Finding the Linchpins of the Dark Web: A Study on Topologically Dedicated Hosts on Malicious Web Infrastructures
|
|
- Prosper Davis
- 5 years ago
- Views:
Transcription
1 Finding the Linchpins of the Dark Web: A Study on Topologically Dedicated Hosts on Malicious Web Infrastructures Zhou Li, Indiana University Bloomington Sumayah Alrwais, Indiana University Bloomington Yinglian Xie, MSR Silicon Valley Fang Yu, MSR Silicon Valley XiaoFeng Wang, Indiana University Bloomington 1
2 The Big Web 2
3 The Dangerous Web 3
4 What bothers you? Phishing Theft Scam Drive-by Download Bot 4
5 Who is behind? Individual Hacker Criminal Organization 5
6 Malicious Web Infrastructure Compromised Site Phishing Server SEO Site Scam Server SPAM Link Redirector Exploit Server 6
7 Our Work - I What is the topological view of malicious Web infrastructure? Build redirection graph 7
8 What are the linchpins? Our Work - II Topologically Dedicated Malicious Hosts: All redirection paths are malicious Stay in dark side, far from bright side 8
9 Our Work - III How can we find the linchpins? Topologically detector Not relying on semantics of attacks Study of Traffic Direction System (TDS) Landscape, Lifetime, Parking 9
10 Outline Build graph Find the linchpins Study Traffic Direction System (TDS) 10
11 Dynamic Crawler Firefox extension Data Collection Redirection: JavaScript, iframe, Http(302), Meta-refresh, Data Source Client-side redirection <script> var a = <iframe src = > ; document.write(a); </script> 5.5M URLs, 7 Months Feed Type Start End # Doorway URLs Microsoft Malicious 3/2012 8/2012 1,558,690 WarningBird[1] Malicious 3/2012 5/ ,232 Twitter Search Mostly good 3/2012 8/2012 1,613,924 Alexa Mostly good 2/2012 8/2012 2,040,720 [1] WarningBird: Detecting Suspicious URLs in Twitter Stream, Lee et.al, NDSS 12 11
12 Data Labeling Building Redirection Graph Malicious (Forefront) Legitimate (Whitelist) Unknown Node Constructing Node: Hostname-IP Cluster (HIC) Edge Constructing Link 2 nodes if there is an URL redirection 2M Nodes, 9M Edges HIC Hostname URL URL URL Hostname URL URL URL 12
13 Building Redirection Graph (Cond.) >70% malicious paths through 15k dedicated hosts Legitimate (Totally good) Dedicated Malicious (Totally bad) Non-dedicated Malicious (Mixed) 13
14 Outline Build graph Find the linchpins Study Traffic Direction System (TDS) 14
15 Finding the Linchpins is Challenging Serve for different attacks and different sources Hide by cloaking Mixed with legitimate nodes 15
16 Properties of Dedicated Hosts Bright World Legitimate (Totally good) 2.25% Dedicated Malicious (Totally bad) 80.40% Non-dedicated Malicious (Mixed) Dark World 16
17 Topological Detector Can we leverage this topological feature? Use known bad and good as seed Detect dedicated hosts Expand the result using topology Work on different attacks and different sources YES! 17
18 Hunting Dedicated Hosts Score Propagation using PageRank Good Bad Assign score to good seed Assign score to bad seed Score Propagation Choose nodes with high bad score and low GS=10 BS=10 GS=8.65 BS=0 GS=0 BS=4.4 GS=7.5 BS=3.89 good score GS=0 BS=4.4 18
