Nino Pellegrino October the 20th, 2015
|
|
- Damon Cooper
- 8 years ago
- Views:
Transcription
1 Learning Behavioral Fingerprints from NetFlows... using Timed Automata Nino Pellegrino October the 20th, 2015 Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
2 Use case Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
3 Use case What does behavioral ngerprint exactly mean? How is it possible to detect a malicious host using behavioral ngerprints? Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
4 NetFlows Characterized by several properties derived from the aggregation of packet-based features. FEATURE TYPE VALUES source-ip string protocol string TCP, UDP direction string ->, <-, <->, <?> start-time timestamp :51: duration oat 0.103, total-packets integer 9, 1 total-bytes integer 1030, 66, 43 Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
5 NetFlows PRO: frequently logged by network operators and much easy to obtain. PRO: (more) privacy preserving. In contrast to network packets, NetFlows do not contain content and format elds. PRO: scale smoothly with big data amounts CON: automata learned from NetFlows dene behavior on a high abstraction level. Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
6 Timed Events Timed Events are couples (timestamp, symbol): NetFlow TIMED EVENT , udp, ->, 15:51:09, , 1, 68 (1,a) , udp, <->, 15:52:01, , 5, 590 (52,b) , tcp, <->, 15:53:46, , 3, 479 (150,c) Timed Events represent a symbolic abstraction of actual NetFlows data Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
7 Obtaining Events The symbolic part of a Timed Event is set in a way such that two NetFlows exhibiting the same features get the symbol. Cathegorical features, as direction or protocol, have been mapped to progressive positive numbers basing on their values. EXAMPLE: if protocol=udp then 0 if protocol=tcp then 1 etc. Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
8 Obtaining Events Numerical features, as duration or total packets, have been mapped according to the 20th, 40th, 60th, and 80th percentiles. EXAMPLE (total-packets feature): Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
9 Obtaining TIMED sequences of events The temporal part of a Timed Event t i is set to the dierence in the start-time from the previously seen Timed Event t i 1 prot dir time duration packet byte event udp -> (0,a) udp <-> (5,b) tcp <-> (12,c) udp -> (5,c) tcp <-> (2,d) Sequences of Timed Events are generated by sliding a temporal window of xed duration, i.e. 20 milliseconds. s 1 = (0,a)(5,b)(12,c) s 2 = (5,b)(12,c)(5,b)(2,d) Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
10 Learning a stateful model Positive data: aa, b, bba; Negative data: a, aaa, aabb Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
11 Learning a stateful model Select two nodes Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
12 Learning a stateful model Move input transitions Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
13 Learning a stateful model Move output transitions Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
14 Learning a stateful model Move output transitions Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
15 Learning a stateful model Delete the obsolete state Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
16 Learning a stateful model Determinization Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
17 Learning a stateful model Determinization Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
18 Learning a stateful model Determinization Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
19 Learning a stateful model Determinization Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
20 Learning a stateful model Determinization Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
21 Learning a stateful model Determinization Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
22 Learning a stateful model Select two nodes, iterate Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
23 Learning a stateful model Select two nodes, iterate Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
24 Recognizing a host as infected Two dierent strategies for nding infection on candidate hosts. Both strategies rely on infection symptoms. Infection symptoms are all couples (state, timed-event) collected using a model on testing data. Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
25 Error Based Strategy Evaluates whether a candidate host C shows the same symptoms occurrences as a known malicious host M. Let Countsi M and Countsi C be counts of symptom i in M and C, respectively, host C is classied as infected if Counts M i Counts C i < τ i i.e. if the absolute error between the expected and observed symptom counts if below a pre-computed threshold. Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
