On the Robustness of Random Walk Algorithms for the Detection of Unstructured P2P Botnets
|
|
- Madeleine Lamb
- 5 years ago
- Views:
Transcription
1 On the Robustness of Random Walk Algorithms for the Detection of Unstructured P2P Botnets Dominik Muhs 1 1 Stefen Haas 2 Technische Universität Dresden Dresden, Germany firstllast@tuddresdenlde Thorsten Strufe 1 Mathias Fischer 2 Universität Hamburg Hamburg, Germany firstllast@informatislunidhamburglde 2
2 Outline [7] 2
3 Outline Il Motivation [7] 3
4 Outline Il Motivation IIl Botnets 1l Definition 2l Graph Model [7] 4
5 Outline Il Motivation IIl Botnets 1l Definition 2l Graph Model IIIl Random Walss [7] 5
6 Outline Il Motivation IIl Botnets 1l Definition 2l Graph Model IIIl Random Walss IVlAnalysis and Detection [7] 6
7 Outline Il Motivation IIl Botnets 1l Definition 2l Graph Model IIIl Random Walss IVlAnalysis and Detection Vl Limiting Knowledge [7] 7
8 Outline Il Motivation IIl Botnets 1l Definition 2l Graph Model IIIl Random Walss IVlAnalysis and Detection Vl Limiting Knowledge VIlResults [7] 8
9 Outline Il Motivation IIl Botnets 1l Definition 2l Graph Model IIIl Random Walss IVlAnalysis and Detection Vl Limiting Knowledge VIlResults [7] VIIlConclusion 9
10 [1] 10
11 [2] 11
12 [3] 12
13 [4] 13
14 [5] 14
15 [6] 15
16 What are Botnets? [9] 16
17 What are Botnets? Device collection [9] 17
18 What are Botnets? Device collection Internetdconnected [9] 18
19 What are Botnets? Device collection Internetdconnected Malwaredinfected [9] 19
20 What are Botnets? Device collection Internetdconnected Malwaredinfected Remotely controlled (usually centralized) [9] 20
21 Why are Botnets bad? [9] 21
22 Why are Botnets bad? Clicsfraud [9] 22
23 Why are Botnets bad? Clicsfraud Spam [9] 23
24 Why are Botnets bad? Clicsfraud Spam DDoS attacss [9] 24
25 Why are Botnets bad? Clicsfraud Spam DDoS attacss Cryptocurrency mining [9] 25
26 Why are Botnets bad? Clicsfraud Spam DDoS attacss Cryptocurrency mining Intellectual property theft [9] 26
27 Topological Categories Centralized [8] 27
28 Topological Categories Centralized Decentralized [8] 28
29 Topological Categories Centralized Decentralized Structured Unstructured [8] 29
30 Centralized Botnets 30
31 Centralized Botnets Central C2 server 31
32 Centralized Botnets Central C2 server Star topology 32
33 Centralized Botnets Central C2 server Star topology IRC/HTTP/ 33
34 Centralized Botnets Central C2 server Star topology IRC/HTTP/ Single point of failure 34
35 Structured P2P Botnets 35
36 Structured P2P Botnets No C2 server 36
37 Structured P2P Botnets No C2 server Hard to tase down 37
38 Structured P2P Botnets No C2 server Hard to tase down Specific rule set 38
39 Structured P2P Botnets No C2 server Hard to tase down Specific rule set Kademlia, Chord 39
40 Unstructured P2P Botnets 40
41 Unstructured P2P Botnets Randomized 41
42 Unstructured P2P Botnets Randomized Evade topological matching 42
43 Unstructured P2P Botnets Randomized Evade topological matching Statistical methods necessary 43
44 Existing Approaches [7] 44
45 Existing Approaches Leverage graph models [7] 45
46 Existing Approaches Leverage graph models and random walss [7] 46
47 Existing Approaches Leverage graph models and random walss [7] 47
48 Existing Approaches Leverage graph models and random walss Focus on structured botnets [10, 11, 12] [7] 48
49 Existing Approaches Leverage graph models and random walss Focus on structured botnets [10, 11, 12] Do not use open technologies [7] 49
50 Existing Approaches Leverage graph models and random walss Focus on structured botnets [10, 11, 12] Do not use open technologies Often assume complete snowledge on botnet communication [7] 50
51 Our Approach 51
52 Our Approach Leverages random walss 52
53 Our Approach Leverages random walss Uses opendsource technologies 53
54 Our Approach Leverages random walss Uses opendsource technologies Tested on unstructured botnets 54
55 Our Approach Leverages random walss Uses opendsource technologies Tested on unstructured botnets Precise when information is limited 55
56 Our Approach Leverages random walss Uses opendsource technologies Tested on unstructured botnets Precise when information is limited Can be combined with other approaches 56
57 Communication Graph 57
58 Communication Graph No payload data needed 58
59 Communication Graph No payload data needed Networs operator s view 59
60 Communication Graph No payload data needed Networs operator s view Aggregated NetFlow data 60
61 Communication Graph No payload data needed Networs operator s view Aggregated NetFlow data Idea: extract welld connected subgraph 61
62 Communication Graph No payload data needed Networs operator s view Aggregated NetFlow data Idea: extract welld connected subgraph Approach: Random Walss 62
63 G L =(V L, E L ) 63
64 k=0 64
65 k=1 65
66 k=2 66
67 k=3 67
68 k=4 68
69 Probability Distribution 69
