Towards secure Internet. TIVIT results and business forum, Prof. Mika Rautila VTT Technical Research Centre of Finland

Similar documents
Partners: Nokia, NSN, Aalto/ComNet, Aalto/CSE, UH, VTT Future Internet SHOK preconference Johanna Nieminen (Nokia)

Towards Future Internet

INFORMATION EXCHANGE GATEWAYS: REFERENCE ARCHITECTURE

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING

The Top 6 WAF Essentials to Achieve Application Security Efficacy

CO-CREATIVE INTELLIGENCE MITÄ IHMETTÄ SE MERKITSEE? Pauli Kuosmanen CTO DIGILE

Supply Chain Integrity and Security Assurance for ICT. Mats Nilsson

Security Gaps from the Field

Innovation policy for Industry 4.0

NETWORK DDOS PROTECTION STANDBY OR PERMANENT INFRASTRUCTURE PROTECTION VIA BGP ROUTING

Study on Computer Network Technology of Digital Library

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

1 Page Compass Investors, LLC P.O. Box 94 Kenilworth, IL

Investigative Response Case Metrics Initiative Preliminary findings from 700+ data compromise investigations

IEEE CSCN Genesis Taking the first steps towards 6G. Prof. Ari Pouttu. Centre for Wireless Communications. University of Oulu

How technology changed fraud investigations. Jean-François Legault Senior Manager Analytic & Forensic Technology June 13, 2011

2. INTRUDER DETECTION SYSTEMS

Security

G DATA WhitePaper. Layered Security

PCI DSS v3.2 Mapping 1.4. Kaspersky Endpoint Security. Kaspersky Enterprise Cybersecurity

RUAG Cyber Security Understand Cyber. Protect Values.

Rule based Forwarding (RBF): improving the Internet s flexibility and security. Lucian Popa, Ion Stoica, Sylvia Ratnasamy UC Berkeley Intel Labs

Outcomes of the workshop 5G Security: Phase 1 landscape and foreseen evolutions took place at Oulu, on 12-of June.

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

A Unified Threat Defense: The Need for Security Convergence

SIEM: Five Requirements that Solve the Bigger Business Issues

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Threat Control and Containment in Intelligent Networks. Philippe Roggeband - Product Manager, Security, Emerging Markets

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

INSIDE. Integrated Security: Creating the Secure Enterprise. Symantec Enterprise Security

Automating Security Response based on Internet Reputation

Easy Activation Effortless web-based administration that can be activated in as little as one business day - no integration or migration necessary.

SECURING DEVICES IN THE INTERNET OF THINGS

Information Security Controls Policy

Cisco Secure Boot and Trust Anchor Module Differentiation

IC32E - Pre-Instructional Survey

THE RISE OF GLOBAL THREAT INTELLIGENCE

Security by Default: Enabling Transformation Through Cyber Resilience

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

F5 Application Security. Radovan Gibala Field Systems Engineer

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

IMPACT Global Response Centre. Technical Note GLOBAL RESPONSE CENTRE

The University of Queensland

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Networks

CIS Top 20 #13 Data Protection. Lisa Niles: CISSP, Director of Solutions Integration

Credit-based Network Management

Unit code: D/601/1956 QCF Level 5: BTEC Higher National Credit value: 15

Are you safe? Your business growth strategies are at the heart of the cyber risks your organization faces

A Framework for Managing Crime and Fraud

Attack Patterns Recognition Framework

Cyber Criminal Methods & Prevention Techniques. By

COMPUTER NETWORK SECURITY

DIGITAL ACCOUNTANCY FORUM CYBER SESSION. Sheila Pancholi Partner, Technology Risk Assurance

Seamless Security in the Age of Cloud Services: Securing SaaS Applications & Cloud Workloads

DIGITAL TRUST Making digital work by making digital secure

Statistical based Approach for Packet Classification

AT&T Endpoint Security

Securing the SMB Cloud Generation

Update on Future Internet Research

Chapter 9. Firewalls

PALANTIR CYBERMESH INTRODUCTION

Enterasys 2B Enterasys Certified Internetworking Engineer(ECIE)

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe

SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS

ACARE WG 4 Security Overview

Computer Security. Solutions

POSITION DESCRIPTION

Securing Devices in the Internet of Things

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Copyright 2012 EMC Corporation. All rights reserved. Obrigado

Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

The Center for Internet Security

Huawei Next-Generation Network Security

OPTIMISATION DE VOTRE SAUVEGARDE. Daniel De Prezzo Technical Sales & Services Presales Manager Symantec

IBM Security Network Protection Solutions

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Data Retrieval Firm Boosts Productivity while Protecting Customer Data

Forecast to Industry 2016

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

BUSINESS LECTURE TWO. Dr Henry Pearson. Cyber Security and Privacy - Threats and Opportunities.

SDN Security BRKSEC Alok Mittal Security Business Group, Cisco

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

DATACENTER SERVICES DATACENTER

DDoS MITIGATION BEST PRACTICES

Online Security and Safety Protect Your Computer - and Yourself!

ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE

An Aflac Case Study: Moving a Security Program from Defense to Offense

Big Data Analytics for Host Misbehavior Detection

The Challenge of Spam An Internet Society Public Policy Briefing

Data Security at Smart Assessor

Internet Security Threat Report Volume XIII. Patrick Martin Senior Product Manager Symantec Security Response October, 2008

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Transcription:

Towards secure Internet TIVIT results and business forum, 12.4.2011 Prof. Mika Rautila VTT Technical Research Centre of Finland

2 Tivit Future Internet Program 2008-2013 Vision: Future Internet = a mission critical backbone of global information society Mission: Enhance the Internet technology and ecology as a platform for innovation while providing strong governance over the use of the network resources and information 4 yr Strategic Research Agenda: www.futureinternet.fi WP 4 Testbed WP 1 Routing WP 2 Transport WP 3 Information Networking WP 6 Security Phase 2 Partners (6/2009 3/2011): CSC IT Center for Science, Cybercube, F-Secure, Ericsson, Nokia, Nokia Siemens Networks, Stonesoft, TeliaSonera Finland, Aalto University, Universities of Helsinki, Jyväskylä and Turku, Tampere University of Technology, VTT Technical Research Centre of Finland, Tivit WP 0 Management & cross-work 14.4.2011 Tivit Future Internet 2 WP 5 Dissemination

3 Trends in security landscape The following trends are characteristic for the development of security landscape of the Internet over the past few years: Amount of malicious activity has increased rapidly. Attacks have become web based. Attackers have moved away from nuisance towards activities that are motivated by financial gain. Professionalization and commercialization of malicious activities.

4 Trends in security landscape New malicious code signatures Symantec Internet security threat report XV, 2010

5 Trends in security landscape

6 Trends in security landscape Some typical goals of the attackers are as follows: Theft of credit card and financial account information Theft of identity information Taking control of target computers Extortion Ruining critical systems and infrastructure

7 Concrete research problems How to improve security of Internet so that the society cannot be damaged through the Internet. This goal translated to the following subproblems: how modern data analysis can be used to improve information security, how trust, trustworthiness and reputation of objects can be evaluated and used to protect users, how to mitigate the unwanted traffic problem.

8 Data analysis for information security Malicious programs are automatically created. Hence anti-virus software vendors receive tens of thousands of new potentially malicious program samples every day. Signature based detection must be augmented with new approaches. Two different machine learning based approaches: Analysis based on dynamic properties of programs Analysis based on static properties of programs

9 Data analysis for information security Call graph similarity based clustering One way to automatically generate new malicious samples is to slightly modify an existing one. Hence the static structure of the two versions are often similar. Measure distance between two call graphs by the number of elementary graph modifications required to make the call graphs isomorphic (graph edit distance). Cluster samples using graph edit distance.

10 Data analysis for information security Classification using SVM Behaviour of samples are described by textual fields, e.g., field containing name of created file. Aim at good precision with good enough recall, i.e., if a sample is classified as malicious it is malicious with high probability, and big enough proportion of malicious samples are classified as malicious. An SVM based classifier using Gaussian kernel Evaluated with a dataset containg ~250k samples from a time span of about 2.5 years. Cumulatitive precision was 99.923% and recall 53.52%.

11 Trust and reputation Mobile devices have been becoming open platforms to install and execute various applications. Users trust to an application will become a crucial issue that impacts its success. Explore trust of mobile applications based on users behaviors, and propose a conceptual trust model Research question: what interaction behaviors are related to the user s trust in a mobile application. Hypothesis: user s trust in a mobile application can be studied during the appliaction usage.

12 Trust and reputation Trust related behvior

13 Trust and reputation UB1: normal usage behavior 1. The more times you use the messaging, the more you trust it. 2. The more frequently you use the messaging, the more you need it. 3. The longer time you use the messaging, the more you trust it.

14 Unwanted traffic Network level payload based access policy In traditional firewalls access policy decisions are based on network address information in the packets In payload based access policy application protocol or application is first identified and based on this information access policy decision is made. This means that in the beginning of each connection traffic is first allowed and after the application protocol has been identified the policy decision is made.

15 VTT creates business from technology

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback