Detecting Algorithmically Generated Malicious Domain Names
|
|
- Dortha Pierce
- 8 years ago
- Views:
Transcription
1 Detecting Algorithmically Generated Malicious Domain Names Sandeep Yadav, Texas A&M University IT Security for the Next Generation American Cup, New York 9-11 November, 2011
2 Introduction Botnets, a network of bots (compromised hosts) under a Command & Control server, responsible for: Spamming Phishing DDoS Recent (in-)famous botnets: PAGE 2
3 Modus Operandi bota C&C Location #1 botb C&C Location #2 botc C&C Location #3 Location #1 Location #2 Location #3 Domain fakjdfhak.botnet.com xxcvsdf.botnet.com lkdsjlllh.botnet.com IP A1.B1.C1.D1 A2.B2.C2.D2 A3.B3.C3.D3 PAGE 3
4 Objective fakjdfhak.botnet.com lkdsjlllh.botnet.com xxcvsdf.botnet.com Goal Detect domain-fluxing botnets by exploiting the randomness in domain names. PAGE 4
5 Groups for Analysis Per-domain fakjdfhak.botnet.com lkdsjlllh.botnet.com xxcvsdf.botnet.com Botnet.com Per-IP kdjfhk.org weiyrilskjd.com hlkhdfds.info IP: Per-component Domain1 Domain2 IP1 IP2 The whole component PAGE 5
6 Metrics for analysis Kullback- Leibler divergence Jaccard Index Edit Distance PAGE 6
7 Metrics for analysis (Kullback-Leibler Divergence) A measure of similarity between two probability distributions. PAGE 7
8 Metrics for analysis (Jaccard Index) Evaluates similarity with a benign database of bigrams E.g. xjisov.botnet.com Break into bigrams xj ji is so ov Compute the fraction of bigrams present in the benign database Benign groups will have a higher value of this metric. PAGE 8
9 Metrics for analysis (Edit Distance) The number of character modifications (addition, deletion, or substitution) required to convert one string to other. E.g. When converting dog to cat, the edit distance is three. Intuitively, the edit distance for two randomized (possibly malicious) domains is higher. For instance: ns1.google.com -> ns2.google.com (Benign) sljslasdkja.com -> rjhbgjhr.org (Malicious) [low ED] [high ED] No reference database or distribution required. PAGE 9
10 Results Evaluation data set Tier-1 ISP dataset containing host of malicious domains (including Conficker). Benign data set DNS-PTR dataset containing PTR records for addresses in the IPv4 space. Malicious data set Domains for Storm, Kraken, Pushdo, etc., obtained from Botlab. PAGE 10
11 Results Per-domain analysis K-L divergence Jaccard Index Similarly, edit distance also performs reasonably well: With 500 test words, TPR: 100% for 8% FPR. PAGE 11
12 Results Per-component analysis Applied a supervised learning approach. Used L1-Regularization algorithm for classification. Used three features: K-L divergence for unigrams, Jaccard index, Edit distance Training based on one malicious (Conficker) component and remaining benign components. PAGE 12
13 Results Per-component analysis Outcome: Detected Conficker. Discovered the presence of Helldark botnet. Discovered a new botnet, we call, Mjuyh. 57-character long fourth level domain composed of random characters. One domain maps to 10 IP addresses. PAGE 13
14 Take Away Domain-fluxing botnets utilize high-entropy domain names. We deploy metrics such as Kullback- Leibler divergence, Jaccard index, and Edit distance for detecting such botnets. In addition to detecting known botnets, we discover new botnets. PAGE 14
15 Thank You Sandeep Yadav, Texas A&M University IT Security for the Next Generation American Cup, New York 9-11 November, 2011
RECENT botnets such as Conficker, Kraken and Torpig have
YADAV ET AL. : DETECTING ALGORITHMICALLY GENERATED DOMAIN-FLUX ATTACKS WITH DNS TRAFFIC ANALYSIS Detecting Algorithmically Generated Domain-Flux Attacks with DNS Traffic Analysis Sandeep Yadav, Student
More informationDetecting Algorithimically Generated Malicious Domain Names
Detecting Algorithimically Generated Malicious Domain Names Sandeep Yadav, Ashwath K.K. Reddy, and A.L. Narasimha Reddy Department of Electrical and Computer Engineering Texas A&M University College Station,
More informationDetecting Algorithmically Generated Malicious Domain Names
