Lesson #8: Correlation. Matthijs Koot / SNE-IDS college 06-07
|
|
- Angelina Hicks
- 7 years ago
- Views:
Transcription
1 Lesson #8: Correlation Faculteit van Natuurwetenschappen, Wiskunde en Informatica Universiteit van Amsterdam / SNE-IDS college 06-07
2 Outline
3 Warning. Warning Don t expect to see the topics discussed today be reflected in next year s IDS-product (except perhaps by their marketeers). Consider them a way forward", which will require cooperation and consensus from non-ids vendors.
4 Outline
5 Events and alerts.
6 Events and alerts.
7 Event correlation vs. and alert correlation.
8 Definitions. Dan Gorton, 2001: Definition Intrusion event correlation refers to the interpretation, combination, and analysis of neutral events from all available sources, about target system activity for the purposes of intrusion detection and response. Definition Intrusion alert correlation refers to the interpretation, combination, and analysis of intrusion alerts, together with information external to the intrusion detection system, with the purpose of intrusion alert refinement and intrusion scenario building.
9 Outline
10 Logging policy. Logging policy: what loggables should be logged? Consider: Guidelines on logging for security purposes Ask thyself: what loggables are relevant to detecting threats? "Best logging practices" Security expert advice Abstraction level Data activity Application activity OS activity Network activity Context Security domain/level, asset value Public vs. non-public infrastructure (churn)
11 Alerting policy. Alerting policy: what events yield an alert? Consider: Guidelines on alerting Ask thyself: what combination of events indicate an intrusion? "Best alerting practices" Security expert advice Context (again) Security domain/level, asset value Public vs. non-public infrastructure (churn) BUT ALSO: business-specific understanding of threat and intrusion MUST be resolvable to business goals SHOULD be resolvable to IT-goals
12 Outline
13 Goals. aims to: Reduce the total number of alerts Elimination Fusion Aggregation Synthesis Improve diagnostics Type of activity Relevance Verification Track activity Information leaked to attacker Information leaked from attacker
14 process. Source: Krueger, Valeur, Vigna - and Correlation", Springer 2005
15 Outline
16 . Syntax AND semantics Syntax: CIDF yielded IETF-IDWG, which yielded IDMEF/IDXP (next slide) Semantics: under construction - CVE, intrusion alert ontology,... Source: Krueger, Valeur, Vigna - and Correlation", Springer 2005
17 IDMEF data model. IDMEF = Message Exchange Format
18 IDXP transport model. IDXP = Exchange Protocol BEEP = Blocks Extensible Exchange Protocol (RFC 3080) IDXP carries IDMEF messages and is implemented as a BEEP profile
19 Outline
20 Alert fusion. Recognize and remove redundancy in alerts from different sensors
21 Alert verification. Alert verification Passive Verify target s (in)vulnerability in CMDB (and waive OS/2-Warp attacks on MINIX machines :-)) Wait for post-intrusion activity Wait for post-intrusion INactivity (missing heartbeats?) Active (perturbing) Connect to target, check for rogue processes Connect to target, check config files against known-good hashes
22 Outline
23 Two approaches to correlation. "Aha! Alerts seem to match <attack-pattern>." "I don t know what s happening, but these alerts appear (statistically) related."
24 Alert thread reconstruction. Cluster alerts into threads based on spatial and temporal proximity Incoming alerts are added to their best-matching thread One thread represents one attack (session) Questions to ask: Which attributes should be compared? How is a comparison actually done? What weight is assigned to each attribute? > Similarity matrices, similarity expectations require human knowledge, (re)introducing human fallibility (Ning).
25 Outline
26 Predefined attack scenarios. Specification of attack scenarios: Attack Scenario Language (Kruegel) Chronicles formalism (Debar) LAMBA (Cuppens)
27 Prerequisite-consequence analysis. Alert conditionality through hyper-alerts: (fact, prerequisite, consequence) Prerequisite specifies a condition for a successful attack Consequence specifies possible result If chronologics allow it, this may fulfill another prerequisite This yields a (may-)prepare-for relation
28 Prerequisite-consequence analysis (2). Example hyper-alert correlation graph Source: Ning et al - Techniques and Tools for Analyzing Intrusion Alerts", 2004
29 Purpose and value of correlation process ad 2005 Not discussed: Bayes and Granger-Causality for behavior-based correlation
30 Feedback! Question Questions?
INTRUSION DETECTION ALARM CORRELATION: A SURVEY
INTRUSION DETECTION ALARM CORRELATION: A SURVEY Urko Zurutuza, Roberto Uribeetxeberria Computer Science Department, Mondragon University Mondragon, Gipuzkoa, (Spain) {uzurutuza,ruribeetxeberria}@eps.mondragon.edu
More informationIntrusion Alert Correlation Technique Analysis for Heterogeneous Log
132 Intrusion Correlation Analysis for Heterogeneous Log Robiah Yusof, Siti Rahayu Selamat, Shahrin Sahib Faculty of Information Technology and Communication, Universiti Teknikal Malaysia Melaka, Ayer
More informationLayered Approach of Intrusion Detection System with Efficient Alert Aggregation for Heterogeneous Networks
Layered Approach of Intrusion Detection System with Efficient Alert Aggregation for Heterogeneous Networks Lohith Raj S N, Shanthi M B, Jitendranath Mungara Abstract Protecting data from the intruders
More informationIRSS: Incident Response Support System. Ing. Gianluca Capuzzi
IRSS: Incident Response Support System Ing. Gianluca Capuzzi Research Project Team Dipartimento di Ingegneria Informatica, Gestionale e dell Automazione, Università Politecnica delle Marche Ing. Gianluca
More informationThe research area of SET group is software engineering, and model-based software engineering in particular:
Introduction The research area of SET group is software engineering, and model-based software engineering in particular: Given the high-tech software-intensive industry in the Eindhoven region, we consider
More informationIntrusion Detection Systems
Intrusion Detection Systems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-07/
More informationThe Ontological Approach for SIEM Data Repository
The Ontological Approach for SIEM Data Repository Igor Kotenko, Olga Polubelova, and Igor Saenko Laboratory of Computer Science Problems, Saint-Petersburg Institute for Information and Automation of Russian
More informationStandardized Parameterization of Intrusion Detection Systems
Standardized Parameterization of Intrusion Detection Systems Björn-C. Bösch Abstract Efficiency of Intrusion Detection Systems (IDS) depends on their configuration and coverage of services. The coverage
More informationAlarm Clustering for Intrusion Detection Systems in Computer Networks
Alarm Clustering for Intrusion Detection Systems in Computer Networks Giorgio Giacinto, Roberto Perdisci, Fabio Roli Department of Electrical and Electronic Engineering, University of Cagliari Piazza D
More informationINTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad
INTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad OUTLINE Security incident Attack scenario Intrusion detection system Issues and challenges Conclusion
More informationNetwork Forensics Analysis with Evidence Graphs (Demo Proposal)
Network Forensics Analysis with Evidence Graphs (Demo Proposal) Wei Wang and Thomas E. Daniels Department of Electrical and Computer Engineering Iowa State University Ames, Iowa 50010 Email: {weiwang,daniels}@iastate.edu
More informationSelf-organized Collaboration of Distributed IDS Sensors
Self-organized Collaboration of Distributed IDS Sensors KarelBartos 1 and Martin Rehak 1,2 and Michal Svoboda 2 1 Faculty of Electrical Engineering Czech Technical University in Prague 2 Cognitive Security,
More informationIndependent and Comprehensive Intrusion Detection Management
International Journal of Computer Science and Telecommunications [Volume 3, Issue 7, July 2012] 1 ISSN 2047-3338 Independent and Comprehensive Intrusion Detection Management Björn-C. Bösch Abstract Coverage
More informationHow To Create A Data Science System
Enhance Collaboration and Data Sharing for Faster Decisions and Improved Mission Outcome Richard Breakiron Senior Director, Cyber Solutions Rbreakiron@vion.com Office: 571-353-6127 / Cell: 803-443-8002
More informationNetwork Intrusion Alert Aggregation Based on PCA and Expectation Maximization Clustering Algorithm