26 Fingerprint Based Strategy Uses a conguration dataset to look for distinguishing symptoms. distinguishing symptoms characterize malicious hosts, but never occur in any host in the conguration datatset. Let Countsi F denote occurrences of a symptom i in such dataset, host C is considered malicious if: Counts F i = 0 Counts M i > 0 Counts C i > 0 Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
27 Per-scenario Performances Scenario Conf Size Train Size Eval Size Infected error based ngerprint based TP TN FP FN TP TN FP FN Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
28 Error Based Strategy True Negative (S1) False Positive (S2) True Positive (S1, S2) True Positive (S1, S2) True Negative (S1, S2) True Negative (S1, S2) Observed Occurence Expected Occurence Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
29 Detection performance on unseen malware Scenario TP FP Accuracy F-measure Accuracy = F-Measure = TP + TN TP + FP + TN + FN 2TP 2TP + FP + FN Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
30 Obtaining Events Using mapping values we assign for each NetFlow in a single positive number using the following encoding algorithm: Input: a NetFlow n = a 0, a 1,, a k with k features Input: an attribute mapping M i, i = 0, 1,, k Output: integer code for n code 0; spacesize k i=0 Dom(M i(a i )) ; for i 0 to k do code code + M i (a i ) spacesize Dom(M i ) ; spacesize spacesize Dom(M i ) ; return code; Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
31 Example If we have two features mapping domain size protocol TCP=0, UDP=1, <unknown>=2 3 total-packets 20th: 7, 40th: 22, 60th: 30, 80th: 32 5 Then Encode( TCP, 12 ) = = 1 Encode( UDP, 45 ) = = 9 Encode( ICMP, 25 ) = = 12 Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
32 Host behavior descriptions: PDRTAs root state 1 [ ] [ ] Q-TCP [171,195] TCP Q-UDP [0,203] state 2 [ ] [ ] Q-TCP TCP [0,1] Q-UDP [204,2759] Q-UDP [2760,max] UDP Q-TCP Q-UDP Q-TCP [161,170] state 5 [ ] [ ] TCP [2,max] Q-TCP [31,153] Q-TCP [196,max] Q-UDP Q-UDP TCP Q-TCP [0,30] Q-TCP [154,160] state 3 [ ] [ ] Q-UDP UDP state 6 [ ] [ ] TCP TCP state 9 [ ] [ ] TCP Q-TCP Q-UDP Q-TCP TCP state 4 [ ] [ ] Q-TCP TCP TCP state 8 [ ] [ ] Q-TCP state 7 [ ] [ ] Nino Pellegrino Learning Behavioral Fingerprints October the 20th, / 32
Application of Data Mining based Malicious Code Detection Techniques for Detecting new Spyware
Application of Data Mining based Malicious Code Detection Techniques for Detecting new Spyware Cumhur Doruk Bozagac Bilkent University, Computer Science and Engineering Department, 06532 Ankara, Turkey
More informationOscillations of the Sending Window in Compound TCP
Oscillations of the Sending Window in Compound TCP Alberto Blanc 1, Denis Collange 1, and Konstantin Avrachenkov 2 1 Orange Labs, 905 rue Albert Einstein, 06921 Sophia Antipolis, France 2 I.N.R.I.A. 2004
More informationObfuscation of sensitive data in network flows 1
Obfuscation of sensitive data in network flows 1 D. Riboni 2, A. Villani 1, D. Vitali 1 C. Bettini 2, L.V. Mancini 1 1 Dipartimento di Informatica,Universitá di Roma, Sapienza. E-mail: {villani, vitali,
More informationAnalysis of Network Beaconing Activity for Incident Response
Analysis of Network Beaconing Activity for Incident Response FloCon2008 Peter Balland, P. O. Box 808, Livermore, CA 94551 This work performed under the auspices of the U.S. Department of Energy by under
More informationCYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION
CYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION MATIJA STEVANOVIC PhD Student JENS MYRUP PEDERSEN Associate Professor Department of Electronic Systems Aalborg University,
More informationWeb Data Extraction: 1 o Semestre 2007/2008
Web Data : Given Slides baseados nos slides oficiais do livro Web Data Mining c Bing Liu, Springer, December, 2006. Departamento de Engenharia Informática Instituto Superior Técnico 1 o Semestre 2007/2008
More informationITEC310 Computer Networks II
ITEC310 Computer Networks II Chapter 28 Network Management: Department of Information Technology Eastern Mediterranean University Objectives 2/60 After completing this chapter you should be able to do
More informationCSC574 - Computer and Network Security Module: Intrusion Detection
CSC574 - Computer and Network Security Module: Intrusion Detection Prof. William Enck Spring 2013 1 Intrusion An authorized action... that exploits a vulnerability... that causes a compromise... and thus
More informationSecurity Toolsets for ISP Defense
Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.