Detecting Algorithmically Generated Malicious Domain Names Sandeep Yadav, Ashwath K.K. Reddy, and A.L. Narasimha Reddy Department of Electrical and Computer Engineering Texas A&M University College Station,
More informationWinning with DNS Failures: Strategies for Faster Botnet Detection
Winning with DNS Failures: Strategies for Faster Botnet Detection Sandeep Yadav and A.L. Narasimha Reddy Department of Electrical and Computer Engineering, Texas A&M University sandeepy@tamu.edu,reddy@ece.tamu.edu
More informationSCALABLE TECHNIQUES FOR ANOMALY DETECTION. A Dissertation SANDEEP YADAV
SCALABLE TECHNIQUES FOR ANOMALY DETECTION A Dissertation by SANDEEP YADAV Submitted to the Office of Graduate Studies of Texas A&M University in partial fulfillment of the requirements for the degree of
More informationSecurity Incidents And Trends In Croatia. Domagoj Klasić dklasic@cert.hr
Security Incidents And Trends In Croatia Domagoj Klasić dklasic@cert.hr Croatian National CERT About us Founded in 2008. in accordance with the Information Security Act We are a department of the Croatian
More informationCYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION
CYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION MATIJA STEVANOVIC PhD Student JENS MYRUP PEDERSEN Associate Professor Department of Electronic Systems Aalborg University,
More informationDetection of Fast-Flux Networks Using Various DNS Feature Sets
Detection of Fast-Flux Networks Using Various DNS Feature Sets Z Berkay Celik and Serna Oktug Department of Computer Engineering Istanbul Technical University Maslak, Istanbul, Turkey 34469 { zbcelik,oktug}@ituedutr
More informationIndian Computer Emergency Response Team (CERT-In) Annual Report (2010)
Indian Computer Emergency Response Team (CERT-In) Annual Report (2010) Indian Computer Emergency Response Team (CERT-In) Department of Information Technology Ministry of Communications & Information Technology
More informationEVILSEED: A Guided Approach to Finding Malicious Web Pages
+ EVILSEED: A Guided Approach to Finding Malicious Web Pages Presented by: Alaa Hassan Supervised by: Dr. Tom Chothia + Outline Introduction Introducing EVILSEED. EVILSEED Architecture. Effectiveness of
More informationAgenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka
Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques
More informationSecurity Solutions for the New Threads
Security Solutions for the New Threads We see things others can t Pablo Grande Sales Director, SOLA pgrande@arbor.net What a CISO Is Looking For Show Progress on Response Time Measurably improve our incident
More informationThe Coremelt Attack. Ahren Studer and Adrian Perrig. We ve Come to Rely on the Internet
The Coremelt Attack Ahren Studer and Adrian Perrig 1 We ve Come to Rely on the Internet Critical for businesses Up to date market information for trading Access to online stores One minute down time =
More informationSecurity Intelligence Blacklisting
The following topics provide an overview of Security Intelligence, including use for blacklisting and whitelisting traffic and basic configuration. Security Intelligence Basics, page 1 Security Intelligence
More informationCyber Security and Critical Information Infrastructure
Cyber Security and Critical Information Infrastructure Dr. Gulshan Rai Director General Indian Computer Emergency Response Team (CERT- In) grai [at] cert-in.org.in The Complexity of Today s Network Changes
More informationDDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR
Journal homepage: www.mjret.in DDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR Maharudra V. Phalke, Atul D. Khude,Ganesh T. Bodkhe, Sudam A. Chole Information Technology, PVPIT Bhavdhan Pune,India maharudra90@gmail.com,
More informationAdventures in Cybercrime. Piotr Kijewski CERT Polska/NASK
Adventures in Cybercrime Piotr Kijewski CERT Polska/NASK Would you like a Porsche? Porsche Cayenne S Turbo: 149 000 USD Or maybe a different type? Porsche 911 Turbo: 149 000 USD The car is there Porsche
More informationSPAMMING BOTNETS: SIGNATURES AND CHARACTERISTICS
