Review Study on Techniques for Network worm Signatures Automation

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Review Study on Techniques for Network worm Signatures Automation"

Transcription

1 Review Study on Techniques for Network worm Signatures Automation 1 Mohammed Anbar, 2 Sureswaran Ramadass, 3 Selvakumar Manickam, 4 Syazwina Binti Alias, 5 Alhamza Alalousi, and 6 Mohammed Elhalabi 1, 3,3,4,6 National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia, 5 School of Computer and Communication Engineering, Universiti Malaysia Perlis, Perlis, Malaysia, Abstract The network worm signature is a specific string that exists in the packet payload. This string will be used by signature based IDSs such as Snort (Snort) to compare it with the existing signatures in the database, if there is a match found in signatures database, worm can be detected, and otherwise the network worm cannot be detected. This paper presents a review study on network worms signature automation techniques. This study will first define the network worm and worm signatures. Furthermore, it will discuss the severity of presence the network worm in the network. The network propagation and activation schemas will be discussed. In addition, this article explores the current techniques to automate signatures for network worms. 1. Introduction Keywords: Network worm, Worm signature, Intrusion Detection System (IDS) A network worm is a self-propagating, self-duplicating malicious code that spread without human intervention in computer networks and attacks vulnerable hosts and services. Network worms are typically classified based on two attributes: methods used to spread and the techniques used to exploit vulnerabilities. Meanwhile, network worms have destructive effects in the network topology, resources and service [1-7]. Therefore, many researchers attention have been grabbed to propose techniques to automate signatures for network worms. According to Li, Salour & Su [8] the life cycle of a network worm after its release typically includes four phases: target finding or scanning, network worm transferring, network worm activation, and infection. The network worm is active on the network during target finding; network worm transferring and can be detected by network-based intrusion detection systems (NIDSs). The activities in the last two phases (activation and infection) are limited to local machines and are harder to detect by NIDSs because the network worm activities are more focused on individual computers rather than on the entire network. In contrast, the activities in the first two phases (scanning and transferring) are easier to detect because network worm activities are centered on the network, such as the existence of abnormal traffic generated from scanning. Figure 1shows the typical location of NIDS in the network. Figure 1. The typical location of NIDS in the network Advances in information Sciences and Service Sciences(AISS) Volume5, Number17, December

2 Similar to a computer virus or other malicious codes, a network worm has a signature that can be used by IDS in the detection phase. Automated signature generation for new attacks is extremely difficult due to three reasons. First, in order to create an attack signature, we must identify and isolate attack traffic from legitimate traffic. Automatic identification of new worms is critical, which is the foundation of other defense measures. Second, the signature generation must be general enough to capture all attack traffic of certain type while at the mean time specific enough to avoid overlapping with the content of normal traffic in order to reduce false-positives. This problem has so far been handled in an ad-hoc way based on human judgment. Third, the defense system must be flexible enough to deal with the polymorphism in the attack traffic. Otherwise, worms may be programmed to deliberately modify themselves each time they replicate and thus fool the defense system [9]. The packets that were used to transfer malicious code from the sender to the destination have specific patterns and noticeable behaviors. After the malicious code infects the destination host, this new host will act in the same manner as the host that infected it. 2. The severtiy of worms The severity of network worms depends on the propagation process, wherein network scanning is initiated to determine the vulnerability of the host and services. Network scanning will degrade network performance and consume bandwidth and resource (CPU and memory) by making the network machines busy due to the requests that are received and responded in the scanner machine. Once a network worm infects a network, it will automatically begin to propagate, which will cause great destruction throughout the network due to network congestion. This will create unnecessary traffic, which serves only network worm propagation. Figure 2 shows the worm propagation process. 3. Network Worm Propagation Schemes Figure 2. Worm propagation As reported by Weaver et al. [5], there are three network worm propagation schemes which are as follows (1) self-carried (2) embedded (3) second channel. Self-carried network worms are actively transmit itself to the target host (the network worms are fully transmitted to the target during the initial connection), second channel network worms need second communication channel, in this scheme, the network worm communicates with the victim machine using original channel then the victim machine connects back to the infecting machine using another channel to download the network worm payload. The embedded propagation scheme is very stealthy and it s done by append the payload after, or replace, legitimate traffic to hide itself. No anomalous events will be triggered, and it is hard for anomaly-based detection systems to detect. In addition to the three propagation schemes discussed, 9