70 Probability Distribution n=10,000 walss 70
71 Probability Distribution n=10,000 walss Of length k=3 71
72 Probability Distribution n=10,000 walss Of length k=3 With loss l=0.5 72
73 Probability Distribution n=10,000 walss Of length k=3 With loss l=0.5 Fastdmixing artifact 73
74 The Analysis Pipeline 74
75 The Analysis Pipeline Aggregate NetFlow data (Python 3l6, networkx) 75
76 The Analysis Pipeline Aggregate NetFlow data (Python 3l6, networkx) Evaluation steps: Botnet node mapping 76
77 The Analysis Pipeline Aggregate NetFlow data (Python 3l6, networkx) Evaluation steps: Botnet node mapping Apply loss functions 77
78 The Analysis Pipeline Aggregate NetFlow data (Python 3l6, networkx) Evaluation steps: Botnet node mapping Apply loss functions Execute random walss (numpy) 78
79 The Analysis Pipeline Aggregate NetFlow data (Python 3l6, networkx) Evaluation steps: Botnet node mapping Apply loss functions Execute random walss (numpy) Normalize resulting probability distribution 79
80 The Analysis Pipeline Aggregate NetFlow data (Python 3l6, networkx) Evaluation steps: Botnet node mapping Apply loss functions Execute random walss (numpy) Normalize resulting probability distribution Cluster wals destinations (DBSCAN) 80
81 The Test Dataset 81
82 The Test Dataset CTU11 from Czech Technical University 82
83 The Test Dataset CTU11 from Czech Technical University ZA24 ZeroAccess communication graph 83
84 Loss Strategies
85 Loss Strategies Other approaches do not evaluate limited networs view
86 Loss Strategies Other approaches do not evaluate limited networs view Unrealistic assumptions: All communication relationships captured
87 Loss Strategies Other approaches do not evaluate limited networs view All communication relationships captured Complete botnet in snown networs 0 4 Unrealistic assumptions:
88 Loss Strategies Other approaches do not evaluate limited networs view 15 All communication relationships captured Complete botnet in snown networs Solution: Simulate loss on communication graph Unrealistic assumptions:
89 Random Botnet Edge Deletion
90 Random Botnet Edge Deletion Random subset of botnet edges
91 Random Botnet Edge Deletion Random subset of botnet edges
92 Random Botnet Edge Deletion Random subset of botnet edges 16 Outdofdview connections
93 Random Botnet Edge Deletion Random subset of botnet edges Outdofdview connections ISPdrelated loss (elgl 1:256 sampling)
94 RBED Robustness 94
95 RBED Robustness Random Botnet Edge Deletion 95
96 RBED Robustness Random Botnet Edge Deletion 96
97 RBED Robustness Random Botnet Edge Deletion 97
98 RBED Robustness Random Botnet Edge Deletion 90% loss 83% precision 98
99 Host-based Visibility
100 Host-based Visibility Sensor deployment
101 Host-based Visibility Sensor deployment 16 Randomly chosen
102 Host-based Visibility Sensor deployment 16 Randomly chosen
103 Host-based Visibility Sensor deployment 16 Randomly chosen 0 4 No communication between unmonitored hosts
104 Host-based Visibility Sensor deployment 16 Randomly chosen 0 4 No communication between unmonitored hosts Honeypot scenario
105 Sensor-Network Robustness Sensor deployment 105
106 Sensor-Network Robustness Sensor deployment 106
107 Sensor-Network Robustness Sensor deployment 107
108 Sensor-Network Robustness Sensor deployment 25 sensors 90% precision 108
109 Conclusion [7] 109
110 Conclusion Structured and unstructured botnets: fastdmixing [7] 110
111 Conclusion Structured and unstructured botnets: fastdmixing Highdprecision detection 83% precision [7] 111
112 Conclusion Structured and unstructured botnets: fastdmixing Highdprecision detection 83% precision With 90% missing edges [7] 112
113 Conclusion Structured and unstructured botnets: fastdmixing Highdprecision detection 83% precision With 90% missing edges Simple architecture [7] 113
114 Conclusion Structured and unstructured botnets: fastdmixing Highdprecision detection 83% precision With 90% missing edges Simple architecture Only opendsource algorithms [7] 114
115 [7] Thanss! Questions? 115
116 References [1] [2] [3] [4] [5] [6] [7] Icon made by Freepik from [8] Icon made by ddara from [9] Icon made by Kiranshastry from [10] Shishir Nagaraja et al. BotGrep: fnding P2P bots with structured graph analysis. In: USENIX Security Symposium. 2010, p. 7. [11] Pratik Narang et al. PeerShark: Detecting peer-to-peer botnets by tracking conversations. In: Proceedings IEEE Symposium on Security and Privacy. Vol. January , pp [12] Guofei Gu, Junjie Zhang, and Wenke Lee. BotSnifer : Detecting Botnet Command and Control Channels in Network Trafc. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (2008), pp
A Taxonomy of Botnet Structures
A Taxonomy of Botnet Structures Martin Lyckander martily 08/04/2016 About the paper David Dagon, Guofei Gu, Christopher P. Lee, Wenke Lee Georgia Institute of Technology Published in 2007 What is a botnet?