SPAMMING BOTNETS: SIGNATURES AND CHARACTERISTICS INTRODUCTION BOTNETS IN SPAMMING WHAT IS AUTORE? FACING CHALLENGES? WE CAN SOLVE THEM METHODS TO DEAL WITH THAT CHALLENGES Extract URL string, source server
More informationAT&T Real-Time Network Security Overview
AT&T Real-Time Network Security Overview Dan Solero Director of Security Technology, AT&T Know Your Enemy: Security Threats Extend Beyond Viruses & Worms Distributed Denial of Service Spam for Hire Social
More informationBeyond Aurora s Veil: A Vulnerable Tale
Beyond Aurora s Veil: A Vulnerable Tale Derek Manky Cyber Security & Threat Research FortiGuard Labs October 26th, 2010: SecTor 2010 Toronto, CA Conficker: April Doomsday.. Meanwhile JBIG2 Zero Day PDF/SWF
More informationShellshock. Oz Elisyan & Maxim Zavodchik
Shellshock By Oz Elisyan & Maxim Zavodchik INTRODUCTION Once a high profile vulnerability is released to the public, there will be a lot of people who will use the opportunity to take advantage on vulnerable
More informationC&C Botnet Detection over SSL
C&C Botnet Detection over SSL Riccardo Bortolameotti University of Twente - EIT ICT Labs masterschool r.bortolameotti@student.utwente.nl Dedicated to my parents Remo and Chiara, and to my sister Anna 2
More informationKorea s experience of massive DDoS attacks from Botnet
Korea s experience of massive DDoS attacks from Botnet April 12, 2011 Heung Youl YOUM Ph.D. SoonChunHyang University, Korea President, KIISC, Korea Vice-chairman, ITU-T SG 17 1 Table of Contents Overview
More informationTracking and Characterizing Botnets Using Automatically Generated Domains
Tracking and Characterizing Botnets Using Automatically Generated Domains Hack In The Box October 17th, 2013 Politecnico di Milano, Italy @raistolo, stefano.zanero@polimi.it Federico Maggi, Politecnico
More informationSecurity A to Z the most important terms
Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from
More informationThe Growing Problem of Outbound Spam
y The Growing Problem of Outbound Spam An Osterman Research Survey Report Published June 2010 SPONSORED BY! #$!#%&'()*(!!!!"#$!#%&'()*( Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058
More informationExtending Black Domain Name List by Using Co-occurrence Relation between DNS Queries
Extending Black Domain Name List by Using Co-occurrence Relation between DNS Queries Kazumichi Sato, Keisuke Ishibashi, Tsuyoshi Toyono, and Nobuhisa Miyake 2010 NTT Information Sharing Platform Laboratories
More informationA TASTE OF HTTP BOTNETS
Botnets come in many flavors. As one might expect, these flavors all taste different. A lot of Internet users have had their taste of IRC, P2P and HTTP based botnets as their computers were infected with
More informationSecurity Business Review
Security Business Review Security Business Review Q4: 2014 2 By Bitdefender Labs Security Business Review Botnet Anonymization Raises New Security Concerns Executive Overview While botnets, which are large
More informationProtecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper
Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges
More informationDetection and Controlling of DDoS Attacks by a Collaborative Protection Network
Detection and Controlling of DDoS Attacks by a Collaborative Protection Network Anu Johnson 1, Bhuvaneswari.P 2 PG Scholar, Dept. of C.S.E, Anna University, Hindusthan Institute of Technology, Coimbatore,
More informationMcAfee. Firewall Enterprise. Application Note TrustedSource in McAfee. Firewall Enterprise. version 8.1.0 and earlier
Application Note TrustedSource in McAfee Firewall Enterprise McAfee version 8.1.0 and earlier Firewall Enterprise This document uses a question and answer format to explain the TrustedSource reputation
More informationBOTNET Detection Approach by DNS Behavior and Clustering Analysis
BOTNET Detection Approach by DNS Behavior and Clustering Analysis Vartika Srivastava, Ashish Sharma Dept of Computer science and Information security, JIIT Noida, India Abstract -Botnets are one of the
More informationData Centers Protection from DoS attacks. Trends and solutions. Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04.