19 Evaluation Using x% of known malicious hosts as bad seed How many more malicious paths can be identified? # Detected Paths / # All Malicious Paths 100% 80% 60% 40% 20% 0% selected seed only total 0% 20% 40% 60% 80% 100% #Selected Paths / #Seed Paths FDR 3.0% 2.5% 2.0% 1.5% 1.0% 0.5% 0.0% FDR FPR 0.030% 0.025% 0.020% 0.015% 0.010% 0.005% 0.000% 0% 20% 40% 60% 80% 100% # selected paths / # seed paths FPR 5% bad hosts, 7x expansion rate 0.025% FPR, 0.34% FDR 19
20 Evaluation (Cond.) Detect new hosts 6k new malicious hostnames identified Detection result can serve as new seed 12x expansion rate if rolling back the detected result Path sharing across different sources 56% malicious paths from WarningBird feed overlapped with Microsoft feed 20
21 Outline Build graph Find the linchpins Study Traffic Direction System (TDS) 21
22 Traffic Direction System (TDS) Underground traffic brokers who buy traffic from generators (e.g., malicious doorways) and sell to consumers (e.g., exploit servers) >50% of the malicious paths go through TDS. TDS Spam Exploit Server Blackhat SEO Phishing 22
23 TDS Landscape 71% TDS use Sutra TDS kit. 26% Dynamic DNS, 14% Free Domain Providers. Inbound traffic: 97% from doorway, 6% from non-doorway redirectors. Outbound traffic of Active TDS: 49% to exploit servers, 3% to scam sites. 23
24 TDS Lifetime Query Passive DNS Database from SIE Lifetime: interval of host when A record bounding to bad IP Result 65 days (exclude DDNS/ Free Domain Providers) Much longer than exploit servers, 2.5 hours[1]. [1] Manufacturing Compromise: The Emergence of Exploit-as-a-Service, Chris et. al., CCS 12 24
25 TDS Parking Even suspended TDSes monetized by attackers 20% TDS hosts parked. Continue to receive high volume of traffic after parking. 62% traffic to ad-networks. 1 10x more traffic than legitimate ones Regular parking TDS parking Traffic Per day (log scale) 25
26 Conclusion Dedicated Hosts are critical in Malicious Web Infrastructure Serve >70% malicious paths. Detect Dedicated Hosts only using Topological information. No need to know semantics of specific attacks. 7x expansion rate, <1% FPR & FDR TDS Hosts deserve in-depth study Key role in malicious Web infrastructure Long lifetime (65 days) Traffic monetized even after suspended 26
27 27
28 Validation Forefront reporting Content and URL clustering Safebrowsing reporting 28
29 Dedicated Malicious Hosts Compromised Site Phishing Site SEO Site Scam Site Social Network Link Redirector Exploit Site Link 29
30 Limits of Prior Works Code Analysis [Cova 10, Curtsinger 10] Obfuscate Code Code Execution [Provos 08, Wang 06] Detect Emulator URL Pattern [Zhang 11, John 11] Regenerate URL Pattern Redirection Chain [Li 12, Lee 12, Lu 11] Depend on Semantics of Attacks 30
deseo: Combating Search-Result Poisoning Yu USF
deseo: Combating Search-Result Poisoning Yu Jin @MSCS USF Your Google is not SAFE! SEO Poisoning - A new way to spread malware! Why choose SE? 22.4% of Google searches in the top 100 results > 50% for
More informationCloak of Visibility. -Detecting When Machines Browse A Different Web. Zhe Zhao
Cloak of Visibility -Detecting When Machines Browse A Different Web Zhe Zhao Title: Cloak of Visibility -Detecting When Machines Browse A Different Web About Author: Google Researchers Publisher: IEEE
More informationCopyright 2014 NTT corp. All Rights Reserved.
