A SUBSYSTEM FOR FAST (IP) FLUX BOTNET DETECTION
|
|
- Marshall Price
- 6 years ago
- Views:
Transcription
1 Chapter 6 A SUBSYSTEM FOR FAST (IP) FLUX BOTNET DETECTION 6.1 Introduction Motivation Content Distribution Networks (CDNs) and Round-Robin DNS (RRDNS) are the two standard methods used for resource sharing [68]. RRDNS is a technique for load balancing, where IP changes happen in a round robin fashion. Content Delivery Networks (CDNs) are collections of servers that are located in dierent data centers around the world, in order to decrease the resource access time for users. These techniques are employed by legal commercial organizations for the benet of end users. Unfortunately, Fast Flux networks are developed using the same techniques as CDN`s and RRDNS. Fast uxing takes the advantage of DNS based load balancing by masking its own activities as if it is a CDN. Fast uxing uses many IP addresses that are hidden behind a single domain name just as large CDNs and Antivirus providers do. The IP addresses of domains involved in Fast Fluxing changes with extreme frequency in round-robin 85
2 Figure 6.1: Work ow of a fast-ux service fashion with very short Time-To-Live (TTL) for each DNS Resource Record (RR). Figure 6.1 shows the pictorial representation of a fast-ux service network. Fast ux domain names map to a new set of IP addresses, which are assigned to infected machines (botnet). While trying to access the domain name, the botnet automatically connects to any one of the infected computers within a short interval of time. Botnets use the fast uxing mechanism in order to conceal their Command and Control (C&C) servers. This technique prevents the identication of C&C servers by changing IP addresses frequently, so that it cannot be detected. Single uxing is a process when the IP addresses of malicious domains are altered within a short period of time. Double uxing is a process when the name servers (NS) of the domains are uxed along with the IPs. Fast ux botnets have been and are responsible for a plethora of activities like: money mule recruitment sites, phishing sites, illegal online pharmacies, illegal adult content sites, malicious browser exploit 86
3 Domain name getghosted.com welish.com Table 6.1: Fast-ux domains and their associated IP address IP List First set of IPs Second set IPs Third set of IPs sites and web trap (distributing malware) [69]. To classify domains containing fast uxing properties, supervised machine learning classiers are used. Table 6.1 shows some of the fast ux domains and their associated IP addresses in a particular interval of time. These active domain names have been selected from ATLAS [70] global fast ux database Contributions In this research, the following conributions are made: Developed a system, capable of detecting single and double ux with high accuracy 98.2% and very low fasle positive in real-time. Provided two services; one for detection and the other for monitoring the detected FFSNs and employed One-Class SVM (OCSVM) with linear programming approach to classify the data after training the system with eight relevant features of fast ux domains. The framework was deployed at an Internet service provider location for more 87
4 than a year. The framework was able to identify several Fast Flux IPs which neither blacklisted nor had any history. 6.2 System Developed The system was developed and deployed with an aim to detect fast-ux domains automatically in real-time. After detecting the fast-ux domain, the system monitors its activities in an interval of ve seconds on a regular basis. Figure 6.2 presents the architectural diagram of the implemented system which consists of three modules 1) Data Collection 2) Feature selection 3) Classication 4) Continuous monitoring Data Collection Passive Sensor collects DNS Query/Response from the DNS Servers. It captures network trac from DNS Servers and passes it to an application. One Sensor can handle data from multiple DNS Servers. It collects data passively from DNS Servers. Collected DNS logs contain the details of user queries. Parsing unit parses the logs and extract domain names exclusively which have more than one IP addresses. The domain names and IP addresses are then fed into the feature selection module to extract relevant features Feature Selection Features play the most important role in classication. Quality of features determines the accuracy of classication. At most care must be given to feature extraction. Eight features such as Domain age, TTL, Number of IP addresses of a distinct DNS A record, 88
5 Figure 6.2: Architecture Diagram Autonomous System Distribution, National Distribution, and Organizational distribution were extracted for modelling. TTL: TTL (Time-To-Live) determines the life span of a record in a network. A record will be deleted from DNS Server Cache when the specied TTL expires [71] so that new IP address will be given to the bots. Fast ux domains maintain 89
