A Multilevel Approach Towards Challenge Detection in Cloud Computing

Size: px
Start display at page:

Download "A Multilevel Approach Towards Challenge Detection in Cloud Computing"

Transcription

1 1 A Multilevel Approach Towards Challenge Detection in Cloud Computing A Multilevel Approach Towards Challenge Detection in Cloud Computing Noorulhassan Shirazi, Michael R. Watson, Angelos K. Marnerides, Andreas Mauthe and David Hutchison School of Computing and Communications, Lancaster University, Lancaster, UK, LA1 4WA {n.shirazi,m.watson,a.marnerides2,a.mauthe,d.hutchison}@lancs.ac.uk 1 Introduction and Motivation Cloud computing is considered as an ideal solution for unified mission-critical ICT systems and infrastructures due to its elasticity and computing flexibility derived by its distributed nature. However, the critical infrastructure imposes much stronger requirements for security and resilience on a cloud computing environment. In this paper, we illustrate a methodology that exploits the hypervisor level of the cloud nodes. In particular, we consider how anomaly detection can be distributed to each node and coordinated with system level detection for overall cloud resilience based on previous work [1]. 2 Methodology Anomaly detection in cloud computing has been a ground of comprehensive research over the last few years as it presents several challenging problems. In general, anomaly detection techniques are based on specific assumptions about the data, for example the statistical distributions of events. If these assumptions do not match reality, the outcomes can be unacceptable rates of false negatives and false positives [2]. In this work we aim to devise a methodology for anomaly detection which is sufficiently robust to the elasticity of cloud service provisioning environments. We intend to incorporate statistical anomaly detection techniques in our framework due to their strength of detecting unknown attacks. We derive a model of the normal behavior of a network or system and detect divergence from the normal profile. This enables them to detect both known and unknown challenges. Normal pattern will be derived based on payload byte patterns in traffic or volume and entropy information over the traffic in a whole sample size. Both parametric as well as non-parametric techniques could be applied, however due to the fact that non parametric techniques do not generally assume the knowledge of underlying distributions [3] this could be our potential candidate. For simplicity non-parametric techniques for probability den-

2 sity estimation could be employed which involves using kernel functions to estimate the probability distribution functions (pdf) for the normal instances. 3 Framework 3.1 Architecture The overall architecture can be seen in Figure 1 with A representing a single hardsuch as malicious attack scenario has to happen at various levels throughout the cloud infrastructure and hence ware node in the cloud.. Detection under various challenges the observation instances need to coordinate to any observed anomalies. Fig. 1. Architecture overview Each node has a hypervisor, a host VM and a number of guests VMs. Within the host VM of each node there are software components which perform network level analysis and system level analysis. We also incorporate resilience component which provide protection and remediation actions based on the output from network and system level analysis. Such actions include destroying an infected VM or blocking information destined to a vulnerable VM, However, this paper is not concern with resilience component. 3.2 Network level analysis The purpose of the network level analysis is to categorize normal traffic travelling to and from a cloud node and to subsequently identify anomalous traffic, such as that produced by malware. This is achieved by capturing packets from the network intergoal is to faces of each VM and applying feature extraction and offline analysis. The work towards online feature extraction and analysis which would enable real-time anomaly detection. A correlation of layer anomalies at this stage will increase the effectiveness of later correlation with system level data.

3 The network level analysis components comprises of various software scripts that allow an automate post processing by calling tcpdump filtering routines alongside several precompiled tools that are integrated within the CAIDA s CoralReef toolbox 1. These scripts perform feature extraction from the outputs of the CoralReef tools and spans into several post processing outputs that convert STDIN input into various normalized statistical properties on a per-packet (e.g. inter-arrival times, etc) and per flow basis (e.g. counts of packets /bytes per flow, average packet size etc.). These scripts also have an interface with MATLAB for further analysis. The output from these scripts is shown in fig. 2 below. The malware sample (Kelihos) is injected in test bed for sixty minutes and custom scripts were used to analyse network features (packets and flow rate) over sixty minutes of recording Packet Rate 4 Flow Rate Packets / Sec 4.05 Flows / Sec Time in seconds Time in seconds Fig. 2. Packets (left) and Flow (right) per second for sixty minutes of kelihos injection 3.3 System level analysis The system level detection of anomalies is achieved through the observation of VM memory from the hypervisor using virtual machine introspection, such as that provided by the libvmi introspection library. The approach is similar to that applied in the network level, but applied to system level information where we first try to understand the normal behaviour with respect to the operation of processes, after which anomalous behaviour can be identified. The system level component also comprises of various scripts which invoke custom plug-in for feature extraction and provide interface with Matlab for visual analy- 1 CoralReef:

4 sis, as Fig.3 shows, virtual size of memory per bytes during injection of test sample (Kelihos) in test bed for sixty minutes. Fig. 3. Virtual size of memory per bytes over sixty minutes of Kelihos injection 4 Summary Critical infrastructure imposes much stronger requirements for security and resili- ence on cloud computing environment. Therefore, these challenges need to be ad- analysis of both system and net- work-level properties towards overall resilience of the cloud dressed through layered approach i.e., coordinated infrastructure. Acknowledgements This work is sponsored by EU FP7 Project SECCRIT (Secure Cloud Computing for Critical Infrastructure IT), grant agreement no and UK-EPSRC funded IU-ATC project, grant agreement no. EP/J016675/1.

5 References 1. A. K. Marnerides, D. P. Pezaros, and D. Hutchison. Detection and mitigation of abnormal traffic behaviour in autonomic networked environments. In Proceedings of ACM SIGCOMM CoNEXT Conference P. Angelov, P. Sadeghi-Tehran, R. Ramezani, A real time approach to autonomous novelty detection and object tracking in video stream. International Journal of Intelligent Systems, vol.26 (3) , V.Cahndola, A. Banerjee, Anomaly detection: A Survey. In Proceedings of ACM Computing Surveys, September 2009.

Malware Analysis in Cloud Computing: Network and System Characteristics

Malware Analysis in Cloud Computing: Network and System Characteristics Malware Analysis in Cloud Computing: Network and System Characteristics Angelos K. Marnerides, Michael R. Watson, Noorulhassan Shirazi, Andreas Mauthe, and David Hutchison InfoLab21, School of Computing

More information

System Specification. Author: CMU Team

System Specification. Author: CMU Team System Specification Author: CMU Team Date: 09/23/2005 Table of Contents: 1. Introduction...2 1.1. Enhancement of vulnerability scanning tools reports 2 1.2. Intelligent monitoring of traffic to detect

More information

Data Center Fabrics and Their Role in Managing the Big Data Trend

Data Center Fabrics and Their Role in Managing the Big Data Trend Data Center Fabrics and Their Role in Managing the Big Data Trend The emergence of Big Data as a critical technology initiative is one of the driving factors forcing IT decision-makers to explore new alternatives

More information

Intrusion Detection in AlienVault

Intrusion Detection in AlienVault Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat

More information

IU-ATC Network Security and Resilience Monitoring (Theme 4)

IU-ATC Network Security and Resilience Monitoring (Theme 4) IU-ATC Network Security and Resilience Monitoring (Theme 4) Policy-driven Resilience Simulator Alberto Schaeffer-Filho, Paul Smith and Andreas Mauthe Lancaster University India-UK Centre of Excellence

More information

Announcements. Lab 2 now on web site

Announcements. Lab 2 now on web site Lab 2 now on web site Announcements Next week my office hours moved to Monday 4:3pm This week office hours Wednesday 4:3pm as usual Weighting of papers for final discussion [discussion of listen] Bro:

More information

For Peer Review Only. Malware Detection in Cloud Computing Infrastructures. Transactions on Dependable and Secure Computing

For Peer Review Only. Malware Detection in Cloud Computing Infrastructures. Transactions on Dependable and Secure Computing Transactions on Dependable and Secure Computing Malware Detection in Cloud Computing Infrastructures Journal: Transactions on Dependable and Secure Computing Manuscript ID: TDSC-0-0-0.R Manuscript Type:

More information

APPLICATION OF MULTI-AGENT SYSTEMS FOR NETWORK AND INFORMATION PROTECTION

APPLICATION OF MULTI-AGENT SYSTEMS FOR NETWORK AND INFORMATION PROTECTION 18-19 September 2014, BULGARIA 137 Proceedings of the International Conference on Information Technologies (InfoTech-2014) 18-19 September 2014, Bulgaria APPLICATION OF MULTI-AGENT SYSTEMS FOR NETWORK

More information

1.1.1 Introduction to Cloud Computing

1.1.1 Introduction to Cloud Computing 1 CHAPTER 1 INTRODUCTION 1.1 CLOUD COMPUTING 1.1.1 Introduction to Cloud Computing Computing as a service has seen a phenomenal growth in recent years. The primary motivation for this growth has been the

More information

An Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks

An Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks 2011 International Conference on Network and Electronics Engineering IPCSIT vol.11 (2011) (2011) IACSIT Press, Singapore An Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks Reyhaneh

More information

Providing Flexible Security as a Service Model for Cloud Infrastructure

Providing Flexible Security as a Service Model for Cloud Infrastructure Providing Flexible Security as a Service Model for Cloud Infrastructure Dr. M. Newlin Rajkumar, P. Banu Priya, Dr. V. Venkatesakumar Abstract Security-as-a-Service model for cloud systems enable application

More information

Service Definition Document

Service Definition Document Service Definition Document QinetiQ Secure Cloud Protective Monitoring Service (AWARE) QinetiQ Secure Cloud Protective Monitoring Service (DETER) Secure Multi-Tenant Protective Monitoring Service (AWARE)

More information

An Elastic and Adaptive Anti-DDoS Architecture Based on Big Data Analysis and SDN for Operators

An Elastic and Adaptive Anti-DDoS Architecture Based on Big Data Analysis and SDN for Operators An Elastic and Adaptive Anti-DDoS Architecture Based on Big Data Analysis and SDN for Operators Liang Xia Frank.xialiang@huawei.com Tianfu Fu Futianfu@huawei.com Cheng He Danping He hecheng@huawei.com

More information

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery

More information

Concept and Project Objectives

Concept and Project Objectives 3.1 Publishable summary Concept and Project Objectives Proactive and dynamic QoS management, network intrusion detection and early detection of network congestion problems among other applications in the

More information

Computer Meteorology: Monitoring Compute Clouds

Computer Meteorology: Monitoring Compute Clouds Computer Meteorology: Monitoring Compute Clouds Lionel Litty, H. Andrés Lagar-Cavilla, David Lie University of Toronto Infrastructure as a Service (IaaS) Customer Virtual Machine Customer Virtual Machine

More information

Networks and Security Lab. Network Forensics

Networks and Security Lab. Network Forensics Networks and Security Lab Network Forensics Network Forensics - continued We start off from the previous week s exercises and analyze each trace file in detail. Tools needed: Wireshark and your favorite

More information

Software Defined Security Mechanisms for Critical Infrastructure Management

Software Defined Security Mechanisms for Critical Infrastructure Management Software Defined Security Mechanisms for Critical Infrastructure Management SESSION: CRITICAL INFRASTRUCTURE PROTECTION Dr. Anastasios Zafeiropoulos, Senior R&D Architect, Contact: azafeiropoulos@ubitech.eu

More information

Network Traffic Characterization using Energy TF Distributions

Network Traffic Characterization using Energy TF Distributions Network Traffic Characterization using Energy TF Distributions Angelos K. Marnerides a.marnerides@comp.lancs.ac.uk Collaborators: David Hutchison - Lancaster University Dimitrios P. Pezaros - University

More information

spirent Test the security, performance and scalability of your app-aware infrastructure

spirent Test the security, performance and scalability of your app-aware infrastructure spirent Avalanche NEXT Test the security, performance and scalability of your app-aware infrastructure Avalanche NEXT The App-Aware Challenge The deployment of application-aware infrastructure brings with

More information

The webinar will begin shortly

The webinar will begin shortly The webinar will begin shortly An Introduction to Security Intelligence Presented by IBM Security Chris Ross Senior Security Specialist, IBM Security Agenda The Security Landscape An Introduction to Security

More information

CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Intrusion Detection System 1 Intrusion Definitions A set of actions aimed to compromise the security

More information

Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis

Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis Keywords: Intelligent Next-Generation Firewall (ingfw), Unknown Threat, Abnormal Parameter, Abnormal Behavior,

More information

Network Monitoring using MMT:

Network Monitoring using MMT: Network Monitoring using MMT: An application based on the User-Agent field in HTTP headers Vinh Hoa LA Ɨ Raul FUENTES Ɨ PhD Student Prof. Ana CAVALLI Ɨ Ƭ Supervisor Ɨ Telecom SudParis, IMT Ƭ Montimage

More information

LINK EPA Requirements, audit & Safety

LINK EPA Requirements, audit & Safety 2008 Visualization and Controls Peer Review NSTB Program Washington, DC October 21-22, 2008 Anomaly Detection and Distributed Active Response for Proce Control Systems Oak Ridge National Laboratory Summary

More information

SCADA Security Measures

SCADA Security Measures Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA SCADA Security Measures

More information

An overwhelming majority of IaaS clouds leverage virtualization for their foundation.

An overwhelming majority of IaaS clouds leverage virtualization for their foundation. 1 2 3 An overwhelming majority of IaaS clouds leverage virtualization for their foundation. 4 With the use of virtualization comes the use of a hypervisor. Normally, the hypervisor simply provisions resources

More information

Network virtualization in AutoI

Network virtualization in AutoI Network virtualization in AutoI and ResumeNet Future Internet Cluster meeting March, Sophia Antipolis Andreas Fischer, Andreas Berl, Alex Galis, Hermann de Meer Network Virtualization Network virtualization

More information

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

Why a Network-based Security Solution is Better than Using Point Solutions Architectures Why a Network-based Security Solution is Better than Using Point Solutions Architectures In This Paper Many threats today rely on newly discovered vulnerabilities or exploits CPE-based solutions alone

More information

Performance Evaluation of Intrusion Detection Systems

Performance Evaluation of Intrusion Detection Systems Performance Evaluation of Intrusion Detection Systems Waleed Farag & Sanwar Ali Department of Computer Science at Indiana University of Pennsylvania ABIT 2006 Outline Introduction: Intrusion Detection

More information

Computer Network Intrusion Detection, Assessment And Prevention Based on Security Dependency Relation

Computer Network Intrusion Detection, Assessment And Prevention Based on Security Dependency Relation Computer Network Intrusion Detection, Assessment And Prevention Based on Security Dependency Relation Stephen S. Yau and Xinyu Zhang Computer Science and Engineering Department Arizona State University

More information

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Introduction There are numerous statistics published by security vendors, Government

More information

CHAPTER 1 INTRODUCTION

CHAPTER 1 INTRODUCTION 21 CHAPTER 1 INTRODUCTION 1.1 PREAMBLE Wireless ad-hoc network is an autonomous system of wireless nodes connected by wireless links. Wireless ad-hoc network provides a communication over the shared wireless

More information

Security Intelligenece: tracking obfuscated and unrecognized attacks. 2014 Check Point Software Technologies Ltd.

Security Intelligenece: tracking obfuscated and unrecognized attacks. 2014 Check Point Software Technologies Ltd. Security Intelligenece: tracking obfuscated and unrecognized attacks 2014 Check Point Software Technologies Ltd. Security Policy Rule Types: 1 Access People, Applications, Services, Servers, Data 2 Threat

More information

Intrusion Detection: Game Theory, Stochastic Processes and Data Mining

Intrusion Detection: Game Theory, Stochastic Processes and Data Mining Intrusion Detection: Game Theory, Stochastic Processes and Data Mining Joseph Spring 7COM1028 Secure Systems Programming 1 Discussion Points Introduction Firewalls Intrusion Detection Schemes Models Stochastic

More information

Next-Generation Firewalls: Critical to SMB Network Security

Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls provide dramatic improvements in protection versus traditional firewalls, particularly in dealing with today s more

More information

Security Engineering Part III Network Security. Intruders, Malware, Firewalls, and IDSs

Security Engineering Part III Network Security. Intruders, Malware, Firewalls, and IDSs Security Engineering Part III Network Security Intruders, Malware, Firewalls, and IDSs Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer

More information

Application of Netflow logs in Analysis and Detection of DDoS Attacks

Application of Netflow logs in Analysis and Detection of DDoS Attacks International Journal of Computer and Internet Security. ISSN 0974-2247 Volume 8, Number 1 (2016), pp. 1-8 International Research Publication House http://www.irphouse.com Application of Netflow logs in

More information

Packet Flow Analysis and Congestion Control of Big Data by Hadoop

Packet Flow Analysis and Congestion Control of Big Data by Hadoop Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 4, Issue. 6, June 2015, pg.456

More information

How To Detect Denial Of Service Attack On A Network With A Network Traffic Characterization Scheme

How To Detect Denial Of Service Attack On A Network With A Network Traffic Characterization Scheme Efficient Detection for DOS Attacks by Multivariate Correlation Analysis and Trace Back Method for Prevention Thivya. T 1, Karthika.M 2 Student, Department of computer science and engineering, Dhanalakshmi

More information

Sandy. The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis. Garage4Hackers

Sandy. The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis. Garage4Hackers Sandy The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis About Me! I work as a Researcher for a Global Threat Research firm.! Spoke at the few security

More information

Content-ID. Content-ID URLS THREATS DATA

Content-ID. Content-ID URLS THREATS DATA Content-ID DATA CC # SSN Files THREATS Vulnerability Exploits Viruses Spyware Content-ID URLS Web Filtering Content-ID combines a real-time threat prevention engine with a comprehensive URL database and

More information

RID-DoS: Real-time Inter-network Defense Against Denial of Service Attacks. Kathleen M. Moriarty. MIT Lincoln Laboratory.

RID-DoS: Real-time Inter-network Defense Against Denial of Service Attacks. Kathleen M. Moriarty. MIT Lincoln Laboratory. : Real-time Inter-network Defense Against Denial of Service Attacks Kathleen M. Moriarty 22 October 2002 This work was sponsored by the Air Force Contract number F19628-00-C-002. Opinions, interpretations,

More information

IJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 1, March, 2013 ISSN: 2320-8791 www.ijreat.

IJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 1, March, 2013 ISSN: 2320-8791 www.ijreat. Intrusion Detection in Cloud for Smart Phones Namitha Jacob Department of Information Technology, SRM University, Chennai, India Abstract The popularity of smart phone is increasing day to day and the

More information

KEITH LEHNERT AND ERIC FRIEDRICH

KEITH LEHNERT AND ERIC FRIEDRICH MACHINE LEARNING CLASSIFICATION OF MALICIOUS NETWORK TRAFFIC KEITH LEHNERT AND ERIC FRIEDRICH 1. Introduction 1.1. Intrusion Detection Systems. In our society, information systems are everywhere. They

More information

On-Premises DDoS Mitigation for the Enterprise

On-Premises DDoS Mitigation for the Enterprise On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has

More information

Detecting Threats Via Network Anomalies. Paul Martini Cofounder and CEO iboss Cybersecurity

Detecting Threats Via Network Anomalies. Paul Martini Cofounder and CEO iboss Cybersecurity Detecting Threats Via Network Anomalies Paul Martini Cofounder and CEO iboss Cybersecurity Why is Anomaly Detection Important? Largest enterprises with the biggest investment in prevention are still getting

More information

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach

More information

How To Protect A Virtual Desktop From Attack

How To Protect A Virtual Desktop From Attack Endpoint Security: Become Aware of Virtual Desktop Infrastructures! An Ogren Group Special Report May 2011 Executive Summary Virtual desktops infrastructures, VDI, present IT with the unique opportunity

More information

Cenzic Product Guide. Cloud, Mobile and Web Application Security

Cenzic Product Guide. Cloud, Mobile and Web Application Security Cloud, Mobile and Web Application Security Table of Contents Cenzic Enterprise...3 Cenzic Desktop...3 Cenzic Managed Cloud...3 Cenzic Cloud...3 Cenzic Hybrid...3 Cenzic Mobile...4 Technology...4 Continuous

More information

The Web AppSec How-to: The Defenders Toolbox

The Web AppSec How-to: The Defenders Toolbox The Web AppSec How-to: The Defenders Toolbox Web application security has made headline news in the past few years. Incidents such as the targeting of specific sites as a channel to distribute malware

More information

SEMANTIC SECURITY ANALYSIS OF SCADA NETWORKS TO DETECT MALICIOUS CONTROL COMMANDS IN POWER GRID

SEMANTIC SECURITY ANALYSIS OF SCADA NETWORKS TO DETECT MALICIOUS CONTROL COMMANDS IN POWER GRID SEMANTIC SECURITY ANALYSIS OF SCADA NETWORKS TO DETECT MALICIOUS CONTROL COMMANDS IN POWER GRID ZBIGNIEW KALBARCZYK EMAIL: KALBARCZ@ILLINOIS.EDU UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN JANUARY 2014

More information

Detecting Computer Worms in the Cloud

Detecting Computer Worms in the Cloud Detecting Computer Worms in the Cloud Sebastian Biedermann and Stefan Katzenbeisser Security Engineering Group Department of Computer Science Technische Universität Darmstadt {biedermann,katzenbeisser}@seceng.informatik.tu-darmstadt.de

More information

INTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad

INTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad INTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad OUTLINE Security incident Attack scenario Intrusion detection system Issues and challenges Conclusion

More information

Security Visualization Past, Present, Future

Security Visualization Past, Present, Future Security Visualization Past, Present, Future Greg Conti West Point @cyberbgone http://dl.acm.org/citation.cfm?id=2671501 http://link.springer.com/chapter/10.1007%2f978-3-540-85933-8_11 http://images.cdn.stuff.tv/sites/stuff.tv/files/styles/big-image/public/25-best-hacker-movies-ever-the-matrix.jpg?itok=kiwtknw1

More information

Self-Defending Approach of a Network

Self-Defending Approach of a Network Self-Defending Approach of a Network Anshuman Kumar 1, Abhilash Kamtam 2, Prof. U. C. Patkar 3 (Guide) 1Bharati Vidyapeeth's College of Engineering Lavale, Pune-412115, India 2Bharati Vidyapeeth's College

More information

Cisco Cyber Threat Defense - Visibility and Network Prevention

Cisco Cyber Threat Defense - Visibility and Network Prevention White Paper Advanced Threat Detection: Gain Network Visibility and Stop Malware What You Will Learn The Cisco Cyber Threat Defense (CTD) solution brings visibility to all the points of your extended network,

More information

Streamlining Web and Email Security

Streamlining Web and Email Security How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor

More information

Stephen Coty Director, Threat Research

Stephen Coty Director, Threat Research Emerging threats facing Cloud Computing Stephen Coty Director, Threat Research Cloud Environments 101 Cloud Adoption is Gaining Momentum Cloud market revenue will increase at a 36% annual rate Analyst

More information

Full System Emulation:

Full System Emulation: Full System Emulation: Achieving Successful Automated Dynamic Analysis of Evasive Malware Christopher Kruegel Lastline, Inc. chris@lastline.com 1 Introduction Automated malware analysis systems (or sandboxes)

More information

Cisco Remote Management Services for Security

Cisco Remote Management Services for Security Cisco Remote Management Services for Security Innovation: Many Take Advantage of It, Some Strive for It, Cisco Delivers It. Cisco Remote Management Services (RMS) for Security provide around the clock

More information

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning Niara Security Analytics Automatically detect attacks on the inside using machine learning Automatically detect attacks on the inside Supercharge analysts capabilities Enhance existing security investments

More information

The Cyber Threat Profiler

The Cyber Threat Profiler Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are

More information

Virtualization for Cloud Computing

Virtualization for Cloud Computing Virtualization for Cloud Computing Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF CLOUD COMPUTING On demand provision of computational resources

More information

Security Model for VM in Cloud

Security Model for VM in Cloud Security Model for VM in Cloud 1 Venkataramana.Kanaparti, 2 Naveen Kumar R, 3 Rajani.S, 4 Padmavathamma M, 5 Anitha.C 1,2,3,5 Research Scholars, 4Research Supervisor 1,2,3,4,5 Dept. of Computer Science,

More information

Top virtualization security risks and how to prevent them

Top virtualization security risks and how to prevent them E-Guide Top virtualization security risks and how to prevent them There are multiple attack avenues in virtual environments, but this tip highlights the most common threats that are likely to be experienced

More information

Intrusion Detection System using Log Files and Reinforcement Learning

Intrusion Detection System using Log Files and Reinforcement Learning Intrusion Detection System using Log Files and Reinforcement Learning Bhagyashree Deokar, Ambarish Hazarnis Department of Computer Engineering K. J. Somaiya College of Engineering, Mumbai, India ABSTRACT

More information

DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? A Typical Attack Scenario

DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? A Typical Attack Scenario DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? Drive-by Downloads are a common technique used by attackers to silently install malware on a victim s computer. Once a target website has been weaponized with

More information

Content-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.

Content-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network. Content-ID Content-ID enables customers to apply policies to inspect and control content traversing the network. Malware & Vulnerability Research 0-day Malware and Exploits from WildFire Industry Collaboration

More information

Orchestrating Software Defined Networks (SDN) to Disrupt the APT Kill Chain

Orchestrating Software Defined Networks (SDN) to Disrupt the APT Kill Chain SESSION ID: ANF-T08 Orchestrating Software Defined Networks (SDN) to Disrupt the APT Kill Chain Sean Doherty VP Technology Partnerships and Alliances Symantec @SeandDInfo Deb Banerjee Chief Architect,

More information

How To Protect A Network From Attack From A Hacker (Hbss)

How To Protect A Network From Attack From A Hacker (Hbss) Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures DAVID COLE, DIRECTOR IS AUDITS, U.S. HOUSE OF REPRESENTATIVES Assessment Planning Assessment Execution Assessment

More information

Detecting Threats in Network Security by Analyzing Network Packets using Wireshark