3 Botnets have been utilized to propagate network worms, spams, spyware, and launching distributed denial-of-service (DDoS) attacks [8]. A Botnet is a group of compromised hosts under the control of a Botmaster. The communication channel for the Botmaster to issue commands that can be implemented using different protocols such as http or point-to-point (P2P) protocols. However, the majority of Botnets use the Internet Relay chat (IRC) protocol for this purpose[14]. 4. Network Worm Activation Schemes Network worm activation means running network worms under certain condition or schedule. Weaver et al. [15] classified the network worm activation as following: 1. Human activated, this type of network worm activation require human intervention to execute the network worm 2. The network worm activate based on specific activity which is performed by user (such as open CD or bin drive) 3. Activated by a scheduled processes. In scheduled process, network worms are activated by a legitimate automated process which has not been properly secured, such as a legitimate program which automatically updates itself from an infected web server. Self-activated, this kind of network worm can activate without human intervention, and it considers the most dangerous one, this thesis focus on detecting this kind of network worms. 5. Techniques for automating network worm signatures Snort open source network-based intrusion detection system (NIDS) has the ability to perform realtime traffic analysis and packet logging on Internet Protocol (IP) networks. Snort performs protocol analysis, content searching, and content matching. Snort can be configured in three main modes: sniffer, packet logger, and network intrusion detection. In sniffer mode, the program will read network packets and display them on the console. In packet logger mode, the program will log packets to the disk [16]. In intrusion detection mode, Snort has the ability to detect different type of malicious code such as network worm. In case of network worm, Snort is a Signature Based Network Worm Detection (SBWD). In other words, Snort will detect the presence of network worm in the network based on the networm worm signature, Snort checks the incoming packet payload and system log files against the network worm signatures that are already stored in the IDS database. An alert will be triggered when a match is found [16]. Kreibich & Crowcroft [17] developed Honeycomb which aims to generate signature for malicious network traffic automatically and it uses pattern-detection techniques and packet header similarities tests on traffic captured from Honeypots. The traffic that bypass the Honeypot is logged into log file, the log file consist of IP, TCP and UDP header as well as payload data. After protocol analysis, Honeycomb proceeds to the analysis of the reassembled flow content. Honeycomb applies the longest common substring (LCS) algorithm on binary strings that built out the exchanged messages. It does this in two different ways which are horizontal detection and vertical detection. The contents of the signature pool are periodically reported to an output module which implements the actual logging of the signature records. At the moment, there are modules that convert the signature records into Bro [18] or pseudo-snort format, and a module that dumps the signature strings to a file. Figure 3 shows Honeycomb architecture. 10

4 Figure 3. Honeycomb architecture (Kreibich & Crowcroft, 2004). Autograph proposed by [19] is a distributed system for automatically generating network worm signatures for Bro [18] and Snort [16]. Autograph aims to automatically generate signatures for unknown network worms that propagate using TCP transport. Autograph generates signatures by analyzing the prevalence of portions of flow payloads, and thus uses no knowledge of protocol semantics above the TCP level. It is designed to produce signatures that exhibit high sensitivity (high true positives) and high specificity (low false positives). Unlike Honeycomb, Autograph s inputs are packet traces from a demilitarized zone (DMZ) that includes benign traffic. Content blocks that match enough suspicious flows are used as input to COPP, an algorithm based on Rabin fingerprints that searches for repeated byte sequences by partitioning the payload into content blocks. Similar to Honeycomb, Autograph generates signatures consisting of a single, contiguous substring of a network worm s payload to match all network worm instances. These signatures, unfortunately, fail to match all polymorphic network worm instances with low false positives and low false negatives. Earlybird is a system proposed by Singh et al [20] for generating signatures to detect network worms based on the assumption that the network worms must generate significant traffic to propagate. This traffic will contain common substring which will transfer from source (attacker) to destinations. Based on this assumption the authors believe that identifying this traffic pattern is sufficient for detecting network worms, for identifying traffic pattern, a content sifting is proposed which work as the follows: (A) for each network packet, the content is extracted and all substrings processed, and (B) each substring is indexed into a log table that increments a count field for a given substring each time it is found. In effect, this table implements a histogram of all observed substrings. To maintain a count of unique source and destination addresses, each table entry also maintains two lists, containing IP addresses that are searched and potentially updated each time a substring count is incremented. Sorting this table on the substring count and the size of the address lists will produce the set of likely network worm traffic. Earlybird, also like Honeycomb and Autograph, generates signatures consisting of a single, contiguous substring of a network worm s payload to match all network worm instances. These signatures, however, fail to match all polymorphic network worm instances with low false positives and low false negatives. A double-honeynet is another system aims to detect new network worms automatically, the proposed system consists of two honeynets namely honetpot1 and honeynet 2. Gate translator at the edge router between the local network and the internet is deployed to detect the unwanted inbound connections and forwards them to Honeynet 1, once Honeynet 1 is compromised, the network worm will attempt to make outbound connections. Each honeynet is associated with an Internal Translator implemented in router that separates the Honeynet from the rest of the network. The internal translator 1 intercepts all outbound connections from honeynet 1 and redirects them to honeynet 2. Honeynet 2 will capture the packets that make outbound connections, and hence the Double-honeynet forwards only packets that make outbound connections. If the Honeynet 2 captures enough instances of network worm payloads, the internal 11

5 translator 2 will automatically forwarded to the signature generator which generates signatures, it receives the packet payloads captured by double-honeynet. These packets are checked by the protocol classifier which classifies packets in terms of different protocols (TCP/UDP) and port numbers. Then the Known-network worms filter component filters out known-network worm samples and pass the remaining samples (unknown network worms) to the Signature Generation Algorithms component which extracts all the distinct tokens in the samples. Then it clusters the distinct tokens according to their similarity. The set of tokens in each cluster is used as a signature for that cluster. The total number of the signatures is equals the total number of clusters [21]. Figure 4 shows double Honeynet system architecture. Table1 shows a summary of techniques for automating network worm signatures. Figure 4. Double Honeynet system architecture Table1: A summary of techniques for automating network worm signatures. Approach Description Disadvantage Honeycomb approach aims to generate signature for malicious network traffic automatically and it Kreibich & Fail to match all polymorphic uses pattern-detection techniques Crowcroft, 2004 network worm instances and packet header similarities tests on traffic captured from Honeypots Kim & Karp, 2004 Singh, Estan, Varghese, & Savage, 2004 Proposed an Autograph which aims to automatically generate signatures for unknown network worms that propagate using TCP transport. Autograph generates signatures by analyzing the prevalence of portions of flow payloads, and thus uses no knowledge of protocol semantics above the TCP level Proposed an Earlybird system for generating signatures to detect network worms based on the assumption that the network worms must generate significant traffic to propagate. This traffic will contain common substring which will transfer from source (attacker) to destinations Fail to match all polymorphic network worm instances Fail to match all polymorphic network worm instances 12