6 shorter TTL for each record. Number of IP addresses of a distinct DNS Query: A record stands for Address record and an A record lookup resolves a hostname to an IP address [72]. In fast ux the TTL for each record is very less and hence each time TTL expires, a new set of IP addresses will be resolved. Thus the total number of accumulated IP address will be very large. Network Diversity: Diversity of network is another characteristic of fast ux. IPs of fast ux domains will be in located in dierent networks. Autonomous System Distribution: In order to reduce the chance of detection, fast uxing will have IP addresses from dierent Autonomous Systems [15]. Hence distinct Autonomous Systems will be high for a single domain. Geographical Distribution: A considerable amount of fast ux domains have IP's distributed among multiple countries. Double Fluxing Characterization: Second layer of complexity comes when a domain name shows the frequent changes in its Name Server. Organization: The IP addresses of a domain are owned by multiple organizations, this is a dening characteristic of fast ux domains. 90
7 6.3 Continous Monitoring The detected domain names are then fed into the continuous monitoring system. Here, the system continuously monitors the targeted domains with time duration of ve seconds. This system will actively query to check for any change in IP of the detected fast ux domain. The Fast ux domains having some DGA textual properties will also be checked. One of the salient textual features is having more randomness than a legitimate domain name. Randomness can be the inclusion of digits, absence of dictionary word, unusual word length etc. This checking is nontrivial because, sometime the suspected domain may be a good domain name with more fast-ux characteristics. So to remove these kinds of false positive results, the system will again give these domain names back to feature collection module with the newly available IPs for further classication. So this part of the system does an important role to remove literally the whole false positive and false negatives. The use of powerful Machine Learning algorithm as well as the Reputation checker system gives better prediction accuracy for every domain. From the analysis, a new category of fastux domains was observed; these domains will have only one IP address, which will be uxing continuously. These kinds of domains will be discarded from the rst analysis, so all suspected domains will be monitored separately to detect the uxy characteristics. Also these domains will be having high TTL value. Based on these characteristics, the suspected domains are observed. Also a white list is kept to remove good domains. 91
8 6.4 Experimental Results The developed system detects the fast ux domains in real-time. The system was trained based on the fast ux features. Since the output of the classier depends on the training data, the collected training set includes all the combination of features that is discussed earlier. For testing the system, the active fast ux domains from ATLAS global fast-ux database was chosen and collected data from in-house network manually and for normal domains data were collected from Alexa [63]. The system queried domain names from real-time DNS logs and active fast ux domains listed in ATLAS and Alexa database. In order to lter out the domain names that are part of CDNs [73], a reverse lookup of the domain was performed. If the reverse lookup of A-records of a domain doesn't show any similarity in its answer section, it is most likely to be a fast-ux domain. Hence it helps us to increase the accuracy of the analysis from 98.2% to almost 100%. Figures 6.3 (a) and 6.3 (b) show the number of unique IP addresses of fastux and non-fastux domains. From the gure it can be seen that fastux domains are having more IP addresses than normal domains. In Figures 6.4 (a) and 6.4 (b), number of unique name servers for both categories can be observed. Figures 6.5 (a) and 6.5 (b) show number of unique number of networks. 92
9 (a) (b) Figure 6.3: (a) IP Addresses of fast-ux domains, (b) IP Addresses of legitimate domains (a) (b) Figure 6.4: (a) Name servers of fast-ux Domains, (b) Name servers of normal domains 93
10 (a) (b) Figure 6.5: (a) Networks of fast-ux domains, (b) Networks of normal domains 6.5 Conclusion A system was developed to detect single uxing as well as double uxing propagating in a monitored network in real-time. In order to do so, one-class SVM and a continuous monitoring system were applied to track the activities of detected domains in real-time. This system detects very active domains which were approved by ATLAS global fast- ux domains with an accuracy of 98.2%. The developed system is capable of eciently ltering out the CDNs, Antivirus software etc. which cause false positives in detection of fast uxing domains. 94
Behavior Based Malware Analysis: A Perspective From Network Traces and Program Run-Time Structure
Behavior Based Malware Analysis: A Perspective From Network Traces and Program Run-Time Structure Chun-Ying Huang chuang@ntou.edu.tw Assistant Professor Department of Computer Science and Engineering National
More informationTracking Evil with Passive DNS
Tracking Evil with Passive DNS Bojan Ždrnja, CISSP, GCIA, GCIH Bojan.Zdrnja@infigo.hr INFIGO IS http://www.infigo.hr Who am I? Senior information security consultant with INFIGO IS (Croatia) Mainly doing
More informationNaming in Distributed Systems
Naming in Distributed Systems Dr. Yong Guan Department of Electrical and Computer Engineering & Information Assurance Center Iowa State University Outline for Today s Talk Overview: Names, Identifiers,
More informationTempR: Application of Stricture Dependent Intelligent Classifier for Fast Flux Domain Detection
I. J. Computer Network and Information Security, 2016, 10, 37-44 Published Online October 2016 in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijcnis.2016.10.05 TempR: Application of Stricture Dependent
More informationManaging Caching DNS Server
This chapter explains how to set the Caching DNS server parameters. Before you proceed with the tasks in this chapter, see Introduction to the Domain Name System which explains the basics of DNS. Configuring
More informationDiscovering new malicious domains using DNS and big data Case study: Fast Flux domains. Dhia Mahjoub OpenDNS May 25 th, 2013
Discovering new malicious domains using DNS and big data Case study: Fast Flux domains Dhia Mahjoub OpenDNS May 25 th, 2013 Background A@ackers seek to keep their operabons online at all Bmes The Network
More informationChapter 2 Malicious Networks for DDoS Attacks
Chapter 2 Malicious Networks for DDoS Attacks Abstract In this chapter, we explore botnet, the engine of DDoS attacks, in cyberspace. We focus on two recent techniques that hackers are using to sustain
More informationDNSSM: A Large Scale Passive DNS Security Monitoring Framework
samuel.marchal@uni.lu 16/04/12 DNSSM: A Large Scale Passive DNS Security Monitoring Framework Samuel Marchal, Jérôme François, Cynthia Wagner, Radu State, Alexandre Dulaunoy, Thomas Engel, Olivier Festor
More informationReal-Time Detection of Fast Flux Service Networks
Cybersecurity Applications & Technology Conference For Homeland Security Real-Time Detection of Fast Flux Service Networks Alper Caglayan, Mike Toothaker, Dan Drapeau, Dustin Burke and Gerry Eaton Milcord
More informationBotnet Communication Topologies
Understanding the intricacies of botnet Command-and-Control By Gunter Ollmann, VP of Research, Damballa, Inc. Introduction A clear distinction between a bot agent and a common piece of malware lies within
More informationThe evolution of malevolence
Detection of spam hosts and spam bots using network traffic modeling Anestis Karasaridis Willa K. Ehrlich, Danielle Liu, David Hoeflin 4/27/2010. All rights reserved. AT&T and the AT&T logo are trademarks
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationGNSO Issues Report on Fast Flux Hosting
GNSO STATUS OF THIS DOCUMENT This is the requested by the GNSO Council. SUMMARY This report is submitted to the GNSO Council in response to a request received from the Council pursuant to a Motion proposed
More informationThe Interactive Guide to Protecting Your Election Website
The Interactive Guide to Protecting Your Election Website 1 INTRODUCTION Cloudflare is on a mission to help build a better Internet. Cloudflare is one of the world s largest networks. Today, businesses,
More informationTable of Contents 1 DNS Configuration 1-1
Table of Contents 1 DNS Configuration 1-1 DNS Overview 1-1 Static Domain Name Resolution 1-1 Dynamic Domain Name Resolution 1-1 Configuring Domain Name Resolution 1-3 Configuring Static Domain Name Resolution
More informationDocumentation for: MTA developers
This document contains implementation guidelines for developers of MTA products/appliances willing to use Spamhaus products to block as much spam as possible. No reference is made to specific products.
More informationMailspike. Henrique Aparício
Mailspike Henrique Aparício 1 Introduction For many years now, email has become a tool of great importance as a means of communication. Its growing use led inevitably to its exploitation by entities that
More informationDetecting Specific Threats
The following topics explain how to use preprocessors in a network analysis policy to detect specific threats: Introduction to Specific Threat Detection, page 1 Back Orifice Detection, page 1 Portscan
More informationLesson 9: Configuring DNS Records. MOAC : Administering Windows Server 2012
Lesson 9: Configuring DNS Records MOAC 70-411: Administering Windows Server 2012 Overview Exam Objective 3.2: Configure DNS Records Configuring DNS Record Types Using the DNSCMD Command to Manage Resource
More informationConfiguring the Botnet Traffic Filter
CHAPTER 46 Malware is malicious software that is installed on an unknowing host. Malware that attempts network activity such as sending private data (passwords, credit card numbers, key strokes, or proprietary
More informationPeering into Botnets via Fast Flux Enumeration: The ATLAS Experience. Jose Nazario, Ph.D. FIRST 2008 NSM-SIG Vancouver
Peering into Botnets via Fast Flux Enumeration: The ATLAS Experience Jose Nazario, Ph.D. FIRST 2008 NSM-SIG Vancouver Project o ATLAS - global Internet monitoring o Fast flux - used to discover bots/infected
More informationInsight Frequently Asked Questions version 2.0 (8/24/2011)
Insight Frequently Asked Questions version 2.0 (8/24/2011) Insight Overview 1. What is a reputation system and how does it work? Insight, our reputation system, leverages anonymous telemetry data from
More informationDNS Policies. DNS Policy Overview. The following topics explain DNS policies, DNS rules, and how to deploy DNS policies to managed devices.