More informationPrediction of DDoS Attack Scheme
Chapter 5 Prediction of DDoS Attack Scheme Distributed denial of service attack can be launched by malicious nodes participating in the attack, exploit the lack of entry point in a wireless network, and
More informationBroadband Networks. Prof. Dr. Abhay Karandikar. Electrical Engineering Department. Indian Institute of Technology, Bombay. Lecture - 29.
Broadband Networks Prof. Dr. Abhay Karandikar Electrical Engineering Department Indian Institute of Technology, Bombay Lecture - 29 Voice over IP So, today we will discuss about voice over IP and internet
More informationDaryl Ashley Senior Network Security Analyst University of Texas at Austin - Information Security Office ashley@infosec.utexas.edu January 12, 2011
AN ALGORITHM FOR HTTP BOT DETECTION Daryl Ashley Senior Network Security Analyst University of Texas at Austin - Information Security Office ashley@infosec.utexas.edu January 12, 2011 Introduction In the
More informationVIRTUAL LABORATORY: MULTI-STYLE CODE EDITOR
VIRTUAL LABORATORY: MULTI-STYLE CODE EDITOR Andrey V.Lyamin, State University of IT, Mechanics and Optics St. Petersburg, Russia Oleg E.Vashenkov, State University of IT, Mechanics and Optics, St.Petersburg,
More informationPerformance Metrics. number of mistakes total number of observations. err = p.1/1
p.1/1 Performance Metrics The simplest performance metric is the model error defined as the number of mistakes the model makes on a data set divided by the number of observations in the data set, err =
More informationError Log Processing for Accurate Failure Prediction. Humboldt-Universität zu Berlin
Error Log Processing for Accurate Failure Prediction Felix Salfner ICSI Berkeley Steffen Tschirpke Humboldt-Universität zu Berlin Introduction Context of work: Error-based online failure prediction: error
More informationAn apparatus for P2P classification in Netflow traces
An apparatus for P2P classification in Netflow traces Andrew M Gossett, Ioannis Papapanagiotou and Michael Devetsikiotis Electrical and Computer Engineering, North Carolina State University, Raleigh, USA
More informationNetwork-based Modeling of Assets and Malicious Actors
Network-based Modeling of Assets and Malicious Actors Christopher Kruegel Computer Security Group MURI Meeting Santa Barbara, August 23-24, 2010 Motivation Thrust I: Obtaining an up-to-date view of the
More informationSolarWinds. Understanding SolarWinds Charts and Graphs Technical Reference
SolarWinds Understanding SolarWinds Charts and Graphs Technical Reference Copyright 1995-2015 SolarWinds Worldwide, LLC. All rights reserved worldwide. No part of this document may be reproduced by any
More informationFlow-based detection of RDP brute-force attacks
Flow-based detection of RDP brute-force attacks Martin Vizváry vizvary@ics.muni.cz Institute of Computer Science Masaryk University Brno, Czech Republic Jan Vykopal vykopal@ics.muni.cz Institute of Computer
More informationSources: Chapter 6 from. Computer Networking: A Top-Down Approach Featuring the Internet, by Kurose and Ross
Multimedia Communication Multimedia Systems(Module 5 Lesson 2) Summary: H Internet Phone Example Making the Best use of Internet s Best-Effort Service. Sources: H Chapter 6 from Computer Networking: A
More informationDetection of Distributed Denial of Service Attack with Hadoop on Live Network
Detection of Distributed Denial of Service Attack with Hadoop on Live Network Suchita Korad 1, Shubhada Kadam 2, Prajakta Deore 3, Madhuri Jadhav 4, Prof.Rahul Patil 5 Students, Dept. of Computer, PCCOE,
More informationEvaluation & Validation: Credibility: Evaluating what has been learned
Evaluation & Validation: Credibility: Evaluating what has been learned How predictive is a learned model? How can we evaluate a model Test the model Statistical tests Considerations in evaluating a Model
More informationOverview. Evaluation Connectionist and Statistical Language Processing. Test and Validation Set. Training and Test Set
Overview Evaluation Connectionist and Statistical Language Processing Frank Keller keller@coli.uni-sb.de Computerlinguistik Universität des Saarlandes training set, validation set, test set holdout, stratification
More informationWhy? A central concept in Computer Science. Algorithms are ubiquitous.