2009 International Conference on Computer Engineering and Applications IPCSIT vol.2 (2011) (2011) IACSIT Press, Singapore Network Intrusion Alert Aggregation Based on PCA and Expectation Maximization Clustering
More informationHigh Availability and Clustering
High Availability and Clustering AdvOSS-HA is a software application that enables High Availability and Clustering; a critical requirement for any carrier grade solution. It implements multiple redundancy
More informationSTANDARDISATION AND CLASSIFICATION OF ALERTS GENERATED BY INTRUSION DETECTION SYSTEMS
STANDARDISATION AND CLASSIFICATION OF ALERTS GENERATED BY INTRUSION DETECTION SYSTEMS Athira A B 1 and Vinod Pathari 2 1 Department of Computer Engineering,National Institute Of Technology Calicut, India
More informationIDS Interoperability and Correlation Using IDMEF and Commodity Systems
IDS Interoperability and Correlation Using IDMEF and Commodity Systems Nathan Carey, Andrew Clark and George Mohay Information Security Research Centre, Faculty of Information Technology, Queensland University
More informationVirtual Terrain: A Security-Based Representation of a Computer Network
Virtual Terrain: A Security-Based Representation of a Computer Network Jared Holsopple* a, Shanchieh Yang b, Brian Argauer b a CUBRC, 4455 Genesee St, Buffalo, NY, USA 14225; b Dept. of Computer Engineering,
More informationHow To Understand The Theory Of Alert Correlation
Alert Correlation Survey: Framework and Techniques Reza Sadoddin Network Security Laboratory University of New Brunswick Fredericton, New Brunswick, Canada reza.sadoddin@unb.ca Ali Ghorbani Network Security
More informationIdentification of correlated network intrusion alerts
Identification of correlated network intrusion alerts Mirco Marchetti, Michele Colajanni, Fabio Manganiello Department of Information Engineering University of Modena and Reggio Emilia Modena, Italy {mirco.marchetti,
More informationIndustry 4.0 and Big Data
Industry 4.0 and Big Data Marek Obitko, mobitko@ra.rockwell.com Senior Research Engineer 03/25/2015 PUBLIC PUBLIC - 5058-CO900H 2 Background Joint work with Czech Institute of Informatics, Robotics and
More informationAlert Prioritization in Intrusion Detection Systems
Alert Prioritization in Intrusion Detection Systems Khalid Alsubhi, Ehab Al-Shaer, and Raouf Boutaba ( )Davird R. Cheriton School of Computer Science, University of Waterloo, Canada ( )School of Computer
More informationSIMPLIFYING THE PATCH MANAGEMENT PROCESS
SIMPLIFYING THE PATCH MANAGEMENT PROCESS www.icsupdate.com Monta Elkins Security Architect FoxGuard Solutions melkins@foxguardsolutions.com SIMPLIFYING THE PATCH MANAGEMENT PROCESS 2 SIMPLIFYING THE PATCH
More informationTitle: Alert Correlation in Collaborative Intelligent Intrusion Detection Systems-ASurvey
Title: Alert Correlation in Collaborative Intelligent Intrusion Detection Systems-ASurvey Authors: Izzeldin Mohamed Osman, Huwaida Tagelsir Elshoush PII: S1568-4946(10)00311-X DOI: doi:10.1016/j.asoc.2010.12.004
More informationACAPS An Access Control Mechanism to Protect the Components of an Attack Prevention System
ACAPS An Access Control Mechanism to Protect the Components of an Attack Prevention System Joaquín García, Sergio Castillo, Guillermo Navarro, Joan Borrell {jgarcia,scastillo,gnavarro,jborrell}@deic.uab.es
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities Learning Objectives Name the common categories of vulnerabilities Discuss common system
More informationInformation Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus
Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination
More informationIntegration of Standardized Syntax and Semantics (Common Language) into CSIRT Operations
INFORMATION SOCIETIES TECHNOLOGY (IST) PROGRAMME Proposal acronym: Proposal full title: ecsirt.net European CSIRT Network Proposal/Contract number: IST-2001-37558 Integration of Standardized Syntax and
More informationDEVELOPMENT OF THREAT EVALUATION TOOL FOR DISTRIBUTED NETWORK ENVIRONMENT. Keun-Hee Han, Il-Gon Kim Kang-Won Lee, Jin-Young Choi.
Computing and Informatics, Vol. 24, 2005, 109 121 DEVELOPMENT OF THREAT EVALUATION TOOL FOR DISTRIBUTED NETWORK ENVIRONMENT Keun-Hee Han, Il-Gon Kim Kang-Won Lee, Jin-Young Choi Department of Computer
More informationINTRUSION PREVENTION AND EXPERT SYSTEMS
INTRUSION PREVENTION AND EXPERT SYSTEMS By Avi Chesla avic@v-secure.com Introduction Over the past few years, the market has developed new expectations from the security industry, especially from the intrusion
More informationApplication Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1
Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1 This document supports the version of each product listed and supports all subsequent versions until the document
More informationQuestions? Assignment. Techniques for Gathering Requirements. Gathering and Analysing Requirements
Questions? Assignment Why is proper project management important? What is goal of domain analysis? What is the difference between functional and non- functional requirements? Why is it important for requirements
More informationFalse Alert Reduction and Correlation for Attack Scenarios with Automatic Time Window
False Alert Reduction and Correlation for Attack Scenarios with Automatic Time Window M. Logaprakash Department of CSE (PG) Sri Ramakrishna Engineering College Coimbatore, India Abstract - The Intrusion
More informationSilect Software s MP Author
Silect MP Author for Microsoft System Center Operations Manager Silect Software s MP Author User Guide September 2, 2015 Disclaimer The information in this document is furnished for informational use only,
More informationHOW ACUNETIX ENSURES WEB APPLICATION SECURITY
HOW ACUNETIX ENSURES WEB APPLICATION SECURITY www.alliancetechpartners.com HOW ACUNETIX ENSURES WEB APPLICATION SECURITY Waiting for a security breach to occur is not an option for businesses that deal
More informationTNT SOFTWARE White Paper Series
TNT SOFTWARE White Paper Series Event Log Monitor White Paper: Architecture T N T Software www.tntsoftware.com TNT SOFTWARE Event Log Monitor Architecture 2000 TNT Software All Rights Reserved 1308 NE
More informationIntegration Misuse and Anomaly Detection Techniques on Distributed Sensors
Integration Misuse and Anomaly Detection Techniques on Distributed Sensors Shih-Yi Tu Chung-Huang Yang Kouichi Sakurai Graduate Institute of Information and Computer Education, National Kaohsiung Normal
More informationNetwork Intrusion Detection Systems. Beyond packet filtering
Network Intrusion Detection Systems Beyond packet filtering Goal of NIDS Detect attacks as they happen: Real-time monitoring of networks Provide information about attacks that have succeeded: Forensic
More informationFortiAnalyzer VM (VMware) Install Guide
FortiAnalyzer VM (VMware) Install Guide FortiAnalyzer VM (VMware) Install Guide December 05, 2014 05-520-203396-20141205 Copyright 2014 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare
More informationLog Analysis: Overall Issues p. 1 Introduction p. 2 IT Budgets and Results: Leveraging OSS Solutions at Little Cost p. 2 Reporting Security
Foreword p. xvii Log Analysis: Overall Issues p. 1 Introduction p. 2 IT Budgets and Results: Leveraging OSS Solutions at Little Cost p. 2 Reporting Security Information to Management p. 5 Example of an
More informationWhite Paper How Noah Mobile uses Microsoft Azure Core Services
NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah
More informationAttack Taxonomies and Ontologies
Lehrstuhl Netzarchitekturen und Netzdienste Institut für Informatik Technische Universität München Attack Taxonomies and Ontologies Seminar Future Internet Supervisor: Nadine Herold Natascha Abrek 02.10.2014
More informationCisco AnyConnect Secure Mobility Solution Guide
Cisco AnyConnect Secure Mobility Solution Guide This document contains the following information: Cisco AnyConnect Secure Mobility Overview, page 1 Understanding How AnyConnect Secure Mobility Works, page
More informationState Data Center. VMAX Data Migration Guide
State Data Center VMAX Data Migration Guide Version 1.0 June 26, 2013 Prepared by: Steve Lovaas, Enterprise Projects Client Liaison Contents DOCUMENT REVISION HISTORY... 3 INTRODUCTION AND PURPOSE... 4
More informationAN XML-BASED DATA MODEL FOR VULNERABILITY ASSESSMENT REPORTS
AN XML-BASED DATA MODEL FOR VULNERABILITY ASSESSMENT REPORTS George Valvisland Despina polemi2 ' University of Pireaus, Informatics Department, Karaoli & Dimitriou 80 Pireaus 18534, Greece gvr~lvi,si@honko/kreece.gt~;
More informationEnterprise Application Monitoring with
Enterprise Application Monitoring with 11/10/2007 Presented by James Peel james.peel@altinity.com / www.altinity.com 1 Who am I? James Peel - james.peel@altinity.com Job: Managing Director of Altinity
More informationInstallation and configuration guide
Installation and Configuration Guide Installation and configuration guide Adding X-Username support to Forward and Reverse Proxy TMG Servers Published: December 2010 Applies to: Winfrasoft X-Username for
More informationGecontroleerde grip op uw netwerk security en netwerk beheer
Gecontroleerde grip op uw netwerk security en netwerk beheer 19 11-2015 Marcel Golverdingen Who is Tucana en what are our activities? Pan-European supplier with offices in Belgium, France, Germany and
More informationRT Support Ticket System
Table of Contents RT Self Service Panel Login... 1 Creating a New Ticket... 1 Reviewing the Ticket... 3 Reading a Thread... 3 Resolving a Ticket... 4 Re-opening a Ticket... 4 Note: At the time of purchase,
More informationInstalling and Configuring vcenter Support Assistant
Installing and Configuring vcenter Support Assistant vcenter Support Assistant 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationAnatomy of Cyber Threats, Vulnerabilities, and Attacks
Anatomy of Cyber Threats, Vulnerabilities, and Attacks ACTIONABLE THREAT INTELLIGENCE FROM ONTOLOGY-BASED ANALYTICS 1 Anatomy of Cyber Threats, Vulnerabilities, and Attacks Copyright 2015 Recorded Future,
More informationCopyright 2013 EMC Corporation. All Rights Reserved.
White Paper INSTALLING AND CONFIGURING AN EMC DOCUMENTUM CONTENT TRANSFORMATION SERVICES 7.0 CLUSTER TO WORK WITH A DOCUMENTUM CONTENT SERVER 7.0 CLUSTER IN SECURE SOCKETS LAYER Abstract This white paper
More informationTk20 Network Infrastructure
Tk20 Network Infrastructure Tk20 Network Infrastructure Table of Contents Overview... 4 Physical Layout... 4 Air Conditioning:... 4 Backup Power:... 4 Personnel Security:... 4 Fire Prevention and Suppression:...
More informationDigital Image Increase
Exploiting redundancy for reliable aerial computer vision 1 Digital Image Increase 2 Images Worldwide 3 Terrestrial Image Acquisition 4 Aerial Photogrammetry 5 New Sensor Platforms Towards Fully Automatic
More informationA Case Study on Constructing a Security Event Management (SEM) System
A Case Study on Constructing a Security Event Management (SEM) System Vijay K. Gurbani Joint work with D.L. Cook, L.E. Menten, and T.B. Reddington Security Technology Research Bell Laboratories, Alcatel-Lucent
More informationDescription of Actual State Sensor Types for the Software Asset Management (SWAM) Capability. 7 Jul 2014
Description of Actual State Sensor Types for the Software Asset Management (SWAM) Capability 7 Jul 2014 1 Purpose This document is intended to provide insight on the types of tools and technologies that
More informationEffective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention
Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Your Security Challenges Defending the Dynamic Network! Dynamic threats 䕬 䕬 䕬 䕬 Many threats
More informationBeyond Check The Box
Beyond Check The Box Powering Intrusion Investigations PRESENTED BY: Jim Aldridge 27 MARCH 2014 Five Important Capabilities Mapping an IP address to a hostname Identifying the systems to which a specified
More informationRESEARCH PROPOSAL: AN INTRUSION DETECTION SYSTEM ALERT REDUCTION AND ASSESSMENT FRAMEWORK BASED ON DATA MINING
Journal of Computer Science, 9 (4): 421-426, 2013 ISSN 1549-3636 2013 doi:10.3844/jcssp.2013.421.426 Published Online 9 (4) 2013 (http://www.thescipub.com/jcs.toc) RESEARCH PROPOSAL: AN INTRUSION DETECTION
More informationLR120 LoadRunner 12.0 Essentials
LR120 LoadRunner 12.0 Essentials Overview This five-day course introduces students to HP LoadRunner 12.0, including the usage of Virtual User Generator (VuGen), Controller and Analysis tools. This course
More informationDevelopment of Technology for Detecting Advanced Persistent Threat Activities
FOR IMMEDIATE RELEASE Development of Technology for Detecting Advanced Persistent Threat Activities Visualizing correlations among hosts having suspicious activities to detect attacks such as stealth malware
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationRemote Service. SASG - Big Data From machine design to IT management & Remote Service. Marcel Boosten Philips Healthcare October 7, 2014
Remote Service SASG - Big Data From machine design to IT management & Remote Service Marcel Boosten Philips Healthcare October 7, 2014 1 Marcel Boosten Philips Lead Design for Serviceability Solution Architect
More information1. Introduction. Matthijs Koot (koot@uva.nl) 2007-04-02 / SNE-IDS college 06-07
1. Universiteit van Amsterdam 2007-04-02 / SNE-IDS college 06-07 Outline Outline Course objectives. Course objectives Knowledge IDS taxonomy and architecture Skills Traffic analysis Setting up Snort Basic
More informationIntrusive vs. Non-Intrusive Vulnerability Scanning Technology
WHITE PAPER Intrusive vs. Non-Intrusive Vulnerability Scanning Technology Retina Network Security Scanner Table of Contents The Smash-and-Grab: Taking the Low Road 3 The Smooth Caper: Taking the High Road
More informationInformatica Master Data Management Multi Domain Hub API: Performance and Scalability Diagnostics Checklist
Informatica Master Data Management Multi Domain Hub API: Performance and Scalability Diagnostics Checklist 2012 Informatica Corporation. No part of this document may be reproduced or transmitted in any
More informationFirewalls & Intrusion Detection