The following topics explain DNS policies, DNS rules, and how to deploy DNS policies to managed devices. DNS Policy Overview, page 1 DNS Policy Components, page 2 DNS Rules, page 6 DNS Policy Deploy, page
More informationConnection Broker Advanced Connections Management for Multi-Cloud Environments. DNS Setup Guide
Connection Broker Advanced Connections Management for Multi-Cloud Environments DNS Setup Guide Versions 8.2 December 2017 Contacting Leostream Leostream Corporation 271 Waverley Oaks Rd Suite 206 Waltham,
More informationTECHNISCHE UNIVERSITEIT EINDHOVEN Faculteit Wiskunde en Informatica
TECHNISCHE UNIVERSITEIT EINDHOVEN Faculteit Wiskunde en Informatica Examination Architecture of Distributed Systems (2IMN10 / 2II45), on Monday November 2, 2015, from 13.30 to 16.30 hours. Indicate on
More informationBIG-IP Application Security Manager : Implementations. Version 13.0
BIG-IP Application Security Manager : Implementations Version 13.0 Table of Contents Table of Contents Preventing DoS Attacks on Applications... 13 What is a DoS attack?...13 About recognizing DoS attacks...
More informationDetection of DNS Traffic Anomalies in Large Networks
Detection of Traffic Anomalies in Large Networks Milan Čermák, Pavel Čeleda, Jan Vykopal {cermak celeda vykopal}@ics.muni.cz 20th Eunice Open European Summer School and Conference 2014 1-5 September 2014,
More informationFast Flux Hosting Final Report. GNSO Council Meeting 13 August 2009
Fast Flux Hosting Final Report GNSO Council Meeting 13 August 2009 1 January 2008: SAC 025 Fast Flux Hosting and DNS Characterizes Fast Flux (FF) as an evasion technique that enables cybercriminals to
More informationP2P Botnet Detection through Malicious Fast Flux Network Identification
P2P Botnet Detection through Malicious Fast Flux Network Identification David Zhao Department of Electrical and Computer Engineering University of Victoria Victoria, BC, Canada davidzhao@ieee.org Issa
More informationBotnets: major players in the shadows. Author Sébastien GOUTAL Chief Science Officer
Botnets: major players in the shadows Author Sébastien GOUTAL Chief Science Officer Table of contents Introduction... 3 Birth of a botnet... 4 Life of a botnet... 5 Death of a botnet... 8 Introduction
More informationDetecting Malicious Web Links and Identifying Their Attack Types
Detecting Malicious Web Links and Identifying Their Attack Types Anti-Spam Team Cellopoint July 3, 2013 Introduction References A great effort has been directed towards detection of malicious URLs Blacklisting
More informationDNS Firewall with Response Policy Zone. Suman Kumar Saha bdcert Amber IT Limited
DNS Firewall with Response Policy Zone Suman Kumar Saha bdcert suman@bdcert.org Amber IT Limited suman@amberit.com.bd DNS Response Policy Zone(RPZ) as Firewall RPZ allows a recursive server to control
More informationDetecting Malicious Activity with DNS Backscatter Kensuke Fukuda John Heidemann Proc. of ACM IMC '15, pp , 2015.
