Delay Injection for. Service Dependency Detection
|
|
- Aubrey Tate
- 5 years ago
- Views:
Transcription
1 Delay Injection for Service Dependency Detection Richard A. Kemmerer Computer Security Group Department of Computer Science University of California, Santa Barbara ARO/MURI Meeting - October 28, 2013
2 Correlation Engine COAs Data Data Data Data Real World Enterprise Network Mission Cyber-Assets Simulation/Live Security Exercises Analysis to get up-to-date view of cyber-assets Analyze and Characterize Attackers Analysis to determine dependencies between assets and missions Predict Future Actions Mission Model Cyber-Assets Model Create semantically-rich view of cyber-mission status Sensor Alerts Data Impact Analysis 2
3 Motivation Thrust I: Obtaining an up-to-date view of the available cyber-assets Need to know and model assets on your network network services (beyond IP address and ports) Thrust II: Obtaining understanding of the dependencies between missions and assets Find dependencies and redundancies between services Find relationships (mappings) between missions and assets Find assets and activities critical for network (or particular mission) 3
4 Quick Recap and Updates Determine relationships between services one service relies on another one (direct dependency) two services needed together (indirect dependency) B DNS Web A LDAP A B Mail C C 4
5 Quick Recap and Updates Extract activities and their related assets activity is a set of services that cooperate to achieve a higher-level goal building blocks for missions of course, this could be done manually we proposed an automated approach (not all activities are obvious) We proposed an approach based on passive observation of network traffic conducted experiments in the CS network at 5
6 Extracting Dependencies Basic idea of our passive activity extraction approach Find multiple services that are all correlated intuition is that multiple services that work together do this for a purpose; the network is leveraged to achieve a certain goal Problems correlation does not imply causation false positives direction of dependency cannot be determined 6
7 Extracting Dependencies Basic Idea Perform active discovery actively perturb traffic for service A, monitor how service B reacts when B depends on service A, we expect to see the effect of the perturbation introduce delays into requests (flows) to service A active watermarking, but for flows, not for packets when B does not depend on A, there should be no effect How to introduce perturbations 7
8 Introducing Delays Service A Service B Idle period Busy period 8
9 Introducing Delays In the real world, idle and busy periods not as easily detectable unrelated requests unexpected delays caching effects Need (many) more than one observation period (window) Need to perform statistical tests Developed Rippler an application-independent active approach to dependency detection 9
10 Rippler Statistical Tests Unknown distribution of service requests D(μ, σ) In case service has dependency, ρ delayed requests result in Idle period D 1 (μ (1-ρ), σ 1 ) Busy period D 2 (μ (1+ρ), σ 2 ) Hypothesis: Two services are independent, hence μ idle = μ busy 10
11 Rippler Statistical Tests To show the dependency of two services A and B, we want to reject the hypothesis that the two services are independent Null hypothesis (H 0 ) states that B is independent of A, so H 0 μ idle = μ busy Our approach is to statistically show that μ idle μ busy ; therefore, B is dependent on A We use 3 different statistical tests Two independent samples means t-test Two dependent samples means Paired t-test Two dependent samples means Signed Rank Test (Paired Wilcoxon) If any of the tests reject the null hypothesis we conclude that B is dependent on A 11
12 Statistical Tests Independent samples t-test The probability that the distributions from which two samples are drawn have the same means 12
13 Statistical Tests We can do better: Paired samples t-test Less sensitive to noise 13
14 Statistical Tests Even better Paired Wilcoxon test Takes advantage of the fact the idle time window and the busy time window samples are pairwise related For all three tests, we can show that increasing the number of sample intervals will eventually allow us to make a decision (even when the fraction of delayed requests is very small) 14
15 Environmental Effects on the Accuracy of the Statistical Tests In real networks there are a number of factors that may affect the accuracy of the statistical tests Low number of requests to the server Low percentage of the requests to the server affected by the delayer Noise and Jitter Cached services Overloaded services Popular services These can all be addressed by increasing the sample size 15
16 Simulations Demonstrate the desirable properties of the system (more data yields precise results) 16
17 Simulations Demonstrate the desirable properties of the system (more data yields precise results) 17
18 Real World Experiment Installed a delay mechanism at the CS Department Perturbed connections from CS lab machines to 54 services 4 months worth of data (133 GB of NetFlow data) 12.5 billion connections to interesting services 500ms delay introduced Detected 38 dependencies among the 54 services 18
19 Compared Against Three Previous Passive Dependency Systems Systems were Sherlock, Orion, and NSDMiner Ran on same NetFlow dataset Manually labeled 156 dependencies detected (superset from all 4 systems) 68 were true dependencies 70 were false dependencies Unable to determine correctness of 18 dependencies 19
20 Compared Against Three Previous Passive Dependency Systems 20
21 Conclusions Active discovery of dependencies Refined and tuned traffic flow watermarking scheme Multiple statistical tests to identify even small perturbations Simulations and experimental evaluation Can achieve arbitrarily low false positives if provided with large enough data set Compared favorably against previous passive dependency schemes Rippler is the first application-independent active dependencydetection system 21
22 Future Work Leveraging dependencies for sophisticated what-if analysis Work on methods to stimulate service activities and trigger missions 22
23 Questions? 23
From Correlation to Causation: Active Delay Injection for Service Dependency Detection
From Correlation to Causation: Active Delay Injection for Service Dependency Detection Christopher Kruegel Computer Security Group ARO MURI Meeting ICSI, Berkeley, November 15, 2012 Correlation Engine
More informationProgram-Analysis-Supported Identification of Applications in Large Networks
Program-Analysis-Supported Identification of Applications in Large Networks Christopher Kruegel Computer Security Group ARO MURI Meeting Arizona State University, October 28, 2013 Correlation Engine COAs
More informationDetection and Mitigation of Cyber-Attacks using Game Theory
Detection and Mitigation of Cyber-Attacks using Game Theory João P. Hespanha Kyriakos G. Vamvoudakis Correlation Engine COAs Data Data Data Data Cyber Situation Awareness Framework Mission Cyber-Assets
More informationThis shows a typical architecture that enterprises use to secure their networks: The network is divided into a number of segments Firewalls restrict
1 This shows a typical architecture that enterprises use to secure their networks: The network is divided into a number of segments Firewalls restrict access between segments This creates a layered defense
More informationMULTIVARIATE ANALYSIS OF STEALTH QUANTITATES (MASQ)
MULTIVARIATE ANALYSIS OF STEALTH QUANTITATES (MASQ) Application of Machine Learning to Testing in Finance, Cyber, and Software Innovation center, Washington, D.C. THE SCIENCE OF TEST WORKSHOP 2017 AGENDA
More informationBehavioral Detection of Stealthy Intruders
Behavioral Detection of Stealthy Intruders Vern Paxson University of California, Santa Barbara University of California, Berkeley Georgia Institute of Technology ARO/MURI Annual Review September 9, 2011
More informationLEoNIDS: a Low-latency and Energyefficient Intrusion Detection System
LEoNIDS: a Low-latency and Energyefficient Intrusion Detection System Nikos Tsikoudis Thesis Supervisor: Evangelos Markatos June 2013 Heraklion, Greece Low-Power Design Low-power systems receive significant
More informationPetroleum User Group Meeting, April 2006 Houston, TX. Leveraging Semantic Technology for Improved Enterprise Search and Knowledge Discovery
Petroleum User Group Meeting, April 2006 Houston, TX Leveraging Semantic Technology for Improved Enterprise Search and Knowledge Discovery Petroleum User Group Meeting, April 2006 Houston, TX OR GIS as
More informationSearch Engines Considered Harmful In Search of an Unbiased Web Ranking
Search Engines Considered Harmful In Search of an Unbiased Web Ranking Junghoo John Cho cho@cs.ucla.edu UCLA Search Engines Considered Harmful Junghoo John Cho 1/38 Motivation If you are not indexed by
More informationModel suitable for virtual circuit networks
. The leinrock Independence Approximation We now formulate a framework for approximation of average delay per packet in telecommunications networks. Consider a network of communication links as shown in
More informationUsing Large Data Sets Workbook Version A (MEI)
Using Large Data Sets Workbook Version A (MEI) 1 Index Key Skills Page 3 Becoming familiar with the dataset Page 3 Sorting and filtering the dataset Page 4 Producing a table of summary statistics with
More informationCYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta
CYBER ANALYTICS Architecture Overview Technical Brief May 2016 novetta.com 2016, Novetta Novetta Cyber Analytics: Technical Architecture Overview 1 INTRODUCTION 2 CAPTURE AND PROCESS ALL NETWORK TRAFFIC
More informationVulnerability Validation Tutorial
Vulnerability Validation Tutorial Last updated 01/07/2014-4.8 Vulnerability scanning plays a key role in the vulnerability management process. It helps you find potential vulnerabilities so that you can
More informationSearch Engines Considered Harmful In Search of an Unbiased Web Ranking
Search Engines Considered Harmful In Search of an Unbiased Web Ranking Junghoo John Cho cho@cs.ucla.edu UCLA Search Engines Considered Harmful Junghoo John Cho 1/45 World-Wide Web 10 years ago With Web
More informationSherlock Diagnosing Problems in the Enterprise
Sherlock Diagnosing Problems in the Enterprise Srikanth Kandula Victor Bahl, Ranveer Chandra, Albert Greenberg, David Maltz, Ming Zhang Enterprise Management: Between a Rock and a Hard Place Manageability
More informationSecuring Your Microsoft Azure Virtual Networks
Securing Your Microsoft Azure Virtual Networks IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up
More informationPredictive Analysis: Evaluation and Experimentation. Heejun Kim
Predictive Analysis: Evaluation and Experimentation Heejun Kim June 19, 2018 Evaluation and Experimentation Evaluation Metrics Cross-Validation Significance Tests Evaluation Predictive analysis: training
More informationData Sources for Cyber Security Research
Data Sources for Cyber Security Research Melissa Turcotte mturcotte@lanl.gov Advanced Research in Cyber Systems, Los Alamos National Laboratory 14 June 2018 Background Advanced Research in Cyber Systems,
More informationPanelists. Moderator: Dr. John H. Saunders, MITRE Corporation
SCADA/IOT Panel This panel will focus on innovative & emerging solutions and remaining challenges in the cybersecurity of industrial control systems ICS/SCADA. Representatives from government and infrastructure
More informationImproving Adaptability of Multi-Mode Systems via Program Steering
Improving Adaptability of Multi-Mode Systems via Program Steering Lee Lin Michael D. Ernst MIT CSAIL 1 Multi-Mode Systems A multi-mode system s behavior depends on its environment and internal state Examples
More informationCoding for the Network: Scalable and Multiple description coding Marco Cagnazzo
Coding for the Network: Scalable and Multiple description coding Marco Cagnazzo Overview Examples and motivations Scalable coding for network transmission Techniques for multiple description coding 2 27/05/2013
More informationThe Bro Cluster The Bro Cluster
The Bro Cluster The Bro Cluster Intrusion Detection at 10 Gig and A High-Performance beyond using the NIDS Bro Architecture IDS for the Lawrence Berkeley National Lab Robin International Computer Science
More informationMULTINATIONAL BANKING CORPORATION INVESTS IN ROUTE ANALYTICS TO AVOID OUTAGES
MULTINATIONAL BANKING CORPORATION INVESTS IN ROUTE ANALYTICS TO AVOID OUTAGES CASE STUDY Table of Contents Organization Background and Network Summary 3 Outage Precursor and Impact 3 Outage Analysis 4
More informationAttack Resilient State Estimation for Vehicular Systems
December 15 th 2013. T-SET Final Report Attack Resilient State Estimation for Vehicular Systems Nicola Bezzo (nicbezzo@seas.upenn.edu) Prof. Insup Lee (lee@cis.upenn.edu) PRECISE Center University of Pennsylvania
More informationTowards Performance and Scalability Analysis of Distributed Memory Programs on Large-Scale Clusters
Towards Performance and Scalability Analysis of Distributed Memory Programs on Large-Scale Clusters 1 University of California, Santa Barbara, 2 Hewlett Packard Labs, and 3 Hewlett Packard Enterprise 1
More informationARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin
ARC VIEW FEBRUARY 1, 2018 Critical Industries Need Continuous ICS Security Monitoring By Sid Snitkin Keywords Anomaly and Breach Detection, Continuous ICS Security Monitoring, Nozomi Networks Summary Most
More informationKnow Your Achilles Heel: Automatic Detection of Network Critical Services
Know Your Achilles Heel: Automatic Detection of Network Critical Services Ali Zand UC Santa Barbara ali.zand@gmail.com Richard Kemmerer UC Santa Barbara kemm@cs.ucsb.edu Amir Houmansadr UMass Amherst amir@cs.umass.edu
More informationSpamming Botnets: Signatures and Characteristics
Spamming Botnets: Signatures and Characteristics Himanshu Jethawa Department of Computer Science Missouri University of Science and Technology hj5y3@mst.edu http://www.sigcomm.org/sites/default/files/ccr/papers/2008/
More informationCIS Controls Measures and Metrics for Version 7
Level One Level Two Level Three Level Four Level Five Level Six 1.1 Utilize an Active Discovery Tool Utilize an active discovery tool to identify devices connected to the organization's network and update
More informationImpact of Search Engines on Page Popularity
Impact of Search Engines on Page Popularity Junghoo John Cho (cho@cs.ucla.edu) Sourashis Roy (roys@cs.ucla.edu) University of California, Los Angeles Impact of Search Engines on Page Popularity J. Cho,
More informationExperiments on TCP Re-Ordering March 27 th 2017
Experiments on TCP Re-Ordering March 27 th 2017 Introduction The Transmission Control Protocol (TCP) is very sensitive to the behavior of packets sent end-to-end. Variations in arrival time ( jitter )
More informationCIS Controls Measures and Metrics for Version 7
Level 1.1 Utilize an Active Discovery Tool 1.2 Use a Passive Asset Discovery Tool 1.3 Use DHCP Logging to Update Asset Inventory 1.4 Maintain Detailed Asset Inventory 1.5 Maintain Asset Inventory Information
More informationCS 344/444 Computer Network Fundamentals Final Exam Solutions Spring 2007
CS 344/444 Computer Network Fundamentals Final Exam Solutions Spring 2007 Question 344 Points 444 Points Score 1 10 10 2 10 10 3 20 20 4 20 10 5 20 20 6 20 10 7-20 Total: 100 100 Instructions: 1. Question
More informationThe FootFall Project Tracing Attacks Through Non-Cooperative Networks and Stepping Stones with Timing-Based Watermarking
Computer Science The FootFall Project Tracing Attacks Through Non-Cooperative Networks and Stepping Stones with Timing-Based Watermarking Douglas Reeves Peng Ning N.C. State University Xinyuan Wang The
More informationSummary Cache based Co-operative Proxies
Summary Cache based Co-operative Proxies Project No: 1 Group No: 21 Vijay Gabale (07305004) Sagar Bijwe (07305023) 12 th November, 2007 1 Abstract Summary Cache based proxies cooperate behind a bottleneck
More informationEmerging Threat Intelligence using IDS/IPS. Chris Arman Kiloyan
Emerging Threat Intelligence using IDS/IPS Chris Arman Kiloyan Who Am I? Chris AUA Graduate (CS) Thesis : Cyber Deception Automation and Threat Intelligence Evaluation Using IDS Integration with Next-Gen
More informationIPS-1 Robust and accurate intrusion prevention
Security Check Point security solutions are the marketleading choice for securing the infrastructure. IPS-1 Robust and accurate intrusion prevention Today s s operate in an environment that is ever changing,
More informationRSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1
RSA Advanced Security Operations Richard Nichols, Director EMEA 1 What is the problem we need to solve? 2 Attackers Are Outpacing Defenders..and the Gap is Widening Attacker Capabilities The defender-detection
More informationCOMPUTER NETWORK PERFORMANCE. Gaia Maselli Room: 319
COMPUTER NETWORK PERFORMANCE Gaia Maselli maselli@di.uniroma1.it Room: 319 Computer Networks Performance 2 Overview of first class Practical Info (schedule, exam, readings) Goal of this course Contents
More informationConjoint analysis Outline
Outline Conjoint analysis as a decompositional preference model Steps in conjoint analysis Uses of conjoint analysis Compositional vs. decompositional preference models Compositional: respondents evaluate
More informationPerformance and cost effectiveness of caching in mobile access networks
Performance and cost effectiveness of caching in mobile access networks Jim Roberts (IRT-SystemX) joint work with Salah Eddine Elayoubi (Orange Labs) ICN 2015 October 2015 The memory-bandwidth tradeoff
More informationARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE
ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE Vectra Cognito HIGHLIGHTS Finds active attackers inside your network Automates security investigations with conclusive
More informationUC Santa Barbara. Organizing Large Scale Hacking Competitions
Organizing Large Scale Hacking Competitions Outline Hacking Competitions Overview UCSB s ictf History 2003 2007 Competitions 2008 Competition 2009 Competition Lessons Learned Final Remarks HACKING COMPETITIONS
More informationLouis Fourrier Fabien Gaie Thomas Rolf
CS 229 Stay Alert! The Ford Challenge Louis Fourrier Fabien Gaie Thomas Rolf Louis Fourrier Fabien Gaie Thomas Rolf 1. Problem description a. Goal Our final project is a recent Kaggle competition submitted
More informationQuestion No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output:
Volume: 75 Questions Question No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output: Which of the following is occurring? A. A ping sweep B. A port scan
More informationIndicate whether the statement is true or false.
Indicate whether the statement is true or false. 1. NIDPSs can reliably ascertain if an attack was successful or not. 2. Intrusion detection consists of procedures and systems that identify system intrusions
More informationCONTROLLING YOUR OWN BATTLESPACE. From Threat Response Teams To Threat Intelligence Teams
CONTROLLING YOUR OWN BATTLESPACE From Threat Response Teams To Threat Intelligence Teams Agenda Motivations The Intelligence Process The Cyber Kill Chain Approach Indicators of Compromise Information Sharing
More informationBagging for One-Class Learning
Bagging for One-Class Learning David Kamm December 13, 2008 1 Introduction Consider the following outlier detection problem: suppose you are given an unlabeled data set and make the assumptions that one
More informationBUBBLE RAP: Social-Based Forwarding in Delay-Tolerant Networks
1 BUBBLE RAP: Social-Based Forwarding in Delay-Tolerant Networks Pan Hui, Jon Crowcroft, Eiko Yoneki Presented By: Shaymaa Khater 2 Outline Introduction. Goals. Data Sets. Community Detection Algorithms
More informationVectra Cognito. Brochure HIGHLIGHTS. Security analyst in software
Brochure Vectra Cognito HIGHLIGHTS Finds active attackers inside your network Automates security investigations with conclusive answers Persistently tracks threats across all phases of attack Monitors
More informationDetecting Botnets Using Cisco NetFlow Protocol
Detecting Botnets Using Cisco NetFlow Protocol Royce Clarenz C. Ocampo 1, *, and Gregory G. Cu 2 1 Computer Technology Department, College of Computer Studies, De La Salle University, Manila 2 Software
More informationATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS INTRODUCTION Attivo Networks has partnered with McAfee to detect real-time in-network threats and to automate incident response
More informationPair-Wise Multiple Comparisons (Simulation)
Chapter 580 Pair-Wise Multiple Comparisons (Simulation) Introduction This procedure uses simulation analyze the power and significance level of three pair-wise multiple-comparison procedures: Tukey-Kramer,
More informationPALANTIR CYBERMESH INTRODUCTION
100 Hamilton Avenue Palo Alto, California 94301 PALANTIR CYBERMESH INTRODUCTION Cyber attacks expose organizations to significant security, regulatory, and reputational risks, including the potential for
More informationEvaluation Strategies for Network Classification
Evaluation Strategies for Network Classification Jennifer Neville Departments of Computer Science and Statistics Purdue University (joint work with Tao Wang, Brian Gallagher, and Tina Eliassi-Rad) 1 Given
More informationSlides 11: Verification and Validation Models
Slides 11: Verification and Validation Models Purpose and Overview The goal of the validation process is: To produce a model that represents true behaviour closely enough for decision making purposes.
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationSecuring Your Amazon Web Services Virtual Networks
Securing Your Amazon Web Services s IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up a workload,
More informationBattle between hackers and machine learning. Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019
Battle between hackers and machine learning Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019 Google: facts and numbers Real Cisco Big Data for Security Training Set Why is Machine Learning
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationStatistical Analysis of Metabolomics Data. Xiuxia Du Department of Bioinformatics & Genomics University of North Carolina at Charlotte
Statistical Analysis of Metabolomics Data Xiuxia Du Department of Bioinformatics & Genomics University of North Carolina at Charlotte Outline Introduction Data pre-treatment 1. Normalization 2. Centering,
More informationDeep Instinct v2.1 Extension for QRadar
Deep Instinct v2.1 Extension for QRadar This scalable joint solution enables the seamless ingestion of Deep Instinct events into IBM QRadar platform, this results in higher visibility of security breaches
More informationMcAfee Network Security Platform Administration Course
McAfee Network Security Platform Administration Course Education Services administration course The McAfee Network Security Platform Administration course from McAfee Education Services is an essential
More informationSIEM Solutions from McAfee
SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an
More informationDistributed Agent-Based Intrusion Detection for the Smart Grid
Distributed Agent-Based Intrusion Detection for the Smart Grid Presenter: Esther M. Amullen January 19, 2018 Introduction The smart-grid can be viewed as a Large-Scale Networked Control System (LSNCS).
More informationEnterprise Situational Intelligence
DATA SHEET Enterprise Situational Intelligence You can attain a real-time, authoritative view of your network infrastructure using Lumeta ESI. Running in an always-on mode, ESI delivers network indexing,
More informationSecurity analytics: From data to action Visual and analytical approaches to detecting modern adversaries
Security analytics: From data to action Visual and analytical approaches to detecting modern adversaries Chris Calvert, CISSP, CISM Director of Solutions Innovation Copyright 2013 Hewlett-Packard Development
More informationDistributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by
More informationSOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM
RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more
More informationFailure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data
Failure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data Anurag Srivastava, Bo Cui, P. Banerjee Washington State University NASPI March 2017 Outline
More informationLecture Notes on Critique of 1998 and 1999 DARPA IDS Evaluations
Lecture Notes on Critique of 1998 and 1999 DARPA IDS Evaluations Prateek Saxena March 3 2008 1 The Problems Today s lecture is on the discussion of the critique on 1998 and 1999 DARPA IDS evaluations conducted
More informationStager. A Web Based Application for Presenting Network Statistics. Arne Øslebø
Stager A Web Based Application for Presenting Network Statistics Arne Øslebø Keywords: Network monitoring, web application, NetFlow, network statistics Abstract Stager is a web based
More informationDetecting Credential Spearphishing Attacks in Enterprise Settings
Detecting Credential Spearphishing Attacks in Enterprise Settings Grant Ho UC Berkeley Aashish Sharma, Mobin Javed, Vern Paxson, David Wagner 1 Spear Phishing Targeted email that tricks victim into giving
More informationTable of Content Security Trend
Table of Content Security Trend New Business, New Challenges Difficulties of O&M for Network Security New Security Model SANGFOR Security Concept NGAF Your Security Guard to the Future Cyber Risks: The
More informationThe Davies-Murphy Power Attack. Sébastien Kunz-Jacques Frédéric Muller Frédéric Valette DCSSI Crypto Lab
The Davies-Murphy Power Attack Sébastien Kunz-Jacques Frédéric Muller Frédéric Valette DCSSI Crypto Lab Introduction Two approaches for attacking crypto devices traditional cryptanalysis Side Channel Attacks
More informationAAD - ASSET AND ANOMALY DETECTION DATASHEET
21 October 2018 AAD - ASSET AND ANOMALY DETECTION DATASHEET Meaningful Insights with Zero System Impact Classification: [Protected] 2018 Check Point Software Technologies Ltd. All rights reserved. This
More informationFault Localization for Firewall Policies
Fault Localization for Firewall Policies JeeHyun Hwang 1 Tao Xie 1 Fei Chen Alex X. Liu 1 Department of Computer Science, North Carolina State University, Raleigh, NC 7695-86 Department of Computer Science
More informationCTI Capability Maturity Model Marco Lourenco
1 CTI Capability Maturity Model Cyber Threat Intelligence Course NIS Summer School 2018, Crete October 2018 MARCO LOURENCO - ENISA Cyber Security Analyst Lead European Union Agency for Network and Information
More informationsnoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection
Snoc DDoS Protection Fast Secure Cost effective sales@.co.th www..co.th securenoc Introduction Snoc 3.0 Snoc DDoS Protection provides organizations with comprehensive protection against the most challenging
More informationThreat Hunting in Modern Networks. David Biser
Threat Hunting in Modern Networks David Biser What is Threat Hunting? The act of aggressively pursuing and eliminating cyber adversaries as early as possible in the Cyber Kill Chain. Why Perform Threat
More informationMachine Learning Techniques for Data Mining
Machine Learning Techniques for Data Mining Eibe Frank University of Waikato New Zealand 10/25/2000 1 PART V Credibility: Evaluating what s been learned 10/25/2000 2 Evaluation: the key to success How
More informationSeceon s Open Threat Management software
Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real
More informationCS229 Final Project: Predicting Expected Response Times
CS229 Final Project: Predicting Expected Email Response Times Laura Cruz-Albrecht (lcruzalb), Kevin Khieu (kkhieu) December 15, 2017 1 Introduction Each day, countless emails are sent out, yet the time
More informationDistributed Diagnosis of Failures in a Three Tier E-Commerce System. Motivation
Distributed Diagnosis of Failures in a Three Tier E-ommerce System Gunjan Khanna, Ignacio Laguna, Fahad A. Arshad, and Saurabh agchi Dependable omputing Systems Lab (DSL) School of Electrical and omputer
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : HP0-Y24 Title : Securing HP ProCurve Networks Vendors : HP Version : DEMO Get Latest
More informationRiskSense Attack Surface Validation for IoT Systems
RiskSense Attack Surface Validation for IoT Systems 2018 RiskSense, Inc. Surfacing Double Exposure Risks Changing Times and Assessment Focus Our view of security assessments has changed. There is diminishing
More informationWAN and Cloud Link Analytics for Enterprises
Solution brief WAN and Cloud Link Analytics for Enterprises Enterprises rely heavily on cloud and WAN links, but there is little visibility into performance issues for these connections. New and better
More informationConnected Component Analysis and Change Detection for Images
Connected Component Analysis and Change Detection for Images Prasad S.Halgaonkar Department of Computer Engg, MITCOE Pune University, India Abstract Detection of the region of change in images of a particular
More informationCYBERBIT P r o t e c t i n g a n e w D i m e n s i o n
CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n CYBETBIT in a Nutshell A leader in the development and integration of Cyber Security Solutions A main provider of Cyber Security solutions for the
More informationThe Future of Threat Prevention
The Future of Threat Prevention Bricata is the leading developer of Next Generation Intrusion Prevention Systems (NGIPS) technology, providing innovative, disruptive, high-speed, high-performance network
More informationCato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief
Cato Cloud Software-defined and cloud-based secure enterprise network Solution Brief Legacy WAN and Security Appliances are Incompatible with the Modern Enterprise Cato Networks: Software-defined and Cloud-based
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationFeature Selection for fmri Classification
Feature Selection for fmri Classification Chuang Wu Program of Computational Biology Carnegie Mellon University Pittsburgh, PA 15213 chuangw@andrew.cmu.edu Abstract The functional Magnetic Resonance Imaging
More informationChapter 8. Evaluating Search Engine
Chapter 8 Evaluating Search Engine Evaluation Evaluation is key to building effective and efficient search engines Measurement usually carried out in controlled laboratory experiments Online testing can
More informationCase Study: Attempts at Parametric Reduction
Appendix C Case Study: Attempts at Parametric Reduction C.1 Introduction After the first two studies, we have a better understanding of differences between designers in terms of design processes and use
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationSCALABLE. Network modeling software for: Development Analysis Testing Cyber Assessment DATASHEET NETWORK TECHNOLOGIES. Virtual Network Model
SCALABLE NETWORK TECHNOLOGIES DATASHEET Network modeling software for: Development Analysis Testing Cyber Assessment EXata software (EXata) is a tool for scientists, engineers, IT technicians and communications
More informationPreventing (Network) Time Travel with Chronos. Omer Deutsch, Neta Rozen Schiff, Danny Dolev, Michael Schapira
Preventing (Network) Time Travel with Chronos Omer Deutsch, Neta Rozen Schiff, Danny Dolev, Michael Schapira Network Time Protocol (NTP) NTP synchronizes time across computer systems over the Internet.
More informationGoliath Technology Overview with MEDITECH Module
Customers # 324 Fortune 500 Goliath Technology Overview with MEDITECH Module In approximately one week, support tickets dropped by 25% z Our Customers were complaining about persistent slowness with Citrix.
More informationThe Cognito automated threat detection and response platform
Overview The Cognito automated threat detection and response platform HIGHLIGHTS Finds active cyberattackers inside cloud, data center and enterprise environments Automates security investigations with
More information