Detecting Threats in Network Security by Analyzing Network Packets using Wireshark 1 st International Conference of Recent Trends in Information and Communication Technologies Detecting Threats in Network Security by Analyzing Network Packets using Wireshark Abdulalem Ali *, Arafat Al-Dhaqm,

More information

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle

More information

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing

More information

International Journal of Enterprise Computing and Business Systems ISSN (Online) : 2230-8849

International Journal of Enterprise Computing and Business Systems ISSN (Online) : 2230-8849 WINDOWS-BASED APPLICATION AWARE NETWORK INTERCEPTOR Ms. Shalvi Dave [1], Mr. Jimit Mahadevia [2], Prof. Bhushan Trivedi [3] [1] Asst.Prof., MCA Department, IITE, Ahmedabad, INDIA [2] Chief Architect, Elitecore

More information

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know I n t r o d u c t i o n Until the late 1990s, network security threats were predominantly written by programmers seeking notoriety,

More information

Sophistication of attacks will keep improving, especially APT and zero-day exploits

Sophistication of attacks will keep improving, especially APT and zero-day exploits FAQ Isla Q&A General What is Isla? Isla is an innovative, enterprise-class web malware isolation system that prevents all browser-borne malware from penetrating corporate networks and infecting endpoint

More information

SURVEY OF INTRUSION DETECTION SYSTEM

SURVEY OF INTRUSION DETECTION SYSTEM SURVEY OF INTRUSION DETECTION SYSTEM PRAJAPATI VAIBHAVI S. SHARMA DIPIKA V. ASST. PROF. ASST. PROF. MANISH INSTITUTE OF COMPUTER STUDIES MANISH INSTITUTE OF COMPUTER STUDIES VISNAGAR VISNAGAR GUJARAT GUJARAT

More information

MULTI LAYERS INTERFERENCE DETECTION SYSTEM IN WEB BASED SERVICES

MULTI LAYERS INTERFERENCE DETECTION SYSTEM IN WEB BASED SERVICES http:// MULTI LAYERS INTERFERENCE DETECTION SYSTEM IN WEB BASED SERVICES Jasti Hima Bindu 1, K. Satya Sandeep 2 1 Pursuing M.tech (IT), 2 Assistant professor, Nalanda Institute of Engineering & Technology,

More information

Visualizing Threats: Improved Cyber Security Through Network Visualization

Visualizing Threats: Improved Cyber Security Through Network Visualization Visualizing Threats: Improved Cyber Security Through Network Visualization Intended audience This white paper has been written for anyone interested in enhancing an organizational cyber security regime

More information

IBM SECURITY QRADAR INCIDENT FORENSICS

IBM SECURITY QRADAR INCIDENT FORENSICS IBM SECURITY QRADAR INCIDENT FORENSICS DELIVERING CLARITY TO CYBER SECURITY INVESTIGATIONS Gyenese Péter Channel Sales Leader, CEE IBM Security Systems 12014 IBM Corporation Harsh realities for many enterprise

More information

Hybrid Intrusion Detection System Using K-Means Algorithm

Hybrid Intrusion Detection System Using K-Means Algorithm International Journal of Computer Sciences and Engineering Open Access Review Paper Volume-4, Issue-3 E-ISSN: 2347-2693 Hybrid Intrusion Detection System Using K-Means Algorithm Darshan K. Dagly 1*, Rohan

More information

Detection and mitigation of Web Services Attacks using Markov Model

Detection and mitigation of Web Services Attacks using Markov Model Detection and mitigation of Web Services Attacks using Markov Model Vivek Relan RELAN1@UMBC.EDU Bhushan Sonawane BHUSHAN1@UMBC.EDU Department of Computer Science and Engineering, University of Maryland,

More information

VIRTUALIZATION INTROSPECTION SYSTEM ON KVM-BASED CLOUD COMPUTING PLATFORMS. 100356010@nccu.edu.tw Advisor: yuf@nccu.edu.tw Software Security Lab.