Detecting Malicious Activity with DNS Backscatter Kensuke Fukuda John Heidemann Proc. of ACM IMC '15, pp. 197-210, 2015. Presented by Xintong Wang and Han Zhang Challenges in Network Monitoring Need a
More informationDNS Setup Guide. Connection Broker. Advanced Connection Management For Multi-Cloud Environments
DNS Setup Guide Connection Broker Advanced Connection Management For Multi-Cloud Environments Version 9.0 June 2018 Contacting Leostream Leostream Corporation 271 Waverley Oaks Rd Suite 206 Waltham, MA
More informationUTM 5000 WannaCry Technote
UTM 5000 WannaCry Technote The news is full of reports of the massive ransomware infection caused by WannaCry. Although these security threats are pervasive, and ransomware has been around for a decade,
More informationDetect Cyber Threats with Securonix Proxy Traffic Analyzer
Detect Cyber Threats with Securonix Proxy Traffic Analyzer Introduction Many organizations encounter an extremely high volume of proxy data on a daily basis. The volume of proxy data can range from 100
More informationDetecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces
Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci a,b, Igino Corona c, David Dagon a, and Wenke Lee a a College of Computing, Georgia Institute
More informationWhat is the role of teletraffic engineering in broadband networks? *
OpenStax-CNX module: m13376 1 What is the role of teletraffic engineering in broadband networks? * Jones Kalunga This work is produced by OpenStax-CNX and licensed under the Creative Commons Attribution
More informationKaspersky Security Network
The Kaspersky Security Network (KSN) is a complex distributed infrastructure dedicated to intelligently processing cybersecurity-related data streams from millions of voluntary participants around the
More informationAccess Control Using Intrusion and File Policies
The following topics describe how to configure access control policies to use intrusion and file policies: Intrusions and Malware Inspection Overview, page 1 Access Control Traffic Handling, page 2 File
More informationIn the Domain Name System s language, rcode 0 stands for: no error condition.
12/2017 SIMPLE, FAST, RESILIENT In the Domain Name System s language, rcode 0 stands for: no error condition. If a DNS server answers a query with this result code, the service is running properly. This
More informationWhat is the relationship between a domain name (e.g., youtube.com) and an IP address?
DNS, CDNs March 30, 2009 Lecture 14 Sam Madden DNS What is the relationship between a domain name (e.g., youtube.com) and an IP address? DNS is the system that determines this mapping. Basic idea: You
More informationNetDefend Firewall UTM Services
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls (DFL-260/860/1660/2560/2560G) integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content
More informationSamKnows test methodology
SamKnows test methodology Download and Upload (TCP) Measures the download and upload speed of the broadband connection in bits per second. The transfer is conducted over one or more concurrent HTTP connections
More informationHow does the Excalibur Technology SPAM & Virus Protection System work?
How does the Excalibur Technology SPAM & Virus Protection System work? All e-mail messages sent to your e-mail address are analyzed by the Excalibur Technology SPAM & Virus Protection System before being
More informationHow to Configure DNS Sinkholing in the Firewall
UDP DNS traffic handled by the Firewall service is monitored and, if a domain is found that is considered to be malicious, the A and AAAA DNS response is replaced by fake IP addresses. An access rule blocks
More informationEnterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE
Enterprise Overview Benefits and features of s Enterprise plan 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com This paper summarizes the benefits and features of s Enterprise plan. State of
More informationProtecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper
Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges
More informationPort Mirroring in CounterACT. CounterACT Technical Note
Table of Contents About Port Mirroring and the Packet Engine... 3 Information Based on Specific Protocols... 4 ARP... 4 DHCP... 5 HTTP... 6 NetBIOS... 7 TCP/UDP... 7 Endpoint Lifecycle... 8 Active Endpoint
More informationDNS/DNSSEC Workshop. In Collaboration with APNIC and HKIRC Hong Kong. Champika Wijayatunga Regional Security Engagement Manager Asia Pacific
DNS/DNSSEC Workshop In Collaboration with APNIC and HKIRC Hong Kong Champika Wijayatunga Regional Security Engagement Manager Asia Pacific 22-24 January 2018 1 Agenda 1 2 3 Introduction to DNS DNS Features
More informationPassive DNS Replication
Passive DNS Replication Florian Weimer 17 th Annual FIRST Conference, Singapore, 2005 Florian Weimer Passive DNS Replication FIRST 2005 1 / 24 Outline A very brief introduction to DNS Case Study: Botnet
More informationA brief Incursion into Botnet Detection
A brief Incursion into Anant Narayanan Advanced Topics in Computer and Network Security October 5, 2009 What We re Going To Cover 1 2 3 Counter-intelligence 4 What Are s? Networks of zombie computers The
More informationForeScout CounterACT. Plugin. Configuration Guide. Version 1.2
ForeScout CounterACT Core Extensions Module: DNS Query Extension Plugin Version 1.2 Table of Contents About the DNS Query Extension... 3 Configure the Extension... 3 Verify That the Plugin Is Running...