More informationBotnets: A Survey. Rangadurai Karthick R [CS10S009] Guide: Dr. B Ravindran
08-08-2011 Guide: Dr. B Ravindran Outline 1 Introduction 2 3 4 5 6 2 Big Picture Recent Incidents Reasons for Study Internet Scenario Major Threats Flooding attacks Spamming Phishing Identity theft, etc.
More informationREPORT DOCUMENTATION PAGE
REPORT DOCUMENTATION PAGE Form Approved OMB NO. 0704-0188 The public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions,
More informationState of the art and challenges
Advanced Monitoring in P2P Botnets State of the art and challenges Kami Memimpin We Lead Kami Memimpin We Lead About Me Dr. Shankar Karuppayah Senior Lecturer (NAv6) Universiti Sains Malaysia (USM) Research
More informationDetecting Botnets Using Cisco NetFlow Protocol
Detecting Botnets Using Cisco NetFlow Protocol Royce Clarenz C. Ocampo 1, *, and Gregory G. Cu 2 1 Computer Technology Department, College of Computer Studies, De La Salle University, Manila 2 Software
More informationAttack Patterns Recognition Framework
Attack Patterns Recognition Framework Noor-ul-hassan Shirazi, Alberto Schaeffer-Filho and David Hutchison Lancaster University MSN2012:The Multi Service Networks Workshop Cosener s House, Abingdon, Oxfordshire,
More informationAssessment of Security Threats via Network Topology Analysis: An Initial Investigation
Assessment of Security Threats via Network Topology Analysis: An Initial Investigation Marcello Trovati 1, Win Thomas 2, Quanbin Sun 1, and Georgios Kontonatsios 1 1 Department of Computer Science Edge
More informationMeasuring the Effectiveness of Infrastructure-Level Detection of Large-Scale Botnets
Measuring the Effectiveness of Infrastructure-Level Detection of Large-Scale Botnets Yuanyuan Zeng Guanhua Yan Stephan Eidenbenz Kang G. Shin University of Michigan Los Alamos National Laboratory {gracez,
More informationOutline. Motivation. Our System. Conclusion
Outline Motivation Our System Evaluation Conclusion 1 Botnet A botnet is a collection of bots controlled by a botmaster via a command and control (C&C) channel Centralized C&C, P2P-based C&C Botnets serve
More informationDetecting Spam Zombies By Monitoring Outgoing Messages
International Refereed Journal of Engineering and Science (IRJES) ISSN (Online) 2319-183X, (Print) 2319-1821 Volume 5, Issue 5 (May 2016), PP.71-75 Detecting Spam Zombies By Monitoring Outgoing Messages
More informationPeer to Peer Networks
Sungkyunkwan University Peer to Peer Networks Prepared by T. Le-Duc and H. Choo Copyright 2000-2018 Networking Laboratory P2P Applications Traditional P2P applications: for file sharing BitTorrent, Emule
More informationMapping Internet Sensors with Probe Response Attacks
Mapping Internet Sensors with Probe Response Attacks John Bethencourt, Jason Franklin, and Mary Vernon {bethenco, jfrankli, vernon}@cs.wisc.edu Computer Sciences Department University of Wisconsin, Madison
More informationWorm Detection, Early Warning and Response Based on Local Victim Information
Worm Detection, Early Warning and Response Based on Local Victim Information Guofei Gu, Monirul Sharif, Xinzhou Qin, David Dagon, Wenke Lee, and George Riley Georgia Institute of Technology ACSAC'04 1
More informationBotDigger: A Fuzzy Inference System for Botnet Detection
The Fifth International Conference on Internet Monitoring and Protection BotDigger: A Fuzzy Inference System for Botnet Detection Basheer Al-Duwairi Network Engineering and Security Department Jordan University
More informationUnsupervised Clustering of Web Sessions to Detect Malicious and Non-malicious Website Users
Unsupervised Clustering of Web Sessions to Detect Malicious and Non-malicious Website Users ANT 2011 Dusan Stevanovic York University, Toronto, Canada September 19 th, 2011 Outline Denial-of-Service and
More informationScalable overlay Networks
overlay Networks Dr. Samu Varjonen 1 Contents Course overview Lectures Assignments/Exercises 2 Course Overview Overlay networks and peer-to-peer technologies have become key components for building large
More informationMapping Internet Sensors with Probe Response Attacks