Firewalls & Intrusion Detection CS 594 Special Topics/Kent Law School: Computer and Network Privacy and Security: Ethical, Legal, and Technical Consideration 2007, 2008 Robert H. Sloan Security Intrusion
More informationA Framework for Secure and Verifiable Logging in Public Communication Networks
A Framework for Secure and Verifiable Logging in Public Communication Networks Vassilios Stathopoulos, Panayiotis Kotzanikolaou and Emmanouil Magkos {v.stathopoulos, p.kotzanikolaou}@adae.gr emagos@ionio.gr
More informationAlert Verification Determining the Success of Intrusion Attempts
Alert Verification Determining the Success of Intrusion Attempts Christopher Kruegel and William Robertson Reliable Software Group University of California, Santa Barbara {chris,wkr}@cs.ucsb.edu 1 Introduction
More informationITIL Introducing service operation
ITIL Introducing service operation This document is designed to answer many of the questions about IT service management and the ITIL framework, specifically the service operation lifecycle phase. It is
More informationOhio Supercomputer Center
Ohio Supercomputer Center Intrusion Prevention and Detection No: Effective: OSC-12 5/21/09 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More informationFuture Network Monitoring for IXPs
Future Network Monitoring for IXPs Saleem Bhatti Felipe Huici Department of, UCL http://nrg.cs.ucl.ac.uk/ 1 Outline of talk 1. Problem space and requirements
More informationInstallation and configuration guide
Installation and Configuration Guide Installation and configuration guide Adding X-Forwarded-For support to Forward and Reverse Proxy TMG Servers Published: May 2010 Applies to: Winfrasoft X-Forwarded-For
More information203.4770: Introduction to Machine Learning Dr. Rita Osadchy
203.4770: Introduction to Machine Learning Dr. Rita Osadchy 1 Outline 1. About the Course 2. What is Machine Learning? 3. Types of problems and Situations 4. ML Example 2 About the course Course Homepage:
More informationWHITE PAPER. Improving Operational Readiness for P25 Systems through Advanced Network Monitoring
WHITE PAPER Improving Operational Readiness for P25 Systems through Advanced Network Monitoring With the introduction of trunked radios systems over 20 years ago, public safety communications technology
More informationPanorama High Availability
Panorama High Availability Palo Alto Networks Panorama Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054
More informationThreat Information Sharing; Perspectives, Strategies, and Scenarios
Threat Information Sharing; Perspectives, Strategies, and Scenarios 15 June 2015 Tim Grance,, Sarah Brown, Fox-IT, Luc Dandurand, ITU Thomas Millar, US CERT, Pawel Pawlinski, CERT.PL 1 Information Sharing
More informationLoad Balancing BEA WebLogic Servers with F5 Networks BIG-IP v9
Load Balancing BEA WebLogic Servers with F5 Networks BIG-IP v9 Introducing BIG-IP load balancing for BEA WebLogic Server Configuring the BIG-IP for load balancing WebLogic Servers Introducing BIG-IP load
More informationRule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)
Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed) 01.1 Purpose
More informationStellar: A Fusion System for Scenario Construction and Security Risk Assessment
Stellar: A Fusion System for Scenario Construction and Security Risk Assessment Stephen Boyer, Oliver Dain, and Robert Cunningham MIT Lincoln Laboratory Information Systems Technology Group 244 Wood St.,
More informationCSIRT Introduction to Security Incident Handling
CSIRT Introduction to Security Incident Handling P. Jacques Houngbo AIS 2013Technical Workshops Lusaka, Zambia, June 2013 If you think technology can solve your security problems, then you don t understand
More informationCS 392/CS 681 - Computer Security. Module 17 Auditing
CS 392/CS 681 - Computer Security Module 17 Auditing Auditing Audit Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established
More informationDetection and mitigation of Web Services Attacks using Markov Model
Detection and mitigation of Web Services Attacks using Markov Model Vivek Relan RELAN1@UMBC.EDU Bhushan Sonawane BHUSHAN1@UMBC.EDU Department of Computer Science and Engineering, University of Maryland,
More informationInformation Technology Policy
Information Technology Policy Security Information and Event Management Policy ITP Number Effective Date ITP-SEC021 October 10, 2006 Category Supersedes Recommended Policy Contact Scheduled Review RA-ITCentral@pa.gov
More informationFalse Alarm Minimization Techniques in Signature-Based Intrusion Detection Systems: A Survey
False Alarm Minimization Techniques in Signature-Based Intrusion Detection Systems: A Survey Neminath Hubballi a,, Vinoth Suryanarayanan b a Discipline of Computer Science and Engineering, Indian Institute
More informationBig Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data
Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data Patrick Gardner VP Engineering Sourabh Satish Distinguished Engineer Symantec Vision 2014 - Big Data
More information1 Log visualization at CNES (Part II)
1 Log visualization at CNES (Part II) 1.1 Background For almost 2 years now, CNES has set up a team dedicated to "log analysis". Its role is multiple: This team is responsible for analyzing the logs after
More informationGuardian Digital. 4 Internet Defense and Detection System 5
Guardian Digital Internet Defense and Detection System IDDS Guide Copyright c 2000-2003 Guardian Digital, Inc. Contents 1 INTRODUCTION 1 2 CONTACTING GUARDIAN DIGITAL 2 3 TECHNICAL SUPPORT 3 4 Internet
More informationCSE331: Introduction to Networks and Security. Lecture 17 Fall 2006
CSE331: Introduction to Networks and Security Lecture 17 Fall 2006 Announcements Project 2 is due next Weds. Homework 2 has been assigned: It's due on Monday, November 6th. CSE331 Fall 2004 2 Summary:
More informationOn the features and challenges of security and privacy in distributed internet of things. C. Anurag Varma achdc@mst.edu CpE 6510 3/24/2016
On the features and challenges of security and privacy in distributed internet of things C. Anurag Varma achdc@mst.edu CpE 6510 3/24/2016 Outline Introduction IoT (Internet of Things) A distributed IoT
More informationDevice Integration: Checkpoint Firewall-1
Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat
More informationUNDERSTANDING DATA DEDUPLICATION. Tom Sas Hewlett-Packard
UNDERSTANDING DATA DEDUPLICATION Tom Sas Hewlett-Packard SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material
More informationIntrusion Detection Systems with Correlation Capabilities
Intrusion Detection Systems with Correlation Capabilities Daniel Johansson danjo133@student.liu.se Pär Andersson paran213@student.liu.se Abstract Alert correlation in network intrusion detection systems
More informationLogLogic Cisco IPS Log Configuration Guide
LogLogic Cisco IPS Log Configuration Guide Document Release: March 2011 Part Number: LL600072-00ELS090000 This manual supports LogLogic Cisco IPS Release 1.0 and later, and LogLogic Software Release 4.9.1
More informationGoals. Understanding security testing
Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3
More informationSplunk for VMware Virtualization. Marco Bizzantino marco.bizzantino@kiratech.it Vmug - 05/10/2011
Splunk for VMware Virtualization Marco Bizzantino marco.bizzantino@kiratech.it Vmug - 05/10/2011 Collect, index, organize, correlate to gain visibility to all IT data Using Splunk you can identify problems,
More informationProduct Description. Model VM 500 series [ VM508/VM508E ] Water Alarm. Telephone/Pager Alert Calls. Power Alarm. Maximum Number of Sensors
Product Description You need to protect the equipment in your data center, computer room, or equipment room from the damaging effects of high temperature and high humidity. The best way to protect sensitive
More informationA Generic Architecture for Fusion-Based Intrusion Detection Systems. Remco C. de Boer
A Generic Architecture for Fusion-Based Intrusion Detection Systems Remco C. de Boer ii Erasmus University Rotterdam Rotterdam School of Economics Master Thesis Business Informatics (Bestuurlijke Informatica)
More information