6 6. Conclusion This paper has highlighted the severity of presence the network worm in the network. Then the existing approach for worm signature automations are explored and advantages and drawbacks for each approach are highlighted, the existing approaches which are used to generate network worm signature are unfortunately fail to match all polymorphic network worm instances (because the signature of polymorphic network worm keep on changing every time it send from source to destination and proposed approaches based on generating static signature for detected worm ) [22]. 7. Acknowledgment This research is supported by National Advanced IPv6 Center of Excellence (NAv6), Universiti Sains Malaysia (USM). 8. References [1] S. Staniford, V. Paxson, and N. Weaver, "How to Own the Internet in Your Spare Time," in USENIX Security Symposium, 2002, pp [2] D. Moore, C. Shannon, G. M. Voelker, and S. Savage, "Internet quarantine: Requirements for containing self-propagating code," in INFOCOM Twenty-Second Annual Joint Conference of the IEEE Computer and Communications. IEEE Societies, 2003, pp [3] S. Chen and Y. Tang, "Slowing down internet worms," in Distributed Computing Systems, Proceedings. 24th International Conference on, 2004, pp [4] C. Kruegel and G. Vigna, "Anomaly detection of web-based attacks," in Proceedings of the 10th ACM conference on Computer and communications security, 2003, pp [5] D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver, "Inside the slammer worm," Security & Privacy, IEEE, vol. 1, pp , [6] C. Cowan, C. Pu, D. Maier, H. Hinton, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang, "StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks," in Proceedings of the 7th USENIX Security Symposium, 1998, pp [7] M. W. Eichin and J. A. Rochlis, "With microscope and tweezers: An analysis of the internet virus of november 1988," in Security and Privacy, Proceedings., 1989 IEEE Symposium on, 1989, pp [8] P. Li, M. Salour, and X. Su, "A survey of internet worm detection and containment," Communications Surveys & Tutorials, IEEE, vol. 10, pp , [9] Y. Tang and S. Chen, "Defending against internet worms: A signature-based approach," in INFOCOM th Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings IEEE, 2005, pp [10] C. C. Zou, W. Gong, and D. Towsley, "Code red worm propagation modeling and analysis," in Proceedings of the 9th ACM conference on Computer and communications security, 2002, pp [11] Z. Chen, L. Gao, and K. Kwiat, "Modeling the spread of active worms," in INFOCOM Twenty-Second Annual Joint Conference of the IEEE Computer and Communications. IEEE Societies, 2003, pp [12] D. Moore and C. Shannon, "Code-Red: a case study on the spread and victims of an Internet worm," in Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, 2002, pp [13] J. O. Kephart and S. R. White, "Directed-graph epidemiological models of computer viruses," in Research in Security and Privacy, Proceedings., 1991 IEEE Computer Society Symposium on, 1991, pp [14] G. Gu, R. Perdisci, J. Zhang, and W. Lee, "BotMiner: Clustering analysis of network traffic for protocol-and structure-independent botnet detection," 2008, pp [15] N. Weaver, V. Paxson, S. Staniford, and R. Cunningham, "A taxonomy of computer worms," in Proceedings of the 2003 ACM workshop on Rapid malcode, 2003, pp [16] Snort, "A free lightweight network intrusion detection system for UNIX and Windows,"

7 [17] C. Kreibich and J. Crowcroft, "Honeycomb: creating intrusion detection signatures using honeypots," ACM SIGCOMM Computer Communication Review, vol. 34, pp , [18] V. Paxson, "Bro: a system for detecting network intruders in real-time," Computer networks, vol. 31, pp , [19] H. Kim and B. Karp, "Autograph: Toward automated, distributed worm signature detection," in USENIX security symposium,2004, p. 19. [20] S. Singh, C. Estan, G. Varghese, and S. Savage, "The earlybird system for real-time detection of unknown worms," Citeseer2003. [21] M. Mohammed, H. Chan, and N. Ventura, "Honeycyber: Automated signature generation for zeroday polymorphic worms,," in Military Communications Conference, MILCOM IEEE, 2008, pp [22] S. Stafford and J. Li, "Behavior-based worm detectors compared," in Recent Advances in Intrusion Detection, 2010, pp

Behaviour Based Worm Detection and Signature Automation

Behaviour Based Worm Detection and Signature Automation Journal of Computer Science 7 (11): 1724-1728, 2011 ISSN 1549-3636 2011 Science Publications Behaviour Based Worm Detection and Signature Automation 1 Mohammed Anbar, 1 Selvakumar Manickam, 2 Al-Samarraie

More information

Announcements. Lab 2 now on web site

Announcements. Lab 2 now on web site Lab 2 now on web site Announcements Next week my office hours moved to Monday 4:3pm This week office hours Wednesday 4:3pm as usual Weighting of papers for final discussion [discussion of listen] Bro:

More information

Keywords Intrusion detection system, honeypots, attacker, security. 7 P a g e

Keywords Intrusion detection system, honeypots, attacker, security. 7 P a g e HONEYPOTS IN NETWORK SECURITY Abhishek Sharma Research Scholar Department of Computer Science and Engineering Lovely Professional University (Punjab) - India Abstract Computer Network and Internet is growing

More information

The Second International Conference on Innovations in Information Technology (IIT 05)

The Second International Conference on Innovations in Information Technology (IIT 05) HoneyAnalyzer Analysis and Extraction of Intrusion Detection Patterns & Signatures Using Honeypot Urjita Thakar Reader, Department of Computer Engineering, Shri G.S. Institute of Technology and Science

More information

Detecting Bots with Automatically Generated Network Signatures

Detecting Bots with Automatically Generated Network Signatures Detecting Bots with Automatically Generated Network Signatures Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Goebel, Christopher Kruegel, Engin Kirda,, {pw,tho}@seclab.tuwien.ac.at Institute Eurecom,

More information

Firewalls and Intrusion Detection

Firewalls and Intrusion Detection Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall

More information

Symptoms Based Detection and Removal of Bot Processes

Symptoms Based Detection and Removal of Bot Processes Symptoms Based Detection and Removal of Bot Processes 1 T Ravi Prasad, 2 Adepu Sridhar Asst. Prof. Computer Science and engg. Vignan University, Guntur, India 1 Thati.Raviprasad@gmail.com, 2 sridharuce@gmail.com

More information

Second-generation (GenII) honeypots

Second-generation (GenII) honeypots Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they

More information

Network Based Intrusion Detection Using Honey pot Deception

Network Based Intrusion Detection Using Honey pot Deception Network Based Intrusion Detection Using Honey pot Deception Dr.K.V.Kulhalli, S.R.Khot Department of Electronics and Communication Engineering D.Y.Patil College of Engg.& technology, Kolhapur,Maharashtra,India.

More information

Intelligent Worms: Searching for Preys

Intelligent Worms: Searching for Preys Intelligent Worms: Searching for Preys By Zesheng Chen and Chuanyi Ji ABOUT THE AUTHORS. Zesheng Chen is currently a Ph.D. Candidate in the Communication Networks and Machine Learning Group at the School

More information

Taxonomy of Intrusion Detection System

Taxonomy of Intrusion Detection System Taxonomy of Intrusion Detection System Monika Sharma, Sumit Sharma Abstract During the past years, security of computer networks has become main stream in most of everyone's lives. Nowadays as the use

More information

Botnet Detection by Abnormal IRC Traffic Analysis

Botnet Detection by Abnormal IRC Traffic Analysis Botnet Detection by Abnormal IRC Traffic Analysis Gu-Hsin Lai 1, Chia-Mei Chen 1, and Ray-Yu Tzeng 2, Chi-Sung Laih 2, Christos Faloutsos 3 1 National Sun Yat-Sen University Kaohsiung 804, Taiwan 2 National

More information

Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

More information

Intrusion Detection Systems and Supporting Tools. Ian Welch NWEN 405 Week 12

Intrusion Detection Systems and Supporting Tools. Ian Welch NWEN 405 Week 12 Intrusion Detection Systems and Supporting Tools Ian Welch NWEN 405 Week 12 IDS CONCEPTS Firewalls. Intrusion detection systems. Anderson publishes paper outlining security problems 1972 DNS created 1984

More information

Defending Against Internet Worms: A Signature-Based Approach

Defending Against Internet Worms: A Signature-Based Approach Defending Against Internet Worms: A Signature-Based Approach Yong Tang Shigang Chen Department of Computer & Information Science & Engineering University of Florida, Gainesville, FL 32611-612, USA {yt1,

More information

A Real-Time Network Traffic Based Worm Detection System for Enterprise Networks

A Real-Time Network Traffic Based Worm Detection System for Enterprise Networks A Real-Time Network Traffic Based Worm Detection System for Enterprise Networks Long-Quan Zhao 1, Seong-Chul Hong 1, Hong-Taek Ju 2 and James Won-Ki Hong 1 1 Dept. of Computer Science and Engineering,

More information

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques

More information

Botnet Detection Based on Degree Distributions of Node Using Data Mining Scheme

Botnet Detection Based on Degree Distributions of Node Using Data Mining Scheme Botnet Detection Based on Degree Distributions of Node Using Data Mining Scheme Chunyong Yin 1,2, Yang Lei 1, Jin Wang 1 1 School of Computer & Software, Nanjing University of Information Science &Technology,

More information

Zero-Day Attack Signatures Detection Using Honeypot

Zero-Day Attack Signatures Detection Using Honeypot Zero-Day Attack Signatures Detection Using Honeypot Reshma R. Patel Information Technology Department, L. D. College of Engineering, Ahmedabad, India Chirag S. Thaker Information Technology Department,

More information

CSCI 4250/6250 Fall 2015 Computer and Networks Security

CSCI 4250/6250 Fall 2015 Computer and Networks Security CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP

More information

CSE331: Introduction to Networks and Security. Lecture 15 Fall 2006

CSE331: Introduction to Networks and Security. Lecture 15 Fall 2006 CSE331: Introduction to Networks and Security Lecture 15 Fall 2006 Worm Research Sources "Inside the Slammer Worm" Moore, Paxson, Savage, Shannon, Staniford, and Weaver "How to 0wn the Internet in Your

More information

CSE331: Introduction to Networks and Security. Lecture 18 Fall 2006

CSE331: Introduction to Networks and Security. Lecture 18 Fall 2006 CSE331: Introduction to Networks and Security Lecture 18 Fall 2006 Announcements Project 2 is due next Weds. Homework 2 has been assigned: It's due on Monday, November 6th. CSE331 Fall 2004 2 Attacker

More information

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013 CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access

More information

Detecting Zero-Day Attack Signatures using Honeycomb in a Virtualized Network

Detecting Zero-Day Attack Signatures using Honeycomb in a Virtualized Network Detecting Zero-Day Attack Signatures using Honeycomb in a Virtualized Network Reshma R. Patel Information Technology Department, L.D.College of Engineering, Ahmedabad, India. Chirag S. Thaker Information

More information

A Critical Investigation of Botnet

A Critical Investigation of Botnet Global Journal of Computer Science and Technology Network, Web & Security Volume 13 Issue 9 Version 1.0 Year 2013 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals

More information

Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP

Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Aakanksha Vijay M.tech, Department of Computer Science Suresh Gyan Vihar University Jaipur, India Mrs Savita Shiwani Head Of

More information

Intruders and viruses. 8: Network Security 8-1

Intruders and viruses. 8: Network Security 8-1 Intruders and viruses 8: Network Security 8-1 Intrusion Detection Systems Firewalls allow traffic only to legitimate hosts and services Traffic to the legitimate hosts/services can have attacks CodeReds

More information

Computer Worm Attack Using IDS and Trace Back Approaches

Computer Worm Attack Using IDS and Trace Back Approaches Computer Worm Attack Using IDS and Trace Back Approaches Sanjay Misra and Akuboh Victor Uneojo Abstract Computer worms pose a great threat to business enterprise, large/small organization, government agencies

More information

On the Performance of SWORD in Detecting Zero-Day-Worm-Infected Hosts

On the Performance of SWORD in Detecting Zero-Day-Worm-Infected Hosts On the Performance of SWORD in Detecting Zero-Day-Worm-Infected Hosts Shad Stafford University of Oregon staffors@cs.uoregon.edu Jun Li University of Oregon lijun@cs.uoregon.edu Toby Ehrenkranz University

More information

Two State Intrusion Detection System Against DDos Attack in Wireless Network

Two State Intrusion Detection System Against DDos Attack in Wireless Network Two State Intrusion Detection System Against DDos Attack in Wireless Network 1 Pintu Vasani, 2 Parikh Dhaval 1 M.E Student, 2 Head of Department (LDCE-CSE) L.D. College of Engineering, Ahmedabad, India.

More information

Network Intrusion Detection with Semantics-Aware Capability

Network Intrusion Detection with Semantics-Aware Capability Network Intrusion Detection with Semantics-Aware Capability Walter Scheirer and Mooi Choo Chuah Lehigh University Dept. of Computer Science and Engineering Bethlehem, PA 18015 USA {wjs3, chuah}@cse.lehigh.edu

More information

Intrusion Detection in AlienVault

Intrusion Detection in AlienVault Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat

More information

IDS / IPS. James E. Thiel S.W.A.T.

IDS / IPS. James E. Thiel S.W.A.T. IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods

More information

Implementation of Botcatch for Identifying Bot Infected Hosts

Implementation of Botcatch for Identifying Bot Infected Hosts Implementation of Botcatch for Identifying Bot Infected Hosts GRADUATE PROJECT REPORT Submitted to the Faculty of The School of Engineering & Computing Sciences Texas A&M University-Corpus Christi Corpus

More information

Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool

Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool Mukta Garg Assistant Professor, Advanced Educational Institutions, Palwal Abstract Today s society

More information

Intrusion Detections Systems

Intrusion Detections Systems Intrusion Detections Systems 2009-03-04 Secure Computer Systems Poia Samoudi Asli Davor Sutic Contents Intrusion Detections Systems... 1 Contents... 2 Abstract... 2 Introduction... 3 IDS importance...

More information

CHAPETR 3. DISTRIBUTED DEPLOYMENT OF DDoS DEFENSE SYSTEM

CHAPETR 3. DISTRIBUTED DEPLOYMENT OF DDoS DEFENSE SYSTEM 59 CHAPETR 3 DISTRIBUTED DEPLOYMENT OF DDoS DEFENSE SYSTEM 3.1. INTRODUCTION The last decade has seen many prominent DDoS attack on high profile webservers. In order to provide an effective defense against

More information

An Anomaly-based Botnet Detection Approach for Identifying Stealthy Botnets

An Anomaly-based Botnet Detection Approach for Identifying Stealthy Botnets An Anomaly-based Botnet Detection Approach for Identifying Stealthy Botnets Sajjad Arshad 1, Maghsoud Abbaspour 1, Mehdi Kharrazi 2, Hooman Sanatkar 1 1 Electrical and Computer Engineering Department,

More information

BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation

BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation Guofei Gu, Phillip Porras, Vinod Yegneswaran, Martin Fong, Wenke Lee USENIX Security Symposium (Security 07) Presented by Nawanol

More information

HONEYPOT SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region

HONEYPOT SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region HONEYPOT SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Volume 2, Issue 9, September 2014 International Journal of Advance Research in Computer Science and Management Studies

Volume 2, Issue 9, September 2014 International Journal of Advance Research in Computer Science and Management Studies Volume 2, Issue 9, September 2014 International Journal of Advance Research in Computer Science and Management Studies Research Article / Survey Paper / Case Study Available online at: www.ijarcsms.com

More information

Network Security Demonstration - Snort based IDS Integration -

Network Security Demonstration - Snort based IDS Integration - Network Security Demonstration - Snort based IDS Integration - Hyuk Lim (hlim@gist.ac.kr) with TJ Ha, CW Jeong, J Narantuya, JW Kim Wireless Communications and Networking Lab School of Information and

More information

WORMS : attacks, defense and models. Presented by: Abhishek Sharma Vijay Erramilli

WORMS : attacks, defense and models. Presented by: Abhishek Sharma Vijay Erramilli WORMS : attacks, defense and models Presented by: Abhishek Sharma Vijay Erramilli What is a computer worm? Is it not the same as a computer virus? A computer worm is a program that selfpropagates across

More information

Dynamic Rule Based Traffic Analysis in NIDS

Dynamic Rule Based Traffic Analysis in NIDS International Journal of Information & Computation Technology. ISSN 0974-2239 Volume 4, Number 14 (2014), pp. 1429-1436 International Research Publications House http://www. irphouse.com Dynamic Rule Based

More information

The HoneyNet Project Scan Of The Month Scan 27

The HoneyNet Project Scan Of The Month Scan 27 The HoneyNet Project Scan Of The Month Scan 27 23 rd April 2003 Shomiron Das Gupta shomiron@lycos.co.uk 1.0 Scope This month's challenge is a Windows challenge suitable for both beginning and intermediate

More information

HoneyBOT User Guide A Windows based honeypot solution

HoneyBOT User Guide A Windows based honeypot solution HoneyBOT User Guide A Windows based honeypot solution Visit our website at http://www.atomicsoftwaresolutions.com/ Table of Contents What is a Honeypot?...2 How HoneyBOT Works...2 Secure the HoneyBOT Computer...3

More information

A Survey on Honeypot Based Signature Generation Techniques in Computer Network Security

A Survey on Honeypot Based Signature Generation Techniques in Computer Network Security A Survey on Honeypot Based Signature Generation Techniques in Computer Network Security Geetika yadav 1, Ms.Prabhjot Kaur 2 1 M.Tech Student, Department of CSE, B.S.Anangpuria Institute of Technology and

More information

SURVEY OF INTRUSION DETECTION SYSTEM

SURVEY OF INTRUSION DETECTION SYSTEM SURVEY OF INTRUSION DETECTION SYSTEM PRAJAPATI VAIBHAVI S. SHARMA DIPIKA V. ASST. PROF. ASST. PROF. MANISH INSTITUTE OF COMPUTER STUDIES MANISH INSTITUTE OF COMPUTER STUDIES VISNAGAR VISNAGAR GUJARAT GUJARAT

More information

Advancement in Virtualization Based Intrusion Detection System in Cloud Environment

Advancement in Virtualization Based Intrusion Detection System in Cloud Environment Advancement in Virtualization Based Intrusion Detection System in Cloud Environment Jaimin K. Khatri IT Systems and Network Security GTU PG School, Ahmedabad, Gujarat, India Mr. Girish Khilari Senior Consultant,

More information

Intrusion Detection and Prevention System (IDPS) Technology- Network Behavior Analysis System (NBAS)

Intrusion Detection and Prevention System (IDPS) Technology- Network Behavior Analysis System (NBAS) ISCA Journal of Engineering Sciences ISCA J. Engineering Sci. Intrusion Detection and Prevention System (IDPS) Technology- Network Behavior Analysis System (NBAS) Abstract Tiwari Nitin, Solanki Rajdeep

More information

Multi-phase IRC Botnet and Botnet Behavior Detection Model

Multi-phase IRC Botnet and Botnet Behavior Detection Model Multi-phase IRC otnet and otnet ehavior Detection Model Aymen Hasan Rashid Al Awadi Information Technology Research Development Center, University of Kufa, Najaf, Iraq School of Computer Sciences Universiti

More information

Intrusion Detection System using Virtual Honeypots

Intrusion Detection System using Virtual Honeypots Intrusion Detection System using Virtual Honeypots Prof. Smita Jawale (Department of Computer Engineering, VCET) Rishi Mehta, Vivek Mahalingam, Niyoshi Mehta (Department of Computer Engineering, VCET,

More information

Efficient Detection for DOS Attacks by Multivariate Correlation Analysis and Trace Back Method for Prevention

Efficient Detection for DOS Attacks by Multivariate Correlation Analysis and Trace Back Method for Prevention Efficient Detection for DOS Attacks by Multivariate Correlation Analysis and Trace Back Method for Prevention Thivya. T 1, Karthika.M 2 Student, Department of computer science and engineering, Dhanalakshmi

More information

The Effect of Infection Time on Internet Worm Propagation

The Effect of Infection Time on Internet Worm Propagation The Effect of Infection Time on Internet Worm Propagation Erika Rice The Effect of Infection Time oninternet Worm Propagation p 1 Background Worms are self propagating programs that spread over a network,