Mapping Internet Sensors with Probe Response Attacks Computer Sciences Department University of Wisconsin, Madison Introduction Outline Background Example Attack Introduction to the Attack Basic Probe
More informationPeerfactSim.KOM: A Simulation Framework for Peer-to-Peer Systems
PeerfactSim.KOM: A Simulation Framework for Peer-to-Peer Systems The 2011 International Conference on High Performance Computing & Simulation July 4 8, 2011, Istanbul, Turkey Dominik Stingl Christian Gross
More informationABotnet is a set of compromised machines controlled
Enhanced PeerHunter: Detecting Peer-to-peer Botnets through Network-Flow Level Community Behavior Analysis Di Zhuang, Student Member, IEEE, and J. Morris Chang, Senior Member, IEEE arxiv:82.8386v2 [cs.cr]
More informationLecture 6: Overlay Networks. CS 598: Advanced Internetworking Matthew Caesar February 15, 2011
Lecture 6: Overlay Networks CS 598: Advanced Internetworking Matthew Caesar February 15, 2011 1 Overlay networks: Motivations Protocol changes in the network happen very slowly Why? Internet is shared
More informationProblems in Reputation based Methods in P2P Networks
WDS'08 Proceedings of Contributed Papers, Part I, 235 239, 2008. ISBN 978-80-7378-065-4 MATFYZPRESS Problems in Reputation based Methods in P2P Networks M. Novotný Charles University, Faculty of Mathematics
More informationCharacterizing Dark DNS Behavior
Characterizing Dark DNS Behavior Jon Oberheide*, Manish Karir, Z. Morley Mao*, Farnam Jahanian* *University of Michigan Merit Network, Inc. DIMVA 2007 July 12, 2007 Presentation Summary Sell/short/don't
More informationUSING DEVICE LIFECYCLE MANAGEMENT TO FUTURE PROOF YOUR IOT DEPLOYMENT
USING DEVICE LIFECYCLE MANAGEMENT TO FUTURE PROOF YOUR IOT DEPLOYMENT Tom Gibbings Market Development Manager 2017 WIND RIVER. ALL RIGHTS RESERVED. IOT IS CHANGING HOW WE LIVE AND WORK 2 2017 WIND RIVER.
More informationAnalyzing Flow-based Anomaly Intrusion Detection using Replicator Neural Networks. Carlos García Cordero Sascha Hauke Max Mühlhäuser Mathias Fischer
Analyzing Flow-based Anomaly Intrusion Detection using Replicator Neural Networks Carlos García Cordero Sascha Hauke Max Mühlhäuser Mathias Fischer The Beautiful World of IoT 06.03.2018 garcia@tk.tu-darmstadt.de
More informationDDOS - Fighting Fire with Fire Michael Walfish, Hari Balakrishnan, David Karger, and Scott Shenker.
DDOS - Fighting Fire with Fire Michael Walfish, Hari Balakrishnan, David Karger, and Scott Shenker. 12.02.2007 2005-12-31 Richard Your Socher Name www.socher.org Your Title Seminar: Security and Privacy
More informationarxiv: v1 [cs.cr] 20 Dec 2015
Botnets Drilling Away Privacy Infrastructure arxiv:1512.06447v1 [cs.cr] 20 Dec 2015 1 Abstract Yang Yang kyang@ccs.neu.edu December 2015 Christophe Leung tophe@ccs.neu.edu In this paper, we explore various
More informationLocal & National Government
Use Cases Local & National Government Enterprise INTRODUCTION This document provides a selection of customer use cases applicable for the governmental sector. Each use case describes an individual challenge
More informationDetecting Malicious Hosts Using Traffic Flows
Detecting Malicious Hosts Using Traffic Flows Miguel Pupo Correia joint work with Luís Sacramento NavTalks, Lisboa, June 2017 Motivation Approach Evaluation Conclusion Outline 2 1 Outline Motivation Approach
More informationThreat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN)
Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN) JP Vasseur, PhD - Cisco Fellow jpv@cisco.com Maik G. Seewald, CISSP Sr. Technical Lead maseewal@cisco.com June 2016 Cyber
More informationNetwork Economics and Security Engineering
(joint with Ross Anderson and Shishir Nagaraja) Computer Laboratory University of Cambridge DIMACS January 18, 2007 Outline Relevant network properties 1 Relevant network properties 2 3 Motivation Relevant
More informationUse Cases. Energy & Utilities. Enterprise
Use Cases Energy & Utilities Enterprise INTRODUCTION This document provides a selection of customer use cases applicable for the energy sector. Each use case describes an individual challenge faced by
More informationGNUnet Distributed Data Storage