Credential Honeytoken for Tracking Web-based Attack Cycle Mitsuaki Akiyama (akiama.mitsuaki@lab.ntt.co.jp) NTT Secure Platform Laboratories / NTT-CERT Who I am Mitsuaki Akiyama Security Researcher (Ph.D)
More informationCountering Spam Using Classification Techniques. Steve Webb Data Mining Guest Lecture February 21, 2008
Countering Spam Using Classification Techniques Steve Webb webb@cc.gatech.edu Data Mining Guest Lecture February 21, 2008 Overview Introduction Countering Email Spam Problem Description Classification
More informationDetecting Spam Web Pages
Detecting Spam Web Pages Marc Najork Microsoft Research Silicon Valley About me 1989-1993: UIUC (home of NCSA Mosaic) 1993-2001: Digital Equipment/Compaq Started working on web search in 1997 Mercator
More informationSecurity 08. Black Hat Search Engine Optimisation. SIFT Pty Ltd Australia. Paul Theriault
Security 08 Black Hat Search Engine Optimisation SIFT Pty Ltd Australia Paul Theriault 1. Search Engine Optimisation 2. Blackhat techniques explained 3. Security Recommendations Search Engine Optimisation
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationCLOAK OF VISIBILITY : DETECTING WHEN MACHINES BROWSE A DIFFERENT WEB
CLOAK OF VISIBILITY : DETECTING WHEN MACHINES BROWSE A DIFFERENT WEB CIS 601: Graduate Seminar Prof. S. S. Chung Presented By:- Amol Chaudhari CSU ID 2682329 AGENDA About Introduction Contributions Background
More informationForensic Network Analysis in the Time of APTs
SharkFest 16 Forensic Network Analysis in the Time of APTs June 16th 2016 Christian Landström Senior IT Security Consultant Airbus Defence and Space CyberSecurity Topics - Overview on security infrastructure
More informationAutomating Security Response based on Internet Reputation
Add Your Logo here Do not use master Automating Security Response based on Internet Reputation IP and DNS Reputation for the IPS Platform Anthony Supinski Senior Systems Engineer www.h3cnetworks.com www.3com.com
More informationCS47300 Web Information Search and Management
CS47300 Web Information Search and Management Search Engine Optimization Prof. Chris Clifton 31 October 2018 What is Search Engine Optimization? 90% of search engine clickthroughs are on the first page
More informationISSN: (Online) Volume 2, Issue 2, February 2014 International Journal of Advance Research in Computer Science and Management Studies
ISSN: 2321-7782 (Online) Volume 2, Issue 2, February 2014 International Journal of Advance Research in Computer Science and Management Studies Research Article / Paper / Case Study Available online at:
More information[Rajebhosale*, 5(4): April, 2016] ISSN: (I2OR), Publication Impact Factor: 3.785
IJESRT INTERNATIONAL JOURNAL OF ENGINEERING SCIENCES & RESEARCH TECHNOLOGY A FILTER FOR ANALYSIS AND DETECTION OF MALICIOUS WEB PAGES Prof. SagarRajebhosale*, Mr.Abhimanyu Bhor, Ms.Tejashree Desai, Ms.
More informationStop Ransomware In Its Tracks. Chris Chaves Channel Sales Engineer
Stop Ransomware In Its Tracks Chris Chaves Channel Sales Engineer Agenda Ransomware A Brief Introduction Why Are Ransomware Attacks so Successful? How Does a Ransomware Attack Happen? How to Stop Ransomware
More informationAnalyzing Huge Data for Suspicious Traffic. Christian Landström, Airbus DS
Analyzing Huge Data for Suspicious Traffic Christian Landström, Airbus DS Topics - Overview on security infrastructure - Strategies for network defense - A look at malicious traffic incl. Demos - How Wireshark
More informationMalicious Web Page Detection Based on Anomaly Behavior
Malicious Web Page Detection Based on Anomaly Behavior Chia-Mei Chen Department of Information Management, National Sun Yat-Sen University, Taiwan 2009/7/28 1 Outline 1 Introductions 2 The Proposed Approach
More informationFighting the. Botnet Ecosystem. Renaud BIDOU. Page 1
Fighting the Botnet Ecosystem Renaud BIDOU Page 1 Bots, bots, bots Page 2 Botnet classification Internal Structure Command model Propagation mechanism 1. Monolithic Coherent, all features in one binary
More informationFinding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale
Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale Kai Chen,, Peng Wang, Yeonjoon Lee, XiaoFeng Wang, Nan Zhang, Heqing Huang, Wei Zou, Peng Liu Indiana University,
More informationThe Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering
The Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information
More informationKaspersky Security Network
The Kaspersky Security Network (KSN) is a complex distributed infrastructure dedicated to intelligently processing cybersecurity-related data streams from millions of voluntary participants around the
More informationTracking Evil with Passive DNS
Tracking Evil with Passive DNS Bojan Ždrnja, CISSP, GCIA, GCIH Bojan.Zdrnja@infigo.hr INFIGO IS http://www.infigo.hr Who am I? Senior information security consultant with INFIGO IS (Croatia) Mainly doing
More informationAuthor: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0
Author: Tonny Rabjerg Version: 20150730 Company Presentation WSF 4.0 WSF 4.0 Cybercrime is a growth industry. The returns are great, and the risks are low. We estimate that the likely annual cost to the
More informationCheck Point DDoS Protector Simple and Easy Mitigation
Check Point DDoS Protector Simple and Easy Mitigation Jani Ekman janie@checkpoint.com Sales Engineer DDoS Protector 1 (D)DoS Attacks 2 3 4 DDoS Protector Behavioral DoS Protection Summary 2 What is an
More informationChapter 2 Malicious Networks for DDoS Attacks
Chapter 2 Malicious Networks for DDoS Attacks Abstract In this chapter, we explore botnet, the engine of DDoS attacks, in cyberspace. We focus on two recent techniques that hackers are using to sustain
More informationSymantec Ransomware Protection
Symantec Ransomware Protection Protection Against Ransomware Defense in depth across all control points is required to stop ransomware @ Email Symantec Email Security.cloud, Symantec Messaging Gateway
More informationBlackHole Exploit Kit Spam Runs in 2012 Presented at Ruxcon. Jon Oliver trendmicro.com
BlackHole Exploit Kit Spam Runs in 2012 Presented at Ruxcon Jon Oliver jon_oliver @ trendmicro.com Classification 10/22/2012 Copyright 2009 Trend Micro Inc. 1 Outline The current state of Phishing Summary
More informationThreat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN)
Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN) JP Vasseur, PhD - Cisco Fellow jpv@cisco.com Maik G. Seewald, CISSP Sr. Technical Lead maseewal@cisco.com June 2016 Cyber
More information3.5 SECURITY. How can you reduce the risk of getting a virus?
3.5 SECURITY 3.5.4 MALWARE WHAT IS MALWARE? Malware, short for malicious software, is any software used to disrupt the computer s operation, gather sensitive information without your knowledge, or gain
More informationSearch Engine Optimization (SEO) & Your Online Success
Search Engine Optimization (SEO) & Your Online Success What Is SEO, Exactly? SEO stands for Search Engine Optimization. It is the process of attracting & keeping traffic from the free, organic, editorial
More informationOn the Surface. Security Datasheet. Security Datasheet
Email Security Datasheet Email Security Datasheet On the Surface No additional hardware or software required to achieve 99.9%+ spam and malware filtering effectiveness Initiate service by changing MX Record
More informationMRG Effitas Online Banking Browser Security Assessment Project Q Q1 2014
MRG Effitas Online Banking Browser Security Assessment Project Q3 2013 - Q1 2014 1 Contents Introduction... 3 The Purpose of this Report... 3 Tests Employed... 3 Security Applications Tested... 4 Methodology
More informationNo Plan Survives Contact
No Plan Survives Contact Experience with Cybercrime Measurement Chris Kanich Neha Chachra Damon McCoy Chris Grier David Wang Marti Motoyama Kirill Levchenko Stefan Savage Geoffrey M. Voelker UC San Diego
More informationClient Side Injection on Web Applications
Client Side Injection on Web Applications Author: Milad Khoshdel Blog: https://blog.regux.com Email: miladkhoshdel@gmail.com 1 P a g e Contents INTRODUCTION... 3 HTML Injection Vulnerability... 4 How to
More informationADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY
ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY OUTLINE Advanced Threat Landscape (genv) Why is endpoint protection essential? Types of attacks and how to prevent them
More informationSEO Authority Score: 40.0%
SEO Authority Score: 40.0% The authority of a Web is defined by the external factors that affect its ranking in search engines. Improving the factors that determine the authority of a domain takes time