More informationFast-Flux Botnet Detection Based on Traffic Response and Search Engines Credit Worthiness
ISSN 1330-3651 (Print), ISSN 1848-6339 (Online) https://doi.org/10.17559/tv-20161012115204 Original scientific paper Fast-Flux Botnet Detection Based on Traffic Response and Search Engines Credit Worthiness
More informationIBM SECURITY NETWORK PROTECTION (XGS)
IBM SECURITY NETWORK PROTECTION (XGS) IP Reputation Use cases and more Tanmay Shah Product Lead IBM Security Network Protection Tanmay.Shah@au1.ibm.com Contents Introduction... 2 Audience... 2 IP Reputation
More informationInterme diate DNS. Local browse r. Authorit ative ... DNS
WPI-CS-TR-00-12 July 2000 The Contribution of DNS Lookup Costs to Web Object Retrieval by Craig E. Wills Hao Shang Computer Science Technical Report Series WORCESTER POLYTECHNIC INSTITUTE Computer Science
More informationFranzes Francisco Manila IBM Domino Server Crash and Messaging
Franzes Francisco Manila IBM Domino Server Crash and Messaging Topics to be discussed What is SPAM / email Spoofing? How to identify one? Anti-SPAM / Anti-email spoofing basic techniques Domino configurations
More informationAutomating Security Response based on Internet Reputation
Add Your Logo here Do not use master Automating Security Response based on Internet Reputation IP and DNS Reputation for the IPS Platform Anthony Supinski Senior Systems Engineer www.h3cnetworks.com www.3com.com
More informationSend me up to 5 good questions in your opinion, I ll use top ones Via direct message at slack. Can be a group effort. Try to add some explanation.
Notes Midterm reminder Second midterm next week (04/03), regular class time 20 points, more questions than midterm 1 non-comprehensive exam: no need to study modules before midterm 1 Online testing like
More informationDetecting DGA Malware Traffic Through Behavioral Models. Erquiaga, María José Catania, Carlos García, Sebastían
Detecting DGA Malware Traffic Through Behavioral Models Erquiaga, María José Catania, Carlos García, Sebastían Outline Introduction Detection Method Training the threshold Dataset description Experiment
More informationComodo cwatch Web Security Software Version 1.6
rat Comodo cwatch Web Security Software Version 1.6 Quick Start Guide Guide Version 1.6.010918 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Comodo cwatch Web Security - Quick Start Guide
More informationDetecting bots using multilevel traffic analysis
Intl. Journal on Cyber Situational Awareness, Vol. 1, No. 1, 2016 Detecting bots using multilevel traffic analysis Matija Stevanovic and Jens Myrup Pedersen Department of Electronic Systems, Aalborg University
More informationLuminous: Bringing Big(ger) Data to the Fight
Luminous: Bringing Big(ger) Data to the Fight Norm Ritchie Drew Bagley ICANN Helsinki June, 2016 Secure Domain Foundation Non-profit Founded in 2014 Proactive mitigation of malicious domains used for cybercrime
More informationLoad Balancing 101: Nuts and Bolts
Load Balancing 101: Nuts and Bolts Load balancing technology is the basis on which today's Application Delivery Controllers operate. But the pervasiveness of load balancing technology does not mean it
More informationIndicators of Compromise
Indicators of Compromise Effectively apply threat information Factsheet FS-2016-02 version 1.0 1 June 2017 If you are responsible for securing the network of your organisation, you will often hear the
More informationDetecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine
Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray, Sven Krasser Motivation Spam: More than Just a
More informationHow to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis
White paper How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis AhnLab, Inc. Table of Contents Introduction... 1 Multidimensional Analysis... 1 Cloud-based Analysis...
