify Scientific Provenance Data
UT DALLAS Erik Jonsson School of Engineering & Computer Science SMARTDATA: Leveraging Blockchain to Securely Capture & Verify Scientific Provenance Data Dr.Murat Kantarcioglu Joint work with Aravind Ramachandran
More informationIntelligent Programmatic Peering Summary Report
Intelligent Programmatic Peering Summary Report Alliance for Telecommunications Industry Solutions December 2016 i Abstract The TOPS Council s Intelligent Programmatic Peering Landscape Team (IPLT) completed
More informationRule based Forwarding (RBF): improving the Internet s flexibility and security. Lucian Popa, Ion Stoica, Sylvia Ratnasamy UC Berkeley Intel Labs
Rule based Forwarding (RBF): improving the Internet s flexibility and security Lucian Popa, Ion Stoica, Sylvia Ratnasamy UC Berkeley Intel Labs Motivation Improve network s flexibility Middlebox support,
More informationForeScout Extended Module for Carbon Black
ForeScout Extended Module for Carbon Black Version 1.0 Table of Contents About the Carbon Black Integration... 4 Advanced Threat Detection with the IOC Scanner Plugin... 4 Use Cases... 5 Carbon Black Agent
More informationImperva Incapsula Website Security
Imperva Incapsula Website Security DA T A SH E E T Application Security from the Cloud Imperva Incapsula cloud-based website security solution features the industry s leading WAF technology, as well as
More informationunrestricted DOTS use cases draft-mglt-dots-use-cases-00.txt D. Migault 21/07/2015- IETF93- Prague
unrestricted DOTS use cases draft-mglt-dots-use-cases-00.txt D. Migault 21/07/2015- IETF93- Prague Introduction The goal of the presentation are: To agree on the use case that are in scope of DOTS (to
More informationICS Security. Trends, Issues, and New Standards. Speaker: David Mattes CTO, Asguard Networks
ICS Security Trends, Issues, and New Standards Standards Certification Education & Training Publishing Conferences & Exhibits Speaker: David Mattes CTO, Asguard Networks 2013 ISA Water / Wastewater and
More informationA PKI For IDR Public Key Infrastructure and Number Resource Certification
A PKI For IDR Public Key Infrastructure and Number Resource Certification AUSCERT 2006 Geoff Huston Research Scientist APNIC If You wanted to be Bad on the Internet And you wanted to: Hijack a site Inspect
More informationConfiguring BIG-IP ASM v12.1 Application Security Manager
Course Description Configuring BIG-IP ASM v12.1 Application Security Manager Description The BIG-IP Application Security Manager course gives participants a functional understanding of how to deploy, tune,
More informationVirtualization and Softwarization Technologies for End-to-end Networking
ization and Softwarization Technologies for End-to-end Networking Naoki Oguchi Toru Katagiri Kazuki Matsui Xi Wang Motoyoshi Sekiya The emergence of 5th generation mobile networks (5G) and Internet of
More informationGrid Security Policy
CERN-EDMS-428008 Version 5.7a Page 1 of 9 Joint Security Policy Group Grid Security Policy Date: 10 October 2007 Version: 5.7a Identifier: https://edms.cern.ch/document/428008 Status: Released Author:
More informationBlockchain without Bitcoin. Muralidhar Gopinath October 19, 2017 University at Albany
Blockchain without Bitcoin Muralidhar Gopinath October 19, 2017 University at Albany What is Blockchain? Contains records (blocks) that are linked (chained) to one another using cryptography Each block
More informationAn Analysis of Atomic Swaps on and between Ethereum Blockchains Research Project I
An Analysis of Atomic Swaps on and between Ethereum Blockchains Research Project I Master of System and Network Engineering Informatics Institute, University of Amsterdam Peter Bennink Lennart van Gijtenbeek
More informationWhen HTTPS Meets CDN
When HTTPS Meets CDN A Case of Authentication in Delegated Service Jinjin Liang 1, Jian Jiang 1, Haixin Duan 1, Kang Li 2, Tao Wan 3, Jianping Wu 1 1 Tsinghua University 2 University of Georgia 3 Huawei
More informationKey Security Issues for implementation of Digital Currency, including ITU-T SG17 activities
ITU Workshop on FG DFC Workshop on Standards for Digital Fiat Currency (DFC) () Key Issues for implementation of Digital Currency, including ITU-T SG17 activities Heung Youl Youm, PhD. Chairman of ITU-T