More informationImperva Incapsula Website Security
Imperva Incapsula Website Security DA T A SH E E T Application Security from the Cloud Imperva Incapsula cloud-based website security solution features the industry s leading WAF technology, as well as
More informationDetecting Drive-by-Download Attacks based on HTTP Context-Types Ryo Kiire, Shigeki Goto Waseda University
Detecting Drive-by-Download Attacks based on HTTP Context-Types Ryo Kiire, Shigeki Goto Waseda University 1 Outline Background Related Work Purpose Method Experiment Results Conclusion & Future Work 2
More informationThe Digital Risk Dilemma
SESSION ID: STR-T07 The Digital Risk Dilemma How To Protect What You Don t Control Nick Hayes Vice President, Strategy IntSights @nickhayes10 Our attack surface keeps growing IT Our attack surface keeps
More informationSemantic Analysis of Search-Autocomplete Manipulations
Game of Missuggestions Semantic Analysis of Search-Autocomplete Manipulations Peng Wang 1, Xianghang Mi 1, Xiaojing Liao 2, XiaoFeng Wang 1, Kan Yuan 1, Feng Qian 1, Raheem Beyah 3 Indiana University Bloomington
More informationOutline. Motivation. Our System. Conclusion
Outline Motivation Our System Evaluation Conclusion 1 Botnet A botnet is a collection of bots controlled by a botmaster via a command and control (C&C) channel Centralized C&C, P2P-based C&C Botnets serve
More informationCSC 482/582: Computer Security. Cross-Site Security
Cross-Site Security 8chan xss via html 5 storage ex http://arstechnica.com/security/2015/09/serious- imgur-bug-exploited-to-execute-worm-like-attack-on- 8chan-users/ Topics 1. Same Origin Policy 2. Credential
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationDetect Cyber Threats with Securonix Proxy Traffic Analyzer
Detect Cyber Threats with Securonix Proxy Traffic Analyzer Introduction Many organizations encounter an extremely high volume of proxy data on a daily basis. The volume of proxy data can range from 100
More informationHUAWEI TECHNOLOGIES CO., LTD. Huawei FireHunter6000 series
HUAWEI TECHNOLOGIES CO., LTD. Huawei 6000 series Huawei 6000 series can detect APT (Advanced Persistent Threat) attacks, which altogether exploit multiple techniques (including zero-day vulnerabilities
More information2 ZyWALL UTM Application Note
2 Application Note Threat Management Using ZyWALL 35 UTM Forward This support note describes how an SMB can minimize the impact of Internet threats using the ZyWALL 35 UTM as an example. The following
More informationExploitable Redirects on the Web: Identification, Prevalence, and Defense
Exploitable Redirects on the Web: Identification, Prevalence, and Defense Craig A. Shue Indiana University cshue@cs.indiana.edu Andrew J. Kalafut Indiana University akalafut@cs.indiana.edu Minaxi Gupta
More informationWeb Application Firewall Subscription on Cyberoam UTM appliances
On-Appliance Reporting Web Application Firewall Subscription on Cyberoam UTM appliances Protecting Web Applications from hackers Application Visibility and Control Bandwidth Management Firewall Web Application
More informationValidation of Web Alteration Detection using Link Change State in Web Page
Web 182-8585 1 5-1 m-shouta@uec.ac.jp,zetaka@computer.org Web Web URL Web Alexa Top 100 Web Validation of Web Alteration Detection using Link Change State in Web Page Shouta Mochizuki Tetsuji Takada The
More informationReduce Your Network's Attack Surface
WHITE PAPER Reduce Your Network's Attack Surface Ixia's ThreatARMOR Frees Up Security Resources and Personnel The Threat Landscape When you re dealing with network security, one of the primary measurements
More informationSo Many Ways to Slap a YoHo: Hacking Facebook & YoVille
Tom Stracener Strace, Contract Engineer MITRE EvilAdamSmith, Sr. Security Consultant Sean Barnum, Cybersecurity Principal MITRE So Many Ways to Slap a YoHo: Hacking Facebook & YoVille Misclaneous Disclaimers
More informationTechnical Brief: Domain Risk Score Proactively uncover threats using DNS and data science
Technical Brief: Domain Risk Score Proactively uncover threats using DNS and data science 310 Million + Current Domain Names 11 Billion+ Historical Domain Profiles 5 Million+ New Domain Profiles Daily
More informationTumbling Down the Rabbit Hole:
Tumbling Down the Rabbit Hole: Exploring the Idiosyncrasies of Botmaster Systems in a Multi-Tier Botnet Infrastructure Chris Nunnery Greg Sinclair Brent ByungHoon Kang [ University of North Carolina at
More informationWhite Paper. New Gateway Anti-Malware Technology Sets the Bar for Web Threat Protection
White Paper New Gateway Anti-Malware Technology Sets the Bar for Web Threat Protection The latest version of the flagship McAfee Gateway Anti-Malware technology adapts to new threats and plans for future
More informationBasics of SEO Published on: 20 September 2017
Published on: 20 September 2017 DISCLAIMER The data in the tutorials is supposed to be one for reference. We have made sure that maximum errors have been rectified. Inspite of that, we (ECTI and the authors)
More informationAutomated Context and Incident Response
Technical Brief Automated Context and Incident Response www.proofpoint.com Incident response requires situational awareness of the target, his or her environment, and the attacker. However, security alerts
More informationMining Web Data. Lijun Zhang
Mining Web Data Lijun Zhang zlj@nju.edu.cn http://cs.nju.edu.cn/zlj Outline Introduction Web Crawling and Resource Discovery Search Engine Indexing and Query Processing Ranking Algorithms Recommender Systems
More informationein wichtiger Baustein im Security Ökosystem Dr. Christian Gayda (T-SEC) und Ingo Kruckewitt (Symantec)
Next Gen Endpoint Protection ein wichtiger Baustein im Security Ökosystem Dr. Christian Gayda (T-SEC) und Ingo Kruckewitt (Symantec) What is Next Gen Endpoint Protection? 2 DT Next Gen Endpoint Protection
More informationDetecting Malicious Web Links and Identifying Their Attack Types
Detecting Malicious Web Links and Identifying Their Attack Types Anti-Spam Team Cellopoint July 3, 2013 Introduction References A great effort has been directed towards detection of malicious URLs Blacklisting
More informationWEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang
WEB SECURITY WORKSHOP TEXSAW 2014 Presented by Solomon Boyd and Jiayang Wang Introduction and Background Targets Web Applications Web Pages Databases Goals Steal data Gain access to system Bypass authentication
More informationHow Breaches Really Happen
How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability
More informationHPE Security ArcSight Reputation Security Monitor Plus (RepSM Plus)
HPE Security ArcSight Reputation Plus (RepSM Plus) Software Version: 1.6 RepSM Plus Solution Guide February 6, 2017 Legal Notices Warranty The only warranties for Hewlett Packard Enterprise products and
More informationI G H T T H E A G A I N S T S P A M. ww w.atmail.com. Copyright 2015 atmail pty ltd. All rights reserved. 1
T H E F I G H T A G A I N S T S P A M ww w.atmail.com Copyright 2015 atmail pty ltd. All rights reserved. 1 EXECUTIVE SUMMARY IMPLEMENTATION OF OPENSOURCE ANTI-SPAM ENGINES IMPLEMENTATION OF OPENSOURCE
More informationEXPLOIT KITS. Tech Talk - Fall Josh Stroschein - Dakota State University
EXPLOIT KITS Tech Talk - Fall 2016 Josh Stroschein - Dakota State University Delivery Methods Spam/Spear-phishing Delivery Methods Spam/Spear-phishing Office Documents Generally refer to MS office suite
More informationCIS 4360 Secure Computer Systems XSS
CIS 4360 Secure Computer Systems XSS Professor Qiang Zeng Spring 2017 Some slides are adapted from the web pages by Kallin and Valbuena Previous Class Two important criteria to evaluate an Intrusion Detection
More informationDetecting Abuse in TLDs
Detecting Abuse in TLDs A NameSentry TM presentation by Greg Aaron and Michael Young ICANN Toronto: 15 October 2012 2012 Illumintel Inc. All rights reserved. 1 Defining Abuse Every service provider has
More informationERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016
Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds
More informationPROTECTING YOUR BUSINESS ASSETS
PROTECTING YOUR BUSINESS ASSETS How to Spot Danger Before Your Computer Gets Infected, Your Site Hosts Malware, and Your Credit Card Number Gets Stolen A MyNAMS Presentation by Regina Smola @2012 Regina
More informationCisco s Appliance-based Content Security: IronPort and Web Security
Cisco s Appliance-based Content Security: IronPort E-mail and Web Security Hrvoje Dogan Consulting Systems Engineer, Security, Emerging Markets East 2010 Cisco and/or its affiliates. All rights reserved.