Analysis of Algorithms: A Brief Introduction Why? A central concept in Computer Science. Algorithms are ubiquitous. Using the Internet (sending email, transferring files, use of search engines, online
More informationConfiguring Channel Access. Jeff Hill
Configuring Channel Access Jeff Hill IP Network Administration Background IP addresses have to parts Host part Network part Subnet mask determines the boundary Part of the design of IP network Specified
More informationJ-Flow on J Series Services Routers and Branch SRX Series Services Gateways
APPLICATION NOTE Juniper Flow Monitoring J-Flow on J Series Services Routers and Branch SRX Series Services Gateways Copyright 2011, Juniper Networks, Inc. 1 APPLICATION NOTE - Juniper Flow Monitoring
More informationSimple Network Management Protocol
CS 556 - Networks II Internet Teaching Lab (MCS B-24) Simple Network Mgmt Protocol (SNMP) Simple Network Management Protocol What you will learn in this lab: Details of the SNMP protocol. Contents of a
More informationNetFlow Aggregation. Feature Overview. Aggregation Cache Schemes
NetFlow Aggregation This document describes the Cisco IOS NetFlow Aggregation feature, which allows Cisco NetFlow users to summarize NetFlow export data on an IOS router before the data is exported to
More informationQuestion 1. [7 points] Consider the following scenario and assume host H s routing table is the one given below:
Computer Networks II Master degree in Computer Engineering Exam session: 11/02/2009 Teacher: Emiliano Trevisani Last name First name Student Identification number You are only allowed to use a pen and
More informationConfiguring Flexible NetFlow
CHAPTER 62 Note Flexible NetFlow is only supported on Supervisor Engine 7-E, Supervisor Engine 7L-E, and Catalyst 4500X. Flow is defined as a unique set of key fields attributes, which might include fields
More informationLecture 2-ter. 2. A communication example Managing a HTTP v1.0 connection. G.Bianchi, G.Neglia, V.Mancuso
Lecture 2-ter. 2 A communication example Managing a HTTP v1.0 connection Managing a HTTP request User digits URL and press return (or clicks ). What happens (HTTP 1.0): 1. Browser opens a TCP transport
More informationComputer Networks - CS132/EECS148 - Spring 2013 ------------------------------------------------------------------------------
Computer Networks - CS132/EECS148 - Spring 2013 Instructor: Karim El Defrawy Assignment 2 Deadline : April 25 th 9:30pm (hard and soft copies required) ------------------------------------------------------------------------------
More informationMalware Detection in Android by Network Traffic Analysis
Malware Detection in Android by Network Traffic Analysis Mehedee Zaman, Tazrian Siddiqui, Mohammad Rakib Amin and Md. Shohrab Hossain Department of Computer Science and Engineering, Bangladesh University
More information1. Classification problems
Neural and Evolutionary Computing. Lab 1: Classification problems Machine Learning test data repository Weka data mining platform Introduction Scilab 1. Classification problems The main aim of a classification
More informationPerformance Measures in Data Mining
Performance Measures in Data Mining Common Performance Measures used in Data Mining and Machine Learning Approaches L. Richter J.M. Cejuela Department of Computer Science Technische Universität München
More informationSymbol Tables. Introduction
Symbol Tables Introduction A compiler needs to collect and use information about the names appearing in the source program. This information is entered into a data structure called a symbol table. The
More informationFirewall Design: Consistency, Completeness, Compactness
Firewall Design: Consistency, Completeness, Compactness Alex X. Liu alex@cs.utexas.edu Department of Computer Sciences The University of Texas at Austin Austin, Texas 78712-1188, U.S.A. March, 2004 Co-author:
More informationChapter 23. Database Security. Security Issues. Database Security
Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database
More informationTransport and Network Layer