More informationMicrosoft Installing, Configuring, and Administering Microsoft Exchange 2003 Server Implementing &Managing MS Exchange Server 2003
Microsoft 70-284 Microsoft 70-284 Installing, Configuring, and Administering Microsoft Exchange 2003 Server Implementing &Managing MS Exchange Server 2003 Practice Test Version 2.5 QUESTION NO: 1 Microsoft
More informationDNS Security. Ch 1: The Importance of DNS Security. Updated
DNS Security Ch 1: The Importance of DNS Security Updated 8-21-17 DNS is Essential Without DNS, no one can use domain names like ccsf.edu Almost every Internet communication begins with a DNS resolution
More informationn Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic
Chapter Objectives n Understand how to use appropriate software tools to assess the security posture of an organization Chapter #7: Technologies and Tools n Given a scenario, analyze and interpret output
More informationGFI Product Comparison. GFI MailEssentials vs Sophos PureMessage
GFI Product Comparison GFI MailEssentials vs PureMessage GFI MailEssentials Integrates with Microsoft Exchange Server 2003/2007/2010/2013 Scans incoming and outgoing emails Scans internal emails within
More informationNetwork Security Platform 8.1
8.1.7.5-8.1.3.43 M-series Release Notes Network Security Platform 8.1 Revision A Contents About this release New features Enhancements Resolved issues Installation instructions Known issues Product documentation
More informationDDoS on DNS: past, present and inevitable. Töma Gavrichenkov
DDoS on DNS: past, present and inevitable Töma Gavrichenkov DNS DDoS types Volumetric: amplification, other floods Water torture and the likes DNS DDoS problem statement DNS is built on
More informationJohn Munro / Jason Trost / FlonCon 2013 January 7 10 Albuquerque, New Mexico
John Munro / jmunro@endgame.com Jason Trost / jtrost@endgame.com FlonCon 2013 January 7 10 Albuquerque, New Mexico Introductions John Munro (jmunro@endgame.com) Network Security Researcher and Data Scientist
More informationBots Combine! : Behind the Modern Botnet. Andrea Sept 1, 2017
Bots Combine! : Behind the Modern Botnet Andrea Scarfo @AScarf0 Sept 1, 2017 Security Research Analyst @ Cisco Umbrella (formerly OpenDNS) in San Francisco since 2015 Previously a System Administrator
More informationHOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL
HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL CONTENTS EXECUTIVE SUMMARY 1 WEB APPLICATION SECURITY CHALLENGES 2 INSIST ON BEST-IN-CLASS CORE CAPABILITIES 3 HARNESSING ARTIFICIAL INTELLIGENCE
More informationExecutive Summary. Passive Detection of Misbehaving Name Servers
Passive Detection of Misbehaving Name Servers Leigh B. Metcalf, Jonathan M. Spring CERT Network Situational Awareness Group netsa-contact@cert.org Publication NetSA-2012-01 January 2012 Executive Summary
More informationTHE AUTHORITATIVE GUIDE TO DNS TERMINOLOGY
Ebook: THE AUTHORITATIVE GUIDE TO DNS TERMINOLOGY From A Record & DNS to Zones 603 668 4998 Your Master List of Key DNS Terms As more users and more online services (sites, microservices, connected things,
More informationCisco Threat Intelligence Director (TID)
The topics in this chapter describe how to configure and use TID in the Firepower System. Overview, page 1 Requirements for Threat Intelligence Director, page 4 How To Set Up, page 6 Analyze TID Incident
More informationAll Your Payment Tokens Are Mine: Vulnerabilities of Mobile Payment Systems
All Your Payment Tokens Are Mine: Vulnerabilities of Mobile Payment Systems Speaker: Zhe Zhou, zhouzhe@fudan.edu.cn Pre-Tenure Associate Professor, School of Computer Science, Fudan University, China This
More informationMcAfee Network Security Platform
Revision B McAfee Network Security Platform (8.1.7.5-8.1.3.43 M-series Release Notes) Contents About this release New features Enhancements Resolved issues Installation instructions Known issues Product
More informationConfiguring Geo-IP Filters
Configuring Geo-IP Filters NOTE: The Geo-IP Filtering feature is available on TZ300 series and above appliances. The Geo-IP Filter feature allows you to block connections to or from a geographic location.
More informationAS-CRED: Reputation Service for Trustworthy Inter-domain Routing
AS-CRED: Reputation Service for Trustworthy Inter-domain Routing Krishna Venkatasubramanian Computer and Information Science University of Pennsylvania ONR MURI N00014-07-1-0907 Review Meeting June 10,
More informationDNS Security. *http://compsec101.antibozo.net/pa pers/dnssec/dnssec.html. IT352 Network Security Najwa AlGhamdi
DNS Security *http://compsec101.antibozo.net/pa pers/dnssec/dnssec.html 1 IT352 Network Security Najwa AlGhamdi Introduction The DNS provides a mechanism that resolves Internet host names into IP addresses
More informationConfiguring the Botnet Traffic Filter
CHAPTER 51 Malware is malicious software that is installed on an unknowing host. Malware that attempts network activity such as sending private data (passwords, credit card numbers, key strokes, or proprietary
More informationThousandEyes for. Application Delivery White Paper
ThousandEyes for Application Delivery White Paper White Paper Summary The rise of mobile applications, the shift from on-premises to Software-as-a-Service (SaaS), and the reliance on third-party services
More informationMeasuring Global DNS Propagation Times Using RIPE Atlas. Bachelor Thesis by Tim Wattenberg RIPE Regional Meeting Almaty, Kazakhstan
Measuring Global DNS Propagation Times Using RIPE Atlas Bachelor Thesis by Tim Wattenberg RIPE Regional Meeting Almaty, Kazakhstan About me - 25 years old, from Cologne/Germany - graduated from Heinrich
More informationDetecting and Quantifying Abusive IPv6 SMTP!