VIRTUALIZATION INTROSPECTION SYSTEM ON KVM-BASED CLOUD COMPUTING PLATFORMS. 100356010@nccu.edu.tw Advisor: yuf@nccu.edu.tw Software Security Lab. VIRTUALIZATION INTROSPECTION SYSTEM ON KVM-BASED CLOUD COMPUTING PLATFORMS 100356010@nccu.edu.tw Advisor: yuf@nccu.edu.tw Software Security Lab. Motivation The era of cloud computing Motivation In the

More information

How Lastline Has Better Breach Detection Capabilities. By David Strom December 2014 david@strom.com

How Lastline Has Better Breach Detection Capabilities. By David Strom December 2014 david@strom.com How Lastline Has Better Breach Detection Capabilities By David Strom December 2014 david@strom.com The Internet is a nasty place, and getting nastier. Current breach detection products using traditional

More information

Beginning the journey to smart water companies starting with water networks

Beginning the journey to smart water companies starting with water networks Beginning the journey to smart water companies starting with water networks Paul Rutter, Water Innovation Manager, Thames Water Joby Boxall, Professor of Water Infrastructure Engineering, The University

More information

Introducing IBM s Advanced Threat Protection Platform

Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM

More information

Emulating an Embedded Firewall

Emulating an Embedded Firewall Emulating an Embedded Firewall Clifford Neuman, Deepak Dayama, and Arun Viswanathan University of Southern California Abstract The Adventium Labs Embedded Distributed Firewall provides a simple interface

More information

Cyber security in healthcare

Cyber security in healthcare Cyber security in healthcare Julian Meyrick, Vice President IBM Security Services Europe julian_meyrick@uk.ibm.com Healthcare is one of the top 5 industries that continue to offer attackers the most significant

More information

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats Executive Summary Palo Alto Networks strategic partnership with Splunk brings the power of our next generation

More information

A Survey on Virtual Machine Security

A Survey on Virtual Machine Security A Survey on Virtual Machine Security Jenni Susan Reuben Helsinki University of Technology jreubens@cc.hut.fi Abstract Virtualization plays a major role in helping the organizations to reduce the operational

More information

Cisco Cloud Web Security Key Functionality [NOTE: Place caption above figure.]

Cisco Cloud Web Security Key Functionality [NOTE: Place caption above figure.] Cisco Cloud Web Security Cisco IT Methods Introduction Malicious scripts, or malware, are executable code added to webpages that execute when the user visits the site. Many of these seemingly harmless

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

A HYBRID RULE BASED FUZZY-NEURAL EXPERT SYSTEM FOR PASSIVE NETWORK MONITORING

A HYBRID RULE BASED FUZZY-NEURAL EXPERT SYSTEM FOR PASSIVE NETWORK MONITORING A HYBRID RULE BASED FUZZY-NEURAL EXPERT SYSTEM FOR PASSIVE NETWORK MONITORING AZRUDDIN AHMAD, GOBITHASAN RUDRUSAMY, RAHMAT BUDIARTO, AZMAN SAMSUDIN, SURESRAWAN RAMADASS. Network Research Group School of

More information

Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP

Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Aakanksha Vijay M.tech, Department of Computer Science Suresh Gyan Vihar University Jaipur, India Mrs Savita Shiwani Head Of

More information

Assuria from ZeroDayLab

Assuria from ZeroDayLab Passionate about Total Security Management Assuria from ZeroDayLab Forensic Log Management SIM/SIEM2 As one of Europe s leading IT Security Consulting companies, ZeroDayLab has been carrying out Security

More information

International Journal of Computer Science Trends and Technology (IJCST) Volume 3 Issue 3, May-June 2015

International Journal of Computer Science Trends and Technology (IJCST) Volume 3 Issue 3, May-June 2015 RESEARCH ARTICLE OPEN ACCESS Data Mining Technology for Efficient Network Security Management Ankit Naik [1], S.W. Ahmad [2] Student [1], Assistant Professor [2] Department of Computer Science and Engineering

More information

WHITE PAPER. Addressing Monitoring, Access, and Control Challenges in a Virtualized Environment

WHITE PAPER. Addressing Monitoring, Access, and Control Challenges in a Virtualized Environment WHITE PAPER Addressing Monitoring, Access, and Control Challenges in a Virtualized Environment www.ixiacom.com 915-6892-01 Rev. A, July 2014 2 Table of Contents The Challenge of the Virtual Environment...

More information

Conclusions and Future Directions

Conclusions and Future Directions Chapter 9 This chapter summarizes the thesis with discussion of (a) the findings and the contributions to the state-of-the-art in the disciplines covered by this work, and (b) future work, those directions

More information

End to End Defense against Rootkits in Cloud Environment. Design- Part 2

End to End Defense against Rootkits in Cloud Environment. Design- Part 2 End to End Defense against Rootkits in Cloud Environment Design- Part 2 Sachin Shetty Associate Professor Electrical and Computer Engineering Director, Cybersecurity Laboratory Tennessee State University

More information