GNUnet Distributed Data Storage DHT and Distance Vector Transport Nathan S. Evans 1 1 Technische Universität München Department of Computer Science Network Architectures and Services July, 24 2010 Overview
More informationDistributed Control over Wireless Networks
Technical Information Systems Seminar Technische Universität Dresden June 19, 2008 Outline 1 Introduction and Motivation The Problem Wireless Sensor and Actuator Networks Control Performance 2 Delay and
More informationUse Cases. Healthcare. Enterprise
Use Cases Healthcare Enterprise INTRODUCTION This document provides a selection of customer use cases applicable for the healthcare sector. Each use case describes an individual challenge faced by healthcare
More informationBotCatch: Botnet Detection Based on Coordinated Group Activities of Compromised Hosts
2014 7th International Symposium on Telecommunications (IST'2014) BotCatch: Botnet Based on Coordinated Group Activities of Compromised Hosts Mosa Yahyazadeh and Mahdi Abadi Faculty of Electrical and Computer
More informationTowards a Theoretical Framework for Trustworthy Cyber Sensing
Towards a Theoretical Framework for Trustworthy Cyber Sensing Shouhuai Xu Department of Computer Science University of Texas at San Antonio shxu@cs.utsa.edu ABSTRACT Cyberspace is an indispensable part
More informationDS-Means: Distributed Data Stream Clustering
DS-Means: Distributed Data Stream Clustering Alessio Guerrieri and Alberto Montresor University of Trento, Italy Abstract. This paper proposes DS-means, a novel algorithm for clustering distributed data
More informationPeer-to-Peer Systems and Security
Peer-to-Peer Systems and Security Attacks! Christian Grothoff Technische Universität München April 13, 2013 Salsa & AP3 Goal: eliminate trusted blender server Idea: Use DHT (AP3: Pastry, Salsa: custom
More informationDetect & Respond to IoT Botnets AS AN ISP. Christoph Giese Telekom Security; Cyber DefenSe Center
Detect & Respond to IoT Botnets AS AN ISP Christoph Giese Telekom Security; Cyber DefenSe Center Management Summary Mirai hit us hard; IoT Botnets are on the rise and rapidly evolving We developed a three-stage
More informationWar Stories from the Cloud: Rise of the Machines. Matt Mosher Director Security Sales Strategy
War Stories from the Cloud: Rise of the Machines Matt Mosher Director Security Sales Strategy The Akamai Intelligent Platform The Platform 175,000+ Servers 2,300+ Locations 750+ Cities 92 Countries 1,227+
More informationFloCon Netflow Collection and Analysis at a Tier 1 Internet Peering Point. San Diego, CA. Fred Stringer
10 January 2017 FloCon 2017 San Diego, CA Netflow Collection and Analysis at a Tier 1 Internet Peering Point Fred Stringer AT&T Chief Security Organization Systems Engineer/Network Architect AT&T Intellectual
More informationAnalysis the P2P botnet detection methods
Analysis the P2P botnet detection methods Atef Ahmed Obeidat 1 1 Al-Huson University College, Al-Balqa Applied University, Al-Huson, Jordan ABSTRACT Botnets are one of the most important Internet security
More informationPeer to Peer Networks
Sungkyunkwan University Peer to Peer Networks Prepared by T. Le-Duc and H. Choo Copyright 2000-2017 Networking Laboratory Presentation Outline 2.1 Introduction 2.2 Client-Server Paradigm 2.3 Peer-To-Peer
More informationGlobal DDoS Measurements. Jose Nazario, Ph.D. NSF CyberTrust Workshop
Global DDoS Measurements Jose Nazario, Ph.D. jose@arbor.net NSF CyberTrust Workshop Quick Outline, Conclusions o Measurements - We re screwed o Observations - We know who o The wrong approach: point solutions
More informationInternational Journal of Computer Trends and Technology (IJCTT) Volume54 Issue 1- December 2017
A Reliable & Scalable Frame Work for HTTP BotNet Detection Dr.R.Kannan, Associate Professor, Department of Computerscience,Sri Ramakrishna Mission Vidyalaya College of arts and science Mrs.Poongodi Department
More informationAutomating Security Response based on Internet Reputation
Add Your Logo here Do not use master Automating Security Response based on Internet Reputation IP and DNS Reputation for the IPS Platform Anthony Supinski Senior Systems Engineer www.h3cnetworks.com www.3com.com