More information

A SURVEY OF INTERNET WORM DETECTION

A SURVEY OF INTERNET WORM DETECTION 1ST QUARTER 2008, VOLUME 10, NO. 1 IEEE COMMUNICATIONS SURVEYS The Electronic Magazine of Original Peer-Reviewed Survey Articles www.comsoc.org/pubs/surveys A SURVEY OF INTERNET WORM DETECTION AND CONTAINMENT

More information

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013 CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls

More information

Chapter 15. Firewalls, IDS and IPS

Chapter 15. Firewalls, IDS and IPS Chapter 15 Firewalls, IDS and IPS Basic Firewall Operation The firewall is a border firewall. It sits at the boundary between the corporate site and the external Internet. A firewall examines each packet

More information

DDoS Protection Technology White Paper

DDoS Protection Technology White Paper DDoS Protection Technology White Paper Keywords: DDoS attack, DDoS protection, traffic learning, threshold adjustment, detection and protection Abstract: This white paper describes the classification of

More information

Network Defense Tools

Network Defense Tools Network Defense Tools Prepared by Vanjara Ravikant Thakkarbhai Engineering College, Godhra-Tuwa +91-94291-77234 www.cebirds.in, www.facebook.com/cebirds ravikantvanjara@gmail.com What is Firewall? A firewall

More information

Intrusion Detection System

Intrusion Detection System Intrusion Detection System Time Machine Dynamic Application Detection 1 NIDS: two generic problems Attack identified But what happened in the past??? Application identification Only by port number! Yet

More information

Network Incident Report

Network Incident Report To submit copies of this form via facsimile, please FAX to 202-406-9233. Network Incident Report United States Secret Service Financial Crimes Division Electronic Crimes Branch Telephone: 202-406-5850

More information

Role of Anomaly IDS in Network

Role of Anomaly IDS in Network Role of Anomaly IDS in Network SumathyMurugan 1, Dr.M.Sundara Rajan 2 1 Asst. Prof, Department of Computer Science, Thiruthangal Nadar College, Chennai -51. 2 Asst. Prof, Department of Computer Science,

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network

More information

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls, Tunnels, and Network Intrusion Detection Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls

More information

Detecting UDP attacks using packet symmetry with only flow data

Detecting UDP attacks using packet symmetry with only flow data University of Twente Department of Electrical Engineering, Mathematics an Computer Science Chair for Design and Analysis of Communication Systems Detecting UDP attacks using packet symmetry with only flow

More information

Ch.9 Firewalls and Intrusion Prevention Systems. Firewall Design Goals

Ch.9 Firewalls and Intrusion Prevention Systems. Firewall Design Goals Ch.9 Firewalls and Intrusion Prevention Systems Firewalls: effective means of protecting LANs Internet connectivity is essential for every organization and individuals introduces threats from the Internet

More information

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.

More information

Architecture Overview

Architecture Overview Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and

More information

INTRUSION DETECTION SYSTEMS and Network Security

INTRUSION DETECTION SYSTEMS and Network Security INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS

More information

Fuzzy Network Profiling for Intrusion Detection

Fuzzy Network Profiling for Intrusion Detection Fuzzy Network Profiling for Intrusion Detection John E. Dickerson (jedicker@iastate.edu) and Julie A. Dickerson (julied@iastate.edu) Electrical and Computer Engineering Department Iowa State University

More information

The Effects of Filtering Malicious Traffic. under DoS Attacks

The Effects of Filtering Malicious Traffic. under DoS Attacks The Effects of Filtering Malicious Traffic Chinawat Wongvivitkul IT Security Department Gosoft (Thailand), CP Tower 1 313 Silom Road, Bangkok 10500 Thailand chinawatwon@ gosoft.co.th under DoS Attacks

More information

Cisco IPS Tuning Overview

Cisco IPS Tuning Overview Cisco IPS Tuning Overview Overview Increasingly sophisticated attacks on business networks can impede business productivity, obstruct access to applications and resources, and significantly disrupt communications.

More information

Application Security Backgrounder

Application Security Backgrounder Essential Intrusion Prevention System (IPS) & DoS Protection Knowledge for IT Managers October 2006 North America Radware Inc. 575 Corporate Dr., Lobby 1 Mahwah, NJ 07430 Tel: (888) 234-5763 International

More information

An Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks

An Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks 2011 International Conference on Network and Electronics Engineering IPCSIT vol.11 (2011) (2011) IACSIT Press, Singapore An Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks Reyhaneh

More information

INTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad

INTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad INTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad OUTLINE Security incident Attack scenario Intrusion detection system Issues and challenges Conclusion

More information

Firewalls, IDS and IPS

Firewalls, IDS and IPS Session 9 Firewalls, IDS and IPS Prepared By: Dr. Mohamed Abd-Eldayem Ref.: Corporate Computer and Network Security By: Raymond Panko Basic Firewall Operation 2. Internet Border Firewall 1. Internet (Not

More information

Internet Worms, Firewalls, and Intrusion Detection Systems

Internet Worms, Firewalls, and Intrusion Detection Systems Internet Worms, Firewalls, and Intrusion Detection Systems Brad Karp UCL Computer Science CS 3035/GZ01 12 th December 2013 Outline Internet worms Self-propagating, possibly malicious code spread over Internet

More information

A TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING AGAINST DDoS ATTACKS

A TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING AGAINST DDoS ATTACKS ICTACT JOURNAL ON COMMUNICATION TECHNOLOGY, JUNE 2010, ISSUE: 02 A TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING AGAINST DDoS ATTACKS S.Seetha 1 and P.Raviraj 2 Department of

More information

A Novel Packet Marketing Method in DDoS Attack Detection

A Novel Packet Marketing Method in DDoS Attack Detection SCI-PUBLICATIONS Author Manuscript American Journal of Applied Sciences 4 (10): 741-745, 2007 ISSN 1546-9239 2007 Science Publications A Novel Packet Marketing Method in DDoS Attack Detection 1 Changhyun

More information

Analyzing Intrusion Detection System Evasions Through Honeynets

Analyzing Intrusion Detection System Evasions Through Honeynets Analyzing Intrusion Detection System Evasions Through Honeynets J.S Bhatia 1, Rakesh Sehgal 2, Simardeep Kaur 3, Siddharth Popli 4 and Nishant Taneja 5 1 Centre for Development of Advanced Computing 2,

More information

CS 356 Lecture 16 Denial of Service. Spring 2013

CS 356 Lecture 16 Denial of Service. Spring 2013 CS 356 Lecture 16 Denial of Service Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter

More information

Project Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology. Project Proposal 1

Project Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology. Project Proposal 1 Project Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology Project Proposal 1 Project Proposal 2 Abstract Honeypot systems are readily used by organizations large and

More information

A Review of Anomaly Detection Techniques in Network Intrusion Detection System

A Review of Anomaly Detection Techniques in Network Intrusion Detection System A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In

More information

Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.

Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Contents Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Technical OverView... Error! Bookmark not defined. Network Intrusion Detection

More information

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015) s (March 4, 2015) Abdou Illia Spring 2015 Test your knowledge Which of the following is true about firewalls? a) A firewall is a hardware device b) A firewall is a software program c) s could be hardware

More information

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam JK0 015 CompTIA E2C Security+ (2008 Edition) Exam Version 4.1 QUESTION NO: 1 Which of the following devices would be used to gain access to a secure network without affecting network connectivity? A. Router

More information

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall

More information

Comparing Two Models of Distributed Denial of Service (DDoS) Defences

Comparing Two Models of Distributed Denial of Service (DDoS) Defences Comparing Two Models of Distributed Denial of Service (DDoS) Defences Siriwat Karndacharuk Computer Science Department The University of Auckland Email: skar018@ec.auckland.ac.nz Abstract A Controller-Agent

More information

NETWORK SECURITY (W/LAB) Course Syllabus

NETWORK SECURITY (W/LAB) Course Syllabus 6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information

More information

Flashback: Internet design goals. Security Part Two: Attacks and Countermeasures. Security Vulnerabilities. Why did they leave it out?

Flashback: Internet design goals. Security Part Two: Attacks and Countermeasures. Security Vulnerabilities. Why did they leave it out? Flashback: Internet design goals Security Part Two: Attacks and Countermeasures 1. Interconnection 2. Failure resilience 3. Multiple types of service 4. Variety of networks 5. Management of resources 6.

More information

CURRENT network intrusion detection systems (NIDSs)

CURRENT network intrusion detection systems (NIDSs) Honeycomb Creating Intrusion Detection Signatures Using Honeypots Christian Kreibich, Jon Crowcroft University of Cambridge Computer Laboratory JJ Thomson Avenue, Cambridge CB3 0FD, United Kingdom firstname.lastname

More information

Taxonomy of Hybrid Honeypots

Taxonomy of Hybrid Honeypots 2011 International Conference on Network and Electronics Engineering IPCSIT vol.11 (2011) (2011) IACSIT Press, Singapore Taxonomy of Hybrid Honeypots Hamid Mohammadzadeh.e.n 1, Masood Mansoori 2 and Roza

More information

A Review on Network Intrusion Detection System Using Open Source Snort

A Review on Network Intrusion Detection System Using Open Source Snort , pp.61-70 http://dx.doi.org/10.14257/ijdta.2016.9.4.05 A Review on Network Intrusion Detection System Using Open Source Snort Sakshi Sharma and Manish Dixit Department of CSE& IT MITS Gwalior, India Sharmasakshi1009@gmail.com,

More information

Intrusion Detection System (IDS)

Intrusion Detection System (IDS) Intrusion Detection System (IDS) Characteristics Systems User, Process predictable actions describing process under that actions what pattern subvert actions attack of correspond the systems processes

More information

Introduction of Intrusion Detection Systems

Introduction of Intrusion Detection Systems Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:

More information

C. Universal Threat Management C.4. Defenses

C. Universal Threat Management C.4. Defenses UTM I&C School Prof. P. Janson September 2014 C. Universal Threat Management C.4. Defenses 1 of 20 Over 80 000 vulnerabilities have been found in existing software These vulnerabilities are under constant

More information

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..

More information

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda

More information

SECURING APACHE : DOS & DDOS ATTACKS - II

SECURING APACHE : DOS & DDOS ATTACKS - II SECURING APACHE : DOS & DDOS ATTACKS - II How DDoS attacks are performed A DDoS attack has to be carefully prepared by the attackers. They first recruit the zombie army, by looking for vulnerable machines,

More information