More informationINF3700 Informasjonsteknologi og samfunn. Application Security. Audun Jøsang University of Oslo Spring 2015
INF3700 Informasjonsteknologi og samfunn Application Security Audun Jøsang University of Oslo Spring 2015 Outline Application Security Malicious Software Attacks on applications 2 Malicious Software 3
More informationADVANCED ENDPOINT PROTECTION TEST REPORT
ADVANCED ENDPOINT PROTECTION TEST REPORT SentinelOne Endpoint Protection Platform v1.8.3#31 FEBRUARY 14, 2017 Authors Thomas Skybakmoen, Morgan Dhanraj Overview NSS Labs performed an independent test of
More informationProtection FAQs
Email Protection FAQs Table of Contents Email Protection FAQs... 3 General Information... 3 Which University email domains are configured to use Email Protection for Anti-Spam?... 3 What if I am still
More informationSecurity Trend of New Computing Era
Security Trend of New Computing Era Presented by Roland Cheung HKCERT Agenda Security Threat Overview Introduction of Botnet Impact of Botnet Fight Back Botnet Security Protection Scheme Security Threat
More informationIs Browsing Safe? Web Browser Security. Subverting the Browser. Browser Security Model. XSS / Script Injection. 1. XSS / Script Injection
Is Browsing Safe? Web Browser Security Charlie Reis Guest Lecture - CSE 490K - 5/24/2007 Send Spam Search Results Change Address? Install Malware Web Mail Movie Rentals 2 Browser Security Model Pages are
More informationEnterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE
Enterprise Overview Benefits and features of s Enterprise plan 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com This paper summarizes the benefits and features of s Enterprise plan. State of
More informationHeat-seeking Honeypots: Design and Experience
Heat-seeking Honeypots: Design and Experience John P. John University of Washington jjohn@cs.washington.edu Fang Yu MSR Silicon Valley fangyu@microsoft.com Yinglian Xie MSR Silicon Valley yxie@microsoft.com
More informationEmerging Threat Intelligence using IDS/IPS. Chris Arman Kiloyan
Emerging Threat Intelligence using IDS/IPS Chris Arman Kiloyan Who Am I? Chris AUA Graduate (CS) Thesis : Cyber Deception Automation and Threat Intelligence Evaluation Using IDS Integration with Next-Gen
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationFIREWALL BEST PRACTICES TO BLOCK
Brought to you by Enterprie Control Systems FIREWALL BEST PRACTICES TO BLOCK Recent ransomware attacks like Wanna and Petya have spread largely unchecked through corporate networks in recent months, extorting
More informationNorse IPViking Technical Overview
Norse IPViking Technical Overview WHITE PAPER Table of Contents Introduction Gathering Dark Intelligence Global Coverage and Sample Rate Strategically Located High Performance Infrastructure Big Data and
More informationNeighborWatcher: A Content-Agnostic Comment Spam Inference System
NeighborWatcher: A Content-Agnostic Comment Spam Inference System Jialong Zhang and Guofei Gu Secure Communication and Computer Systems Lab Department of Computer Science & Engineering Texas A&M University
More informationPHISHING Takedown Process
PHISHING Takedown Process CONGRATULATIONS, you just won a trip to the Bahamas! Update your password now! Please confirm your account information. You have a tax refund waiting for you. These are the common
More informationReview of Wordpresskingdom.com
Review of Wordpresskingdom.com Generated on 208-2-6 Introduction This report provides a review of the key factors that influence the SEO and usability of your website. The homepage rank is a grade on a
More informationSecurity analytics: From data to action Visual and analytical approaches to detecting modern adversaries
Security analytics: From data to action Visual and analytical approaches to detecting modern adversaries Chris Calvert, CISSP, CISM Director of Solutions Innovation Copyright 2013 Hewlett-Packard Development
More informationSecurity Analysis of Top Visited Arabic Web Sites