More informationA Look at Intel s Dataplane Development Kit
A Look at Intel s Dataplane Development Kit Dominik Scholz Chair for Network Architectures and Services Department for Computer Science Technische Universität München June 13, 2014 Dominik Scholz: A Look
More informationState of the Internet Security Q Mihnea-Costin Grigore Security Technical Project Manager
State of the Internet Security Q2 2017 Mihnea-Costin Grigore Security Technical Project Manager Topics 1. Introduction 2. DDoS Attack Trends 3. Web Application Attack Trends 4. Spotlights 5. Resources
More informationSENSS Against Volumetric DDoS Attacks
SENSS Against Volumetric DDoS Attacks Sivaram Ramanathan 1, Jelena Mirkovic 1, Minlan Yu 2 and Ying Zhang 3 1 University of Southern California/Information Sciences Institute 2 Harvard University 3 Facebook
More informationLecture 2: January 24
CMPSCI 677 Operating Systems Spring 2017 Lecture 2: January 24 Lecturer: Prashant Shenoy Scribe: Phuthipong Bovornkeeratiroj 2.1 Lecture 2 Distributed systems fall into one of the architectures teaching
More informationBotTrack: Tracking Botnets Using NetFlow and PageRank
BotTrack: Tracking Botnets Using NetFlow and PageRank Jérôme François, Shaonan Wang, Radu State, and Thomas Engel Interdisciplinary Centre for Security, Reliability and Trust (SnT) University of Luxembourg
More informationUnderstanding the Evolving Internet
Understanding the Evolving Internet Ram Durairajan Assistant Professor, Computer and Information Science Co-director, Oregon Networking Research Group University of Oregon 0 Internet is a complex system
More informationINTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY
INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK SPAM DETECTION USNIG SPOT TOOL SURAJ KUTE, DIPIKA MOHOD, PAYAL SHIRE, PRATIKSHA
More informationTowards a collaborative, flow-based, distributed inter-domain Intrusion Detection System
Towards a collaborative, flow-based, distributed inter-domain Intrusion Detection System Frank Tietze Institut für Technische Informatik Fakultät für Informatik frank.tietze@unibw.de 1 Structure Introduction
More informationP2P Botnet Detection Method Based on Data Flow. Wang Jiajia 1, a Chen Yu1,b
2nd International Symposium on Advances in Electrical, Electronics and Computer Engineering (ISAEECE 2017) P2P Botnet Detection Method Based on Data Flow Wang Jiajia 1, a Chen Yu1,b 1 Taizhou Pylotechnic
More informationUse Cases. Higher Education. Enterprise
Use Cases Higher Education Enterprise INTRODUCTION This document provides a selection of customer use cases applicable for the higher education sector. Each use case describes an individual challenge faced
More informationDetecting Spam Zombies by Monitoring Outgoing Messages
Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan, Peng Chen, Fernando Sanchez Florida State University {duan, pchen, sanchez}@cs.fsu.edu Yingfei Dong University of Hawaii yingfei@hawaii.edu
More informationOn Static and Dynamic Partitioning Behavior of Large-Scale Networks
On Static and Dynamic Partitioning Behavior of Large-Scale Networks Derek Leonard Department of Computer Science Texas A&M University College Station, TX 77843 27th October 2005 Derek Leonard On Static
More informationCountering Hidden-Action Attacks on Networked Systems
Countering on Networked Systems University of Cambridge Workshop on the Economics of Information Security, 2005 Outline Motivation 1 Motivation 2 3 4 Motivation Asymmetric information inspires a class
More informationBuilding Security Services on top of SDN
Building Security Services on top of SDN Gregory Blanc Télécom SudParis, IMT 3rd FR-JP Meeting on Cybersecurity WG7 April 25th, 2017 Keio University Mita Campus, Tokyo Table of Contents 1 SDN and NFV as
More informationBotnets Behavioral Patterns in the Network
Botnets Behavioral Patterns in the Network Garcia Sebastian @eldracote Hack.Lu 2014 CTU University, Czech Republic. UNICEN University, Argentina. October 23, 2014 How are we detecting malware and botnets?
More informationCitation for published version (APA): Stevanovic, M., & Pedersen, J. M. (2013). Machine learning for identifying botnet network traffic.
Aalborg Universitet Machine learning for identifying botnet network traffic Stevanovic, Matija; Pedersen, Jens Myrup Publication date: 2013 Document Version Accepted author manuscript, peer reviewed version
More informationBuilding a hybrid experimental platform for mobile botnet research
Building a hybrid experimental platform for mobile botnet research Apostolos Malatras EC JRC, Institute for the Protection and Security of the Citizen apostolos.malatras@jrc.ec.europa.eu Laurent Beslay
More informationFinding the Linchpins of the Dark Web: A Study on Topologically Dedicated Hosts on Malicious Web Infrastructures
Finding the Linchpins of the Dark Web: A Study on Topologically Dedicated Hosts on Malicious Web Infrastructures Zhou Li, Indiana University Bloomington Sumayah Alrwais, Indiana University Bloomington
More informationA Time-To-Live Based Reservation Algorithm on Fully Decentralized Resource Discovery in Grid Computing
A Time-To-Live Based Reservation Algorithm on Fully Decentralized Resource Discovery in Grid Computing Sanya Tangpongprasit, Takahiro Katagiri, Hiroki Honda, Toshitsugu Yuba Graduate School of Information
More informationPeer-to-Peer Botnet Detection Using NetFlow. Connor Dillon
Peer-to-Peer Botnet Detection Using NetFlow Connor Dillon System and Network Engineering University of Amsterdam Master thesis presentation, July 3 rd 2014 Supervisor: Pepijn Janssen RedSocks Botnets Large
More informationSub-Botnet Cordination Using Tokens in a Switched Network
Utah State University DigitalCommons@USU Space Dynamics Lab Publications Space Dynamics Lab 1-1-2008 Sub-Botnet Cordination Using Tokens in a Switched Network Brandon Shirley Chad D. Mano Follow this and
More informationOssification of the Internet
Ossification of the Internet The Internet evolved as an experimental packet-switched network Today, many aspects appear to be set in stone - Witness difficulty in getting IP multicast deployed - Major
More informationERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016
Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds
More informationZEUSMILKER: Circumventing the P2P Zeus Neighbor List Restriction Mechanism
ZEUSMILKER: Circumventing the P2P Zeus Neighbor List Restriction Mechanism Shankar Karuppayah, Stefanie Roos, Christian Rossow, Max Mühlhäuser, Mathias Fischer Telecooperation Group Technische Universität
More informationNSFA: Nested Scale-Free Architecture for Scalable Publish/Subscribe over P2P Networks
NSFA: Nested Scale-Free Architecture for Scalable Publish/Subscribe over P2P Networks Huanyang Zheng and Jie Wu Dept. of Computer and Info. Sciences Temple University Road Map Introduction Nested Scale-Free
More informationNeighborWatcher: A Content-Agnostic Comment Spam Inference System
NeighborWatcher: A Content-Agnostic Comment Spam Inference System Jialong Zhang and Guofei Gu Secure Communication and Computer Systems Lab Department of Computer Science & Engineering Texas A&M University
More informationOverlay networks. Today. l Overlays networks l P2P evolution l Pastry as a routing overlay example
Overlay networks Today l Overlays networks l P2P evolution l Pastry as a routing overlay eample Network virtualization and overlays " Different applications with a range of demands/needs network virtualization
More informationBattle between hackers and machine learning. Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019
Battle between hackers and machine learning Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019 Google: facts and numbers Real Cisco Big Data for Security Training Set Why is Machine Learning
More informationOn Advanced Monitoring in Resilient and Unstructured P2P Botnets
On Advanced Monitoring in Resilient and Unstructured P2P Botnets Shankar Karuppayah, Mathias Fischer, Christian Rossow, Max Mühlhäuser Telecooperation Group, Technische Universität Darmstadt / CASED firstname.lastname@cased.de
More informationSybil defenses via social networks
Sybil defenses via social networks Abhishek University of Oslo, Norway 19/04/2012 1 / 24 Sybil identities Single user pretends many fake/sybil identities i.e., creating multiple accounts observed in real-world
More informationDetecting Stealthy Malware Using Behavioral Features in Network Traffic
Detecting Stealthy Malware Using Behavioral Features in Network Traffic Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Electrical and Computer Engineering
More informationModeling Dynamic Behavior in Large Evolving Graphs
Modeling Dynamic Behavior in Large Evolving Graphs R. Rossi, J. Neville, B. Gallagher, and K. Henderson Presented by: Doaa Altarawy 1 Outline - Motivation - Proposed Model - Definitions - Modeling dynamic
More informationSurvey Paper on Traditional Hadoop and Pipelined Map Reduce
International Journal of Computational Engineering Research Vol, 03 Issue, 12 Survey Paper on Traditional Hadoop and Pipelined Map Reduce Dhole Poonam B 1, Gunjal Baisa L 2 1 M.E.ComputerAVCOE, Sangamner,
More informationInternational Journal of Computer Science Trends and Technology (IJCST) Volume 5 Issue 2, Mar Apr 2017
RESEARCH ARTICLE OPEN ACCESS Analysis and Detection of Botnets and Encrypted Tunnels Dharna [1], Pooja Singhal [2] Department Of Information Security and Management Indira Gandhi Delhi Technical University
More informationEarly detection of Crossfire attacks using deep learning
Early detection of Crossfire attacks using deep learning Saurabh Misra, Mengxuan Tan, Mostafa Rezazad, Ngai-Man Cheung Singapore University of Technology and Design Content The Crossfire Attack A brief
More informationMotivation and goal Design concepts and service model Architecture and implementation Performance, and so on...