More informationSCRIPT: An Architecture for IPFIX Data Distribution
SCRIPT Public Workshop January 20, 2010, Zurich, Switzerland SCRIPT: An Architecture for IPFIX Data Distribution Peter Racz Communication Systems Group CSG Department of Informatics IFI University of Zürich
More informationBBc-1 : Beyond Blockchain One - An Architecture for Promise-Fixation Device in the Air -
BBc-1 : Beyond Blockchain One - An Architecture for Promise-Fixation Device in the Air - Kenji Saito and Takeshi Kubo {ks91 t-kubo}@beyond-blockchain.org Revision 0.1 October 31, 2017 1 Introduction Blockchain
More informationSOLUTION BRIEF FPO. Imperva Simplifies and Automates PCI DSS Compliance
SOLUTION BRIEF FPO Imperva Simplifies and Automates PCI DSS Compliance Imperva Simplifies and Automates PCI DSS Compliance SecureSphere drastically reduces both the risk and the scope of a sensitive data
More informationA Review on Blockchain Application for Decentralized Decision of Ownership of IoT Devices
Advances in Computational Sciences and Technology ISSN 0973-6107 Volume 10, Number 8 (2017) pp. 2449-2456 Research India Publications http://www.ripublication.com A Review on Blockchain Application for
More informationThe Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering
The Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information
More informationWho wants to be a millionaire? A class in creating your own cryptocurrency
DEVNET-3626 Who wants to be a millionaire? A class in creating your own cryptocurrency Tom Davies, Sr. Manager, DevNet Sandbox Vallard Benincosa, Software Engineer Cisco Spark How Questions? Use Cisco
More informationDistributed Ledger Technology & Fintech Applications. Hart Montgomery, NFIC 2017
Distributed Ledger Technology & Fintech Applications Hart Montgomery, NFIC 2017 Let s consider a common scenario: Banks want to trade some asset class Participants in the market want to be able to efficiently
More informationA custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74
Analysis of the Global Distributed Denial of Service (DDoS) Mitigation Market Abridged Version Rise of the DDoS Attack Spurs Demand for Comprehensive Solutions A custom excerpt from Frost & Sullivan s
More informationReal-Time and Resilient Intrusion Detection: A Flow-Based Approach
Real-Time and Resilient Intrusion Detection: A Flow-Based Approach Rick Hofstede, Aiko Pras To cite this version: Rick Hofstede, Aiko Pras. Real-Time and Resilient Intrusion Detection: A Flow-Based Approach.
More informationSoftware Security. Final Exam Preparation. Be aware, there is no guarantee for the correctness of the answers!
Software Security Final Exam Preparation Note: This document contains the questions from the final exam on 09.06.2017. Additionally potential questions about Combinatorial Web Security Testing and Decentralized
More informationBEYOND TRADITIONAL PASSWORD AUTHENTICATION: PKI & BLOCKCHAIN
SESSION ID: GPS-R09B BEYOND TRADITIONAL PASSWORD AUTHENTICATION: PKI & BLOCKCHAIN Sid Desai Head of Business Development Remme.io @skd_desai Agenda Our relationship to our digital-selves Evolution of Authentication
More informationVERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 4, ISSUE 1 1ST QUARTER 2017 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q1 2017 4 DDoS
More informationForescout. eyeextend for Carbon Black. Configuration Guide. Version 1.1
Forescout Version 1.1 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationPhysical Access Control Management System Based on Permissioned Blockchain
Physical Access Control Management System Based on Permissioned Blockchain Sara Rouhani Department of Computer Science University of Saskatchewan Saskatoon, Canada sara.rouhani@usask.ca Vahid Pourheidari
More informationSCION Project Testbed Trials. David Hausheer, Youssef El Biad, Kurt Baumann, Adrian Perrig
SCION Project Testbed Trials David Hausheer, Youssef El Biad, Kurt Baumann, Adrian Perrig SCION Project Testbed Trials 2 SCION: A Secure Internet Architecture SCION: Scalability, Control, and Isolation
More informationDDoS Detection&Mitigation: Radware Solution
DDoS Detection&Mitigation: Radware Solution Igor Urosevic Head of Technical Department SEE CCIE #26391 Ingram Micro Inc. 1 Agenda DDoS attack overview Main point of failures Key challenges today DDoS protection