Detecting and Quantifying Abusive IPv6 SMTP Casey Deccio Verisign Labs Internet2 2014 Technical Exchange October 30, 2014 Spam, IPv4 Reputation and DNSBL Spam is pervasive Annoying (pharmaceuticals) Dangerous
More informationCategorization of Phishing Detection Features. And Using the Feature Vectors to Classify Phishing Websites. Bhuvana Namasivayam
Categorization of Phishing Detection Features And Using the Feature Vectors to Classify Phishing Websites by Bhuvana Namasivayam A Thesis Presented in Partial Fulfillment of the Requirements for the Degree
More informationSecurity Annex for DDoS Additional Terms for DDoS Protection
CONTENTS 1 Glossary of Terms & Definitions... 2 2 Service Description... 2 2.1 Installation and Service Provision... 2 2.2 Cleaning and Mitigation... 3 2.3 Mitigation Limitations... 3 2.4 DDoS Attack Monitoring...
More informationBotNet Traffic Filter Issue with Adaptive Security Appliance
BotNet Traffic Filter Issue with Adaptive Security Appliance Contents Introduction Background Information Troubleshoot Workflow Step 1: Check the Dynamic Filter Database Step 2: Ensure DNS Traffic Crosses
More information«On the Internet, nobody knows you are a dog» Twenty years later
«On the Internet, nobody knows you are a dog» Twenty years later This lecture is about identity and authenticity, but also other security properties. It is largely about the Internet, but some of this
More informationAccess Control Using Intrusion and File Policies
The following topics describe how to configure access control policies to use intrusion and file policies: About Deep Inspection, page 1 Access Control Traffic Handling, page 2 File and Intrusion Inspection
More informationHow to Configure Route 53 for F-Series Firewalls in AWS
How to Configure Route 53 for F-Series Firewalls in AWS If you are running multiple stacks in different AWS regions, or multiple deployments in a single region, you must configure AWS Route 53 to access
More informationCYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta
CYBER ANALYTICS Architecture Overview Technical Brief May 2016 novetta.com 2016, Novetta Novetta Cyber Analytics: Technical Architecture Overview 1 INTRODUCTION 2 CAPTURE AND PROCESS ALL NETWORK TRAFFIC
More informationSymantec Protection Suite Add-On for Hosted Security
Symantec Protection Suite Add-On for Hosted Email Security Overview Malware and spam pose enormous risk to the health and viability of IT networks. Cyber criminal attacks are focused on stealing money
More informationDomain Name System - Advanced Computer Networks
- Advanced Computer Networks Saurabh Barjatiya International Institute Of Information Technology, Hyderabad 26 August, 2011 Contents 1 Distributed database, highly volatile Domain names Top level domains
More informationDomain Name System.
Domain Name System http://xkcd.com/302/ CSCI 466: Networks Keith Vertanen Fall 2011 Overview Final project + presentation Some TCP and UDP experiments Domain Name System (DNS) Hierarchical name space Maps
More informationRegular Paper Classification Method of Unknown Web Sites Based on Distribution Information of Malicious IP addresses
International Journal of Informatics Society, VOL.10, NO.1 (2018) 41-50 41 Regular Paper Classification Method of Unknown Web Sites Based on Distribution Information of Malicious IP addresses Shihori Kanazawa
More informationCLOAK OF VISIBILITY : DETECTING WHEN MACHINES BROWSE A DIFFERENT WEB
CLOAK OF VISIBILITY : DETECTING WHEN MACHINES BROWSE A DIFFERENT WEB CIS 601: Graduate Seminar Prof. S. S. Chung Presented By:- Amol Chaudhari CSU ID 2682329 AGENDA About Introduction Contributions Background
More information