Motivation and goal Design concepts and service model Architecture and implementation Performance, and so on... Autonomous applications have a demand for grasping the state of hosts and networks for: sustaining
More informationSimple and Scalable Handoff Prioritization in Wireless Mobile Networks
Simple and Scalable Handoff Prioritization in Wireless Mobile Networks Jörg Diederich Institute of Operating Systems and Computer Networks Technical University Braunschweig Supervisor: Prof. Dr. M. Zitterbart,
More informationOverlay and P2P Networks. Introduction. Prof. Sasu Tarkoma
Overlay and P2P Networks Introduction Prof. Sasu Tarkoma 12.1.2015 Contents Course Overview Lectures Assignments/Exercises Course Overview Overlay networks and peer-to-peer technologies have become key
More informationOverSim. A Flexible Overlay Network Simulation Framework. Ingmar Baumgart, Bernhard Heep, Stephan Krause
OverSim A Flexible Overlay Network Simulation Framework Ingmar Baumgart, Bernhard Heep, IEEE Global Internet Symposium 2007, Anchorage, AK, USA Requirements Overlay Flexibility Scalability Underlay Heterogeneity
More informationRadware: Anatomy of an IoT Botnet and Economics of Defense
BRKPAR-4000 Radware: Anatomy of an IoT Botnet and Economics of Defense Eric Grubel Anatomy of an IoT Botnet and Economics of Defense Eric Grubel VP, Business Development January 2018 Theme of Discussion
More informationPinPoint: A Ground-Truth Based Approach for IP Geolocation
PinPoint: A Ground-Truth Based Approach for IP Geolocation Brian Eriksson Network Mapping and Measurement Conference 2010 Paul Barford Robert Nowak Bruce Maggs Introduction Consider some resource in the
More informationAccepted Manuscript. Original article. Fast Flux Watch: A Mechanism for Online Detection of Fast Flux Networks
Accepted Manuscript Original article Fast Flux Watch: A Mechanism for Online Detection of Fast Flux Networks Basheer N. Al-Duwairi, Ahmad T. Al-Hammouri PII: S2090-1232(14)00003-4 DOI: http://dx.doi.org/10.1016/j.jare.2014.01.002
More informationAnalyzing the Dual-Path Peer-to-Peer Anonymous Approach
Analyzing the Dual-Path Peer-to-Peer Anonymous Approach Ehsan Saboori K.N Toosi University of Technology Tehran, Iran Majid Rafigh Shahid Beheshti University (Former National University) Tehran, Iran Alireza
More informationOverlay and P2P Networks. Introduction and unstructured networks. Prof. Sasu Tarkoma
Overlay and P2P Networks Introduction and unstructured networks Prof. Sasu Tarkoma 14.1.2013 Contents Overlay networks and intro to networking Unstructured networks Overlay Networks An overlay network
More informationTelecommunication Services Engineering Lab. Roch H. Glitho
1 Support Infrastructure Support infrastructure for application layer Why? Re-usability across application layer protocols Modularity (i.e. separation between application layer protocol specification /
More informationComparing Chord, CAN, and Pastry Overlay Networks for Resistance to DoS Attacks
Comparing Chord, CAN, and Pastry Overlay Networks for Resistance to DoS Attacks Hakem Beitollahi Hakem.Beitollahi@esat.kuleuven.be Geert Deconinck Geert.Deconinck@esat.kuleuven.be Katholieke Universiteit
More informationChapter 10: Denial-of-Services
Chapter 10: Denial-of-Services Technology Brief This chapter, "Denial-of-Service" is focused on DoS and Distributed Denial-of-Service (DDOS) attacks. This chapter will cover understanding of different
More informationIntegrated Security Incident Management Concepts & Real world experiences
Integrated Security Incident Management Concepts & Real world experiences Stefan Metzger, Dr. Wolfgang Hommel, Dr. Helmut Reiser 6th International Conference on IT Security Incident Management & IT Forensics
More informationA Survey of Peer-to-Peer Content Distribution Technologies
A Survey of Peer-to-Peer Content Distribution Technologies Stephanos Androutsellis-Theotokis and Diomidis Spinellis ACM Computing Surveys, December 2004 Presenter: Seung-hwan Baek Ja-eun Choi Outline Overview
More informationDevelopment of a Scalable System for Stealthy P2P Botnet Detection
Development of a Scalable System for Stealthy P2P Botnet Detection Navya Balla 1, P.V. Siva Kumar 2 1 M.Tech Student (SE), VNR VignanaJyothi Institute of Engineering and Technology, Hyderabad, India 2
More informationA Framework for a Comprehensive Evaluation of Ant-Inspired Peer-to-Peer Protocols
A Framework for a Comprehensive Evaluation of Ant-Inspired Peer-to-Peer Protocols Amos Brocco Department of Innovative Technologies, University of Applied Science of Southern Switzerland Ingmar Baumgart,
More informationKey Aspects of Cybersecurity in the context of Internet of Things (IOT) Raj Kumar
Key Aspects of Cybersecurity in the context of Internet of Things (IOT) Raj Kumar Key Aspects of Cybersecurity in the context of Internet of Things (IOT) IoT Security Challenges and Recent Incidents The
More informationCSMA based Medium Access Control for Wireless Sensor Network
CSMA based Medium Access Control for Wireless Sensor Network H. Hoang, Halmstad University Abstract Wireless sensor networks bring many challenges on implementation of Medium Access Control protocols because
More informationCSEE 4119 Computer Networks. Chapter 1 Introduction (4/4) Introduction 1-1
CSEE 4119 Computer Networks Chapter 1 Introduction (4/4) Introduction 1-1 Chapter 1: roadmap 1.1 What is the Internet? 1.2 Network edge! end systems, access networks, links 1.3 Network core! circuit switching,
More information