Security Analysis of Top Visited Arabic Web Sites Abdulrahman Alarifi, Mansour Alsaleh Computer Research Institute, King Abdulaziz City for and Technology, Riyadh, KSA {aarifi, maalsaleh}@kacst.edu.sa
More informationThe evolution of malevolence
Detection of spam hosts and spam bots using network traffic modeling Anestis Karasaridis Willa K. Ehrlich, Danielle Liu, David Hoeflin 4/27/2010. All rights reserved. AT&T and the AT&T logo are trademarks
More informationWar Stories from the Cloud: Rise of the Machines. Matt Mosher Director Security Sales Strategy
War Stories from the Cloud: Rise of the Machines Matt Mosher Director Security Sales Strategy The Akamai Intelligent Platform The Platform 175,000+ Servers 2,300+ Locations 750+ Cities 92 Countries 1,227+
More informationBOTNET-GENERATED SPAM
BOTNET-GENERATED SPAM By Areej Al-Bataineh University of Texas at San Antonio MIT Spam Conference 2009 www.securitycartoon.com 3/27/2009 Areej Al-Bataineh - Botnet-generated Spam 2 1 Botnets: A Global
More informationInternet Security Threat Report Volume XIII. Patrick Martin Senior Product Manager Symantec Security Response October, 2008
Internet Security Threat Report Volume XIII Patrick Martin Senior Product Manager Symantec Security Response October, 2008 Agenda 1 ISTR XIII Important Facts 2 ISTR XIII Key Messages 3 ISTR XIII Key Facts
More informationHELP ME NETWORK VISIBILITY AND AI; YOU RE OUR ONLY HOPE
SESSION ID: SPO3-T10 HELP ME NETWORK VISIBILITY AND AI; YOU RE OUR ONLY HOPE Chris Morales Head of Security Analytics Vectra Networks Steve McGregory Sr. Director, Threat Intelligence Research Center Ixia,
More informationOutline What is a search engine?
Search Engine Outline What is a search engine? To find your website through search engine? What is the importance of search engines? What are the advantages of search engines? About Search Engine famous
More informationPhishing Activity Trends Report August, 2006
Phishing Activity Trends Report, 26 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial account
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationWEB SECURITY: XSS & CSRF
WEB SECURITY: XSS & CSRF CMSC 414 FEB 22 2018 Cross-Site Request Forgery (CSRF) URLs with side-effects http://bank.com/transfer.cgi?amt=9999&to=attacker GET requests should have no side-effects, but often
More informationCheck Point DDoS Protector Introduction
Check Point DDoS Protector Introduction Petr Kadrmas SE Eastern Europe pkadrmas@checkpoint.com Agenda 1 (D)DoS Trends 2 3 4 DDoS Protector Overview Protections in Details Summary 2 (D)DoS Attack Methods
More informationAdvanced Threat Hunting:
Advanced Threat Hunting: Identify and Track Adversaries Infiltrating Your Organization In Partnership with: Presented by: Randeep Gill Tony Shadrake Enterprise Security Engineer, Europe Regional Director,
More informationControl for CloudFlare - Installation and Preparations
Control for CloudFlare - Installation and Preparations Installation Backup your web directory and Magento 2 store database; Download Control for CloudFlare installation package; Copy files to /app/firebear/cloudflare/
More informationINCIDENT HANDLING & RESPONSE PROFESSIONAL VERSION 1
INCIDENT HANDLING & RESPONSE PROFESSIONAL VERSION 1 The most practical and comprehensive training course on incident handling & response elearnsecurity has been chosen by students in over 140 countries
More informationDNS Security. Ch 1: The Importance of DNS Security. Updated
DNS Security Ch 1: The Importance of DNS Security Updated 8-21-17 DNS is Essential Without DNS, no one can use domain names like ccsf.edu Almost every Internet communication begins with a DNS resolution
More informationDon't Trust The Locals: Exploiting Persistent Client-Side Cross-Site Scripting in the Wild
Don't Trust The Locals: Exploiting Persistent Client-Side Cross-Site Scripting in the Wild Marius Steffens German OWASP Day 2018 joint work with Christian Rossow, Martin Johns and Ben Stock Dimensions
More information