Data Centers Protection from DoS attacks. Trends and solutions Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04.2010 Cybercrime Trends Page 2 Types of DoS attacks and classical
More informationLASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains
LASTLINE WHITEPAPER Using Passive DNS Analysis to Automatically Detect Malicious Domains Abstract The domain name service (DNS) plays an important role in the operation of the Internet, providing a two-way
More informationZero-Day Attack Finding Advanced Threats in ALL of Your Data. C F Chui, Arbor Networks
Zero-Day Attack Finding Advanced Threats in ALL of Your Data C F Chui, Arbor Networks Arbor Networks Overview 90% Percentage of world s Tier 1 service providers who are Arbor customers 107 Number of countries
More informationHow to Use the Greymail Spam Filter
How to Use the Greymail Spam Filter This guide will show you the basics of how to view messages flagged as spam, and how to recover them, if improperly flagged. For a full overview of the New Greymail
More informationKindred Domains: Detecting and Clustering Botnet Domains Using DNS Traffic "" " Matt Thomas" Data Architect, Verisign Labs"
Kindred Domains: Detecting and Clustering Botnet Domains Using DNS Traffic "" " Matt Thomas" Data Architect, Verisign Labs" About the Author"! Matthew Thomas! Data Architect" Verisign Labs"! Aziz Mohaisen!
More informationReport. Takeover of Virut domains
Report Takeover of Virut domains February 25, CONTENTS Contents 1 Executive summary 2 2 Introduction 2 2.1 What is Virut?................................ 2 2.2 Takeover of Virut domains..........................
More informationIndex Terms: DDOS, Flash Crowds, Flow Correlation Coefficient, Packet Arrival Patterns, Information Distance, Probability Metrics.
Volume 3, Issue 6, June 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Techniques to Differentiate
More informationBOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL
BOTNETS Douwe Leguit, Manager Knowledge Center GOVCERT.NL Agenda Bots: what is it What is its habitat How does it spread What are its habits Dutch cases Ongoing developments Visibility of malware vs malicious
More informationTAKING DOWN THE WORLD S LARGEST BOTNETS
TAKING DOWN THE WORLD S LARGEST BOTNETS Ali Mesdaq FireEye, Inc. Session ID: CLE W03 Session Classification: Advanced Credit Atif Mushtaq > Ali Mesdaq Real FireEye veteran Specialized in Botnets and CnC
More informationA Critical Investigation of Botnet
Global Journal of Computer Science and Technology Network, Web & Security Volume 13 Issue 9 Version 1.0 Year 2013 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals
More informationNetwork Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík
Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík {celeda velan jirsik}@ics.muni.cz Part I Introduction P. Čeleda et al. Network Security Monitoring and Behavior
More informationSoSe 2014: M-TANI: Big Data Analytics
SoSe 2014: M-TANI: Big Data Analytics Lecture 4 21/05/2014 Sead Izberovic Dr. Nikolaos Korfiatis Agenda Recap from the previous session Clustering Introduction Distance mesures Hierarchical Clustering
More informationAn Efficient Methodology for Detecting Spam Using Spot System
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 1, January 2014,
More informationFinding Domain-Generation Algorithms by Looking at Length Distributions
Finding Domain-Generation Algorithms by Looking at Length Distributions Miranda Mowbray Security and Cloud Lab, HP Labs HP Bristol, UK miranda.mowbray @ hp.com Josiah Hagen Tipping Point, HP Software HP
More informationSecurity Awareness For Website Administrators. State of Illinois Central Management Services Security and Compliance Solutions