Transport and Network Layer 1 Introduction Responsible for moving messages from end-to-end in a network Closely tied together TCP/IP: most commonly used protocol o Used in Internet o Compatible with a
More informationWatch your Flows with NfSen and NFDUMP 50th RIPE Meeting May 3, 2005 Stockholm Peter Haag
Watch your Flows with NfSen and NFDUMP 50th RIPE Meeting May 3, 2005 Stockholm Peter Haag 2005 SWITCH What I am going to present: The Motivation. What are NfSen and nfdump? The Tools in Action. Outlook
More informationTrendWorX32 SQL Query Engine V9.2 Beta III
TrendWorX32 SQL Query Engine V9.2 Beta III Documentation (Preliminary November 2009) OPC Automation at your fingertips 1. Introduction TrendWorX32 Logger logs data to a database. You can use the TrendWorX32
More informationNfsight: NetFlow-based Network Awareness Tool
Nfsight: NetFlow-based Network Awareness Tool Robin Berthier Coordinated Science Laboratory Information Trust Institute University of Illinois Urbana-Champaign, IL, USA rgb@illinois.edu Michel Cukier The
More informationData Fusion Enhancing NetFlow Graph Analytics
Data Fusion Enhancing NetFlow Graph Analytics EMILIE PURVINE, BRYAN OLSEN, CLIFF JOSLYN Pacific Northwest National Laboratory FloCon 2016 Outline Introduction NetFlow Windows Event Log data Remote Desktop
More informationNetwork TrafficBehaviorAnalysisby Decomposition into Control and Data Planes
Network TrafficBehaviorAnalysisby Decomposition into Control and Data Planes Basil AsSadhan, Hyong Kim, José M. F. Moura, Xiaohui Wang Carnegie Mellon University Electrical and Computer Engineering Department
More informationSNMP....Simple Network Management Protocol...
SNMP...Simple Network Management Protocol... Outline of the SNMP Framework SNMP Transport Architecture UDP unreliable transport layer Manager process SNMP UDP IP Physical protocol Agent process SNMP UDP
More informationWhen a variable is assigned as a Process Initialization variable its value is provided at the beginning of the process.
In this lab you will learn how to create and use variables. Variables are containers for data. Data can be passed into a job when it is first created (Initialization data), retrieved from an external source
More informationRTP / RTCP. Announcements. Today s Lecture. RTP Info RTP (RFC 3550) I. Final Exam study guide online. Signup for project demos
Announcements I. Final Exam study guide online RTP / RTCP Internet Protocols CSC / ECE 573 Fall, 2005 N. C. State University II. III. Signup for project demos Teaching evaluations at end today copyright
More informationEnergy Management System CANBUS Interface Specification
Energy Management System CANBUS Interface Specification Overview The EMS Broadcaster program will export a set of data via a Canbus hardware link. The data set is open and described here to facilitate
More informationSummarization - Compressing Data into an Informative Representation
Under consideration for publication in Knowledge and Information Systems Summarization - Compressing Data into an Informative Representation Varun Chandola and Vipin Kumar Department of Computer Science,
More informationInternet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering
Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls
More informationIntroduction to Passive Network Traffic Monitoring
Introduction to Passive Network Traffic Monitoring CS459 ~ Internet Measurements Spring 2015 Despoina Antonakaki antonakd@csd.uoc.gr Active Monitoring Inject test packets into the network or send packets
More informationNetwork Monitoring for Cyber Security
Network Monitoring for Cyber Security Paul Krystosek, PhD CERT Network Situational Awareness 2006 Carnegie Mellon University What s Coming Up The scope of network monitoring Cast of characters Descriptions
More informationConfiguring Static and Dynamic NAT Simultaneously
Configuring Static and Dynamic NAT Simultaneously Document ID: 13778 Contents Introduction Prerequisites Requirements Components Used Conventions Configuring NAT Related Information Introduction In some
More informationi-scream The future is bright; the future is blue.
i-scream The future is bright; the future is blue. Host to Filter protocol (XML) Expected and Recommended data from Hosts This document is intended to provide third parties with the knowledge required
More informationHands On Activities: TCP/IP Network Monitoring and Management
Hands On Activities: TCP/IP Network Monitoring and Management 1. TCP/IP Network Management Tasks TCP/IP network management tasks include Examine your physical and IP network address Traffic monitoring
More informationNetflow Collection with AlienVault Alienvault 2013
Netflow Collection with AlienVault Alienvault 2013 CONFIGURE Configuring NetFlow Capture of TCP/IP Traffic from an AlienVault Sensor or Remote Hardware Level: Beginner to Intermediate Netflow Collection
More informationNetwork layer: Overview. Network layer functions IP Routing and forwarding
Network layer: Overview Network layer functions IP Routing and forwarding 1 Network layer functions Transport packet from sending to receiving hosts Network layer protocols in every host, router application
More informationATTACK PROFILING FOR DDOS BENCHMARKS. Erinc Arikan
ATTACK PROFILING FOR DDOS BENCHMARKS by Erinc Arikan A thesis submitted to the Computer and Information Sciences Faculty of the University of Delaware in partial fulfillment of the requirements for the
More informationNetwork Data Encryption Commands
Network Data Encryption Commands This chapter describes the function and displays the syntax for network data encryption commands. For more information about defaults and usage guidelines, see the corresponding
More informationNetFlow/IPFIX Various Thoughts
NetFlow/IPFIX Various Thoughts Paul Aitken & Benoit Claise 3 rd NMRG Workshop on NetFlow/IPFIX Usage in Network Management, July 2010 1 B #1 Application Visibility Business Case NetFlow (L3/L4) DPI Application
More informationDecoding DNS data. Using DNS traffic analysis to identify cyber security threats, server misconfigurations and software bugs
Decoding DNS data Using DNS traffic analysis to identify cyber security threats, server misconfigurations and software bugs The Domain Name System (DNS) is a core component of the Internet infrastructure,
More informationFIREWALL AND NAT Lecture 7a
FIREWALL AND NAT Lecture 7a COMPSCI 726 Network Defence and Countermeasures Muhammad Rizwan Asghar August 3, 2015 Source of most of slides: University of Twente FIREWALL An integrated collection of security
More informationA Simulation Based SIEM Framework to Attribute and Predict Attacks
Università di Pisa and Scuola Superiore Sant'Anna Master Degree in Computer Science and Networking A Simulation Based SIEM Framework to Attribute and Predict Attacks Candidate Jacopo Lipilini Supervisor
More informationWorkload Generation for ns. Simulations of Wide Area Networks
1 Workload Generation for ns Simulations of Wide Area Networks and the Internet 1 M. Yuksel y, B. Sikdar z K. S. Vastola z and B. Szymanski y y Department of Computer Science z Department of Electrical
More informationHierarchical Classication Approach in Community-Based Question Answering Services
Hierarchical Classication Approach in Community-Based Question Answering Services Artur Baniukevic banart@cs.aau.dk, Dovydas Sabonis sabonis@cs.aau.dk Computer Science Department Aalborg University May
More informationCase Study: Instrumenting a Network for NetFlow Security Visualization Tools
Case Study: Instrumenting a Network for NetFlow Security Visualization Tools William Yurcik* Yifan Li SIFT Research Group National Center for Supercomputing Applications (NCSA) University of Illinois at
More informationSystem and Network Management
- System and Network Management Network Management : ability to monitor, control and plan the resources and components of computer system and networks network management is a problem created by computer!
More informationDetecting Network Anomalies. Anant Shah
Detecting Network Anomalies using Traffic Modeling Anant Shah Anomaly Detection Anomalies are deviations from established behavior In most cases anomalies are indications of problems The science of extracting
More informationFlow Visualization Using MS-Excel
Flow Visualization Using MS-Excel Visualization for the Common Man Presented by Lee Rock and Jay Brown US-CERT Analysts Einstein