More informationOn the State of the Inter-domain and Intra-domain Routing Security
On the State of the Inter-domain and Intra-domain Routing Security Mingwei Zhang April 19, 2016 Mingwei Zhang Internet Routing Security 1 / 54 Section Internet Routing Security Background Internet Routing
More informationA (sample) computerized system for publishing the daily currency exchange rates
A (sample) computerized system for publishing the daily currency exchange rates The Treasury Department has constructed a computerized system that publishes the daily exchange rates of the local currency
More informationDetecting Insider Attacks on Databases using Blockchains
Detecting Insider Attacks on Databases using Blockchains Shubham Sharma, Rahul Gupta, Shubham Sahai Srivastava and Sandeep K. Shukla Department of Computer Science and Engineering Indian Institute of Technology,
More informationBeyond Blind Defense: Gaining Insights from Proactive App Sec
Beyond Blind Defense: Gaining Insights from Proactive App Sec Speaker Rami Essaid CEO Distil Networks Blind Defense Means Trusting Half Your Web Traffic 46% of Web Traffic is Bots Source: Distil Networks
More informationThe game If you listen very carefully during the first 4 cards (or use the cheat sheet) you will get an advantage on the last 5 cards
The blockchain game GAMEMASTER NOTES Time: 10 minutes The game: up to 9 info/question cards + a short test with 7 questions Reward: The game If you listen very carefully during the first 4 cards (or use
More informationBlockchain as a Trust Enabling Infrastructure Opportunities and Challenges
Sixth Regional Workshop for Africa on "Standardization of future networks: What opportunities for Africa?" Abidjan, Cote D'Ivoire, 26 27 March 2018 Blockchain as a Trust Enabling Infrastructure Opportunities
More informationSCION: A Secure Multipath Interdomain Routing Architecture. Adrian Perrig Network Security Group, ETH Zürich
SCION: A Secure Multipath Interdomain Routing Architecture Adrian Perrig Network Security Group, ETH Zürich SCION: Next-generation Internet Architecture Path-aware networking: sender knows packet s path
More informationContainer Network Functions: Bringing NFV to the Network Edge
Container Network Functions: Bringing NFV to the Network Edge Richard Cziva University of Glasgow Richard.Cziva@glasgow.ac.uk SDN / NFV WORLD CONGRESS 2017, The Hague, Netherlands About Netlab University
More informationPresentation and Demo: Flow Valuations based on Network-Service Cooperation
Presentation and Demo: Flow Valuations based on Network-Service Cooperation Tanja Zseby, Thomas Hirsch Competence Center Network Research Fraunhofer Institute FOKUS, Berlin, Germany 1/25 2010, T. Zseby
More informationProtecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper
Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges
More informationRadix - Tempo. Dan Hughes Abstract
Radix - Tempo Monday 25 t h September, 2017 Dan Hughes www.radix.global Abstract In this paper we present a novel method for implementing a Distributed Ledger that preserves total order of events allowing
More informationUsing the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway
Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway Applying Application Delivery Technology to Web Services Overview The Cisco ACE XML Gateway is the newest
More informationRadix - Tempo. Dan Hughes
Radix - Tempo Dan Hughes 25 th September 2017 Abstract In this paper we present a novel method for implementing a Distributed Ledger that preserves total order of events allowing for the trustless transfer
More informationWAVE: A decentralised authorization system for IoT via blockchain smart contracts
WAVE: A decentralised authorization system for IoT via blockchain smart contracts Michael P Andersen, John Kolb, Kaifei Chen, Gabe Fierro, David E. Culler, Raluca Ada Popa The problem Authorization mechanisms
More informationResource-Efficient Mining (REM) with Proofs of Useful Work (PoUW)
Resource-Efficient Mining (REM) with Proofs of Useful Work (PoUW) Ittay Eyal Technion, EE and IC3 with Fan Zhang, Robert Escriva. Ari Juels, and Robbert van Renesse Workshop on Blockchain Technology and
More informationDrive Greater Value from Your Cisco Deployment with Radware Solutions
Drive Greater Value from Your Cisco Deployment with Radware Solutions Ron Meyran Director, Alliances Marketing Feb 24, 2015 Introducing Radware Radware/Cisco Solution Mapping Solutions Overview & Differentiators
More informationSENSS: Software-defined Security Service
SENSS: Software-defined Security Service Minlan Yu University of Southern California Joint work with Abdulla Alwabel, Ying Zhang, Jelena Mirkovic 1 Growing DDoS Attacks Average monthly size of DDoS attacks
More informationModeling and Comparing In-network Distributed DDoS Defense Algorithms
Modeling and Comparing In-network Distributed DDoS Defense Algorithms Abstract Research has shown that distributed denial-ofservice (DDoS) attacks on the Internet could often be better handled by enlisting
More informationSecure Technology Alliance Response: NIST IoT Security and Privacy Risk Considerations Questions
Secure Technology Alliance Response: NIST IoT Security and Privacy Risk Considerations Questions April 26, 2018 The Secure Technology Alliance IoT Security Council is pleased to submit our response to
More informationInvestigating Bandwidth Broker s inter-domain operation for dynamic and automatic end to end provisioning
Investigating Bandwidth Broker s inter-domain operation for dynamic and automatic end to end provisioning Christos Bouras and Dimitris Primpas Research Academic Computer Technology Institute, N.Kazantzaki
More informationEVALUATION OF PROOF OF WORK (POW) BLOCKCHAINS SECURITY NETWORK ON SELFISH MINING
EVALUATION OF PROOF OF WORK (POW) BLOCKCHAINS SECURITY NETWORK ON SELFISH MINING I Gusti Ayu Kusdiah Gemeliarana Department of Electrical Engineering University of Indonesia Depok, Indonesia i.gusti79@ui.ac.id
More informationSmartWall Threat Defense System - NTD1100
SmartWall Threat Defense System - NTD1100 Key Benefits Robust, real-time security coverage Real-time Layer 3-7 mitigation against volumetric attacks for both IPv4 and IPv6 traffic. Industry- leading density,
More informationPractical Guide to Choosing a DDoS Mitigation Service WHITEPAPER
1 From massive volumetric attacks to sophisticated application level threats, DDoS attacks are bigger, smarter and more dangerous than ever. Given today s threat landscape and the availability of inexpensive,
More informationPage Total
Page 2 3 4 5 6 7 8 9 Total Mark FIRST NAME LAST (FAMILY) NAME STUDENT NUMBER INSE 6630 Fall 2017 Duration: 3 hours One single-sided letter-sized reference sheet of paper is allowed Write answers in the
More informationSecuring BGP Networks using Consistent Check Algorithm
Securing BGP Networks using Consistent Check Algorithm C. K. Man, K.Y. Wong, and K. H. Yeung Abstract The Border Gateway Protocol (BGP) is the critical routing protocol in the Internet infrastructure.
More informationBLOCKCHAIN FOR CYBERSECURITY MICRO-SEGMENTED NETWORK ACCESS CONTROL
SESSION ID: SDS-R03 BLOCKCHAIN FOR CYBERSECURITY MICRO-SEGMENTED NETWORK ACCESS CONTROL Rajeevan Kallumpuram CISSP, CISM Assistant Vice President Reliance Industries Limited Twitter- @RajeevansView BLOCKCHAIN
More informationADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY
ADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY One of the largest concerns of organisations is how to implement and introduce advanced security mechanisms to protect
More informationΕΘΝΙΚΟ ΜΕΤΣΟΒΙΟ ΠΟΛΥΤΕΧΝΕΙΟ - Ε.Μ.Π. NATIONAL TECHNICAL UNIVERSITY OF ATHENS - NTUA School of Electrical & Computer Engineering
ΕΘΝΙΚΟ ΜΕΤΣΟΒΙΟ ΠΟΛΥΤΕΧΝΕΙΟ - Ε.Μ.Π. NATIONAL TECHNICAL UNIVERSITY OF ATHENS - NTUA School of Electrical & Computer Engineering Recent NETMODE Activities on Internet Research & Experimentation: Tetsbeds,
More informationIntrusion prevention systems are an important part of protecting any organisation from constantly developing threats.
Network IPS Overview Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats. By using protocol recognition, identification, and traffic analysis
More informationHyperledger Quilt and Interledger Protocol. Nathan Aw - Technical Ambassador Edmund To - Organizer of Hyperledger Meetup Hong Kong
Hyperledger Quilt and Interledger Protocol Nathan Aw - Technical Ambassador Edmund To - Organizer of Hyperledger Meetup Hong Kong Housekeeping Road Map of 2018 - More meet ups! Thank you to our sponsor
More information