Security Awareness For Website Administrators State of Illinois Central Management Services Security and Compliance Solutions Common Myths Myths I m a small target My data is not important enough We ve
More informationRemoving Web Spam Links from Search Engine Results
Removing Web Spam Links from Search Engine Results Manuel EGELE pizzaman@iseclab.org, 1 Overview Search Engine Optimization and definition of web spam Motivation Approach Inferring importance of features
More informationDaryl Ashley Senior Network Security Analyst University of Texas at Austin - Information Security Office ashley@infosec.utexas.edu January 12, 2011
AN ALGORITHM FOR HTTP BOT DETECTION Daryl Ashley Senior Network Security Analyst University of Texas at Austin - Information Security Office ashley@infosec.utexas.edu January 12, 2011 Introduction In the
More informationBotnet Detection Based on Degree Distributions of Node Using Data Mining Scheme
Botnet Detection Based on Degree Distributions of Node Using Data Mining Scheme Chunyong Yin 1,2, Yang Lei 1, Jin Wang 1 1 School of Computer & Software, Nanjing University of Information Science &Technology,
More informationWE KNOW IT BEFORE YOU DO: PREDICTING MALICIOUS DOMAINS Wei Xu, Kyle Sanders & Yanxin Zhang Palo Alto Networks, Inc., USA
WE KNOW IT BEFORE YOU DO: PREDICTING MALICIOUS DOMAINS Wei Xu, Kyle Sanders & Yanxin Zhang Palo Alto Networks, Inc., USA Email {wei.xu, ksanders, yzhang}@ paloaltonetworks.com ABSTRACT Malicious domains
More informationBig Data for Security: Challenges, Opportunities, and Experiments
Big ata for Security: Challenges, Opportunities, and Experiments Prat yusa K. Manadhat a HP Labs Joint work with Stuart Haber, William Horne, Prasad Rao, and Sandeep Yadav Big at a is everywhere 2 Enterprises
More informationEmail David-Kovarik@northwestern.edu Phone 847-467-5930 Fax 847-467-6000
Information Technology Information and Systems Security/Compliance Northwestern University 1800 Sherman Av Suite 209 Evanston, IL 60201 Email David-Kovarik@northwestern.edu Phone 847-467-5930 Fax 847-467-6000
More informationENEE 757 CMSC 818V. Prof. Tudor Dumitraș Assistant Professor, ECE University of Maryland, College Park
21. Botnets ENEE 757 CMSC 818V Prof. Tudor Dumitraș Assistant Professor, ECE University of Maryland, College Park http://ter.ps/757 https://www.facebook.com/sdsatumd Today s Lecture Where we ve been AuthenDcaDon
More informationWe Know It Before You Do: Predicting Malicious Domains
We Know It Before You Do: Predicting Malicious Domains Abstract Malicious domains play an important role in many attack schemes. From distributing malware to hosting command and control (C&C) servers and
More informationCloud Services Prevent Zero-day and Targeted Attacks Tom De Belie Security Engineer. [Restricted] ONLY for designated groups and individuals
Cloud Services Prevent Zero-day and Targeted Attacks Tom De Belie Security Engineer Facts 2 3 WOULD YOU OPEN THIS ATTACHMENT? 4 TARGETED ATTACKS BEGIN WITH ZERO-DAY EXPLOITS 5 Check Point Multi-Layered
More informationNext-Generation DNS Monitoring Tools
Next-Generation DNS Monitoring Tools Cyber Security Division 2012 Principal Investigators Meeting October 9, 2012 Wenke Lee and David Dagon Georgia Institute of Technology wenke@cc.gatech.edu 404-808-5172
More informationProtecting DNS Query Communication against DDoS Attacks
Protecting DNS Query Communication against DDoS Attacks Ms. R. Madhuranthaki 1, Ms. S. Umarani, M.E., (Ph.D) 2 II M.Tech (IT), IT Department, Maharaja Engineering College, Avinashi, India 1 HOD, IT Department,
More informationWhite Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation
White Paper Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation Table of Contents Introduction... 3 Common DDoS Mitigation Measures...
More informationDetecting P2P-Controlled Bots on the Host
Detecting P2P-Controlled Bots on the Host Antti Nummipuro Helsinki University of Technology anummipu # cc.hut.fi Abstract Storm Worm is a trojan that uses a Peer-to-Peer (P2P) protocol as a command and
More informationProtect your network: planning for (DDoS), Distributed Denial of Service attacks
Protect your network: planning for (DDoS), Distributed Denial of Service attacks Nov 19, 2015 2015 CenturyLink. All Rights Reserved. The CenturyLink mark, pathways logo and certain CenturyLink product
More informationNext Generation IPS and Reputation Services
Next Generation IPS and Reputation Services Richard Stiennon Chief Research Analyst IT-Harvest 2011 IT-Harvest 1 IPS and Reputation Services REPUTATION IS REQUIRED FOR EFFECTIVE IPS Reputation has become
More informationTECHNICAL REPORT. An Analysis of Domain Silver, Inc..pl Domains
TECHNICAL REPORT An Analysis of Domain Silver, Inc..pl Domains July 31, 2013 CONTENTS Contents 1 Introduction 2 2 Registry, registrar and registrant 3 2.1 Rogue registrar..................................
More informationAnti-Malware Technologies
: Trend of Network Security Technologies Anti-Malware Technologies Mitsutaka Itoh, Takeo Hariu, Naoto Tanimoto, Makoto Iwamura, Takeshi Yagi, Yuhei Kawakoya, Kazufumi Aoki, Mitsuaki Akiyama, and Shinta
More informationModular Network Security. Tyler Carter, McAfee Network Security
Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution
More informationNetworks and Security Lab. Network Forensics
Networks and Security Lab Network Forensics Network Forensics - continued We start off from the previous week s exercises and analyze each trace file in detail. Tools needed: Wireshark and your favorite
More informationImplementation of Botcatch for Identifying Bot Infected Hosts
Implementation of Botcatch for Identifying Bot Infected Hosts GRADUATE PROJECT REPORT Submitted to the Faculty of The School of Engineering & Computing Sciences Texas A&M University-Corpus Christi Corpus
More informationEmail. Daniel Zappala. CS 460 Computer Networking Brigham Young University
Email Daniel Zappala CS 460 Computer Networking Brigham Young University How Email Works 3/25 Major Components user agents POP, IMAP, or HTTP to exchange mail mail transfer agents (MTAs) mailbox to hold
More informationThreat Intelligence UPDATE: Cymru EIS Report. www.team- cymru.com
Threat Intelligence Group UPDATE UPDATE: SOHO Pharming A Team Cymru EIS Report Powered Page by T1eam Threat Intelligence Group of 5 C ymru s This is an update on the SOHO Pharming case we published a little
More informationZscaler Internet Security Frequently Asked Questions
Zscaler Internet Security Frequently Asked Questions 1 Technical FAQ PRODUCT LICENSING & PRICING How is Zscaler Internet Security Zscaler Internet Security is licensed on number of Cradlepoint devices
More informationNetwork Anomaly Detection through Traffic Measurement
Network Anomaly Detection through Traffic Measurement Yuming Jiang, Zhihua Jin, Atef Abdelkefi, Magnus Ask, Helge Skrautvol Abstract With the growth of the Internet, an increase in network anomalies is
More informationBig Data and Cyber Security A bibliometric study Jacky Akoka, Isabelle Comyn-Wattiau, Nabil Laoufi Workshop SCBC - 2015 (ER 2015) 1 Big Data a new generation of technologies and architectures, designed
More informationInformation Security and Risk Management
Information Security and Risk Management COSO and COBIT Standards and Requirements Page 1 Topics Information Security Industry Standards and COBIT Framework Relation to COSO Internal Control Risk Management
More informationState of the Web 2015: Vulnerability Report. March 2015. 2015 Menlo Security Alright Reserved
State of the Web 2015: Vulnerability Report March 2015 Motivation In February 2015, security researchers http://www.isightpartners.com/2015/02/codoso/ reported that Forbes.com had been hacked. The duration
More informationBronco Ltd does not allow any of the following content to be stored on its servers:
1. Terms of Service Bronco Ltd reserves the right to suspend or cancel the hosting account and access to all of the services provided by Bronco Ltd, if it is deemed that the account has been used inappropriately.
More informationCyber Attack Trend and Botnet
Cyber Attack Trend and Botnet S.C. Leung CISSP CISA CBCP Agenda Botnet and Cyber Attack Trends Botnet Attack Trends Commercialization of Cyber Crime Professionalization of Cyber Crimeware Social Engineering
More informationDDoS Attacks Can Take Down Your Online Services
DDoS Attacks Can Take Down Your Online Services Dr. Bill Highleyman Managing Editor, Availability Digest Continuity Insights New York 2014 October 8, 2014 editor@availabilitydigest.com Who Am I? Dr. Bill
More informationFRAMEWORK for NATIONAL NETWORK & CYBER SECURITY
FRAMEWORK for NATIONAL NETWORK & CYBER SECURITY 23 September 2009 1 06-02-200906.02.2009 Ram Narain Email: ramnarain@hotmail.com 7 Tier Approach to Network & Cyber Security 5 levels of Security Tier 1
More informationAbout Botnet, and the influence that Botnet gives to broadband ISP
About net, and the influence that net gives to broadband ISP Masaru AKAI BB Technology / SBB-SIRT Agenda Who are we? What is net? About Telecom-ISAC-Japan Analyzing code How does net work? BB Technology
More informationInternet Monitoring via DNS Traffic Analysis. Wenke Lee Georgia Institute of Technology
Internet Monitoring via DNS Traffic Analysis Wenke Lee Georgia Institute of Technology 0 Malware Networks (Botnets) 1 From General-Purpose to Targeted Attacks 11/14/12 2 Command and Control l Botnet design:
More informationBotFinder: Finding Bots in Network Traffic Without Deep Packet Inspection
BotFinder: Finding Bots in Network Traffic Without Deep Packet Inspection ABSTRACT Florian Tegeler University of Göttingen tegeler@cs.unigoettingen.de Giovanni Vigna UC Santa Barbara vígna@cs.ucsb.edu
More information7.7 DDoS : Unknown Secrets and Botnet Counter-Attack. www.issuemakerslab.com sionics & kaientt
7.7 DDoS : Unknown Secrets and Botnet Counter-Attack sionics & kaientt Contents Overview Botnet Structure 7.7 DDoS Bot Malware Analysis Botnet Counter-Attack Demo Overview 7.7 DDoS Attack Cyber attack
More informationUsing big data analytics to identify malicious content: a case study on spam emails
Using big data analytics to identify malicious content: a case study on spam emails Mamoun Alazab & Roderic Broadhurst Mamoun.alazab@anu.edu.au http://cybercrime.anu.edu.au 2 Outline Background Cybercrime
More informationIndex Terms Denial-of-Service Attack, Intrusion Prevention System, Internet Service Provider. Fig.1.Single IPS System
Detection of DDoS Attack Using Virtual Security N.Hanusuyakrish, D.Kapil, P.Manimekala, M.Prakash Abstract Distributed Denial-of-Service attack (DDoS attack) is a machine which makes the network resource
More informationAdaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW. Jürgen Seitz Systems Engineering Manager
Adaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW Jürgen Seitz Systems Engineering Manager Evolution of Network Security Next-Gen Firewall Application Visibility and Control User-based
More informationCybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix
Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to
More informationPreetham Mohan Pawar (1000919136)
Charles Lever, Manos Antonakakis, Brad Reaves, Patrick Traynor, Wenke Lee Presented By:- Preetham Mohan Pawar (1000919136) University of Texas, Arlington CSE Introduction. Basic concepts.( DNS ) Mobile
More informationTowards Proactive SPAM Filtering
Towards Proactive SPAM Filtering DIMVA 2009 Laboratory for Dependable Distributed Systems Survey Motivation Sandnet Setup Template Creation Preliminary Results Summary & Future Work Motivation SPAM is
More informationEmerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA
Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering
More information.tirol Anti-Abuse Policy
Translation from German.tirol Anti-Abuse Policy This policy is based on Austrian legislation. In case of doubt the German version of this policy is in force. Page 1 Contents 1. Management Summary... 3
More informationHow To Filter Email From A Spam Filter
Spam Filtering A WORD TO THE WISE WHITE PAPER BY LAURA ATKINS, CO- FOUNDER 2 Introduction Spam filtering is a catch- all term that describes the steps that happen to an email between a sender and a receiver
More informationDetecting Botnets with NetFlow
Detecting Botnets with NetFlow V. Krmíček, T. Plesník {vojtec plesnik}@ics.muni.cz FloCon 2011, January 12, Salt Lake City, Utah Presentation Outline NetFlow Monitoring at MU Chuck Norris Botnet in a Nutshell
More informationAccess Control Rules: URL Filtering
The following topics describe how to configure URL filtering for your Firepower System: URL Filtering and Access Control, page 1 Reputation-Based URL Filtering, page 2 Manual URL Filtering, page 5 Limitations
More informationSymantec enterprise security. Symantec Internet Security Threat Report April 2009. An important note about these statistics.
Symantec enterprise security Symantec Internet Security Threat Report April 00 Regional Data Sheet Latin America An important note about these statistics The statistics discussed in this document are based
More informationDetecting Bots with Automatically Generated Network Signatures
Detecting Bots with Automatically Generated Network Signatures Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Goebel, Christopher Kruegel, Engin Kirda,, {pw,tho}@seclab.tuwien.ac.at Institute Eurecom,
More informationBotNets- Cyber Torrirism
BotNets- Cyber Torrirism Battling the threats of internet Assoc. Prof. Dr. Sureswaran Ramadass National Advanced IPv6 Center - Director Why Talk About Botnets? Because Bot Statistics Suggest Assimilation
More informationDetecting Constant Low-Frequency Appilication Layer Ddos Attacks Using Collaborative Algorithms B. Aravind, (M.Tech) CSE Dept, CMRTC, Hyderabad
Detecting Constant Low-Frequency Appilication Layer Ddos Attacks Using Collaborative Algorithms B. Aravind, (M.Tech) CSE Dept, CMRTC, Hyderabad M. Lakshmi Narayana, M.Tech CSE Dept, CMRTC, Hyderabad Abstract:
More informationGlobal Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team
Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team The Internet is in the midst of a global network pandemic. Millions of computers
More informationThat Ain t You: Blocking Spearphishing Through Behavioral Modelling
That Ain t You: Blocking Spearphishing Through Behavioral Modelling Gianluca Stringhini and Olivier Thonnard University College London, Amadeus g.stringhini@ucl.ac.uk, olivier.thonnard@amadeus.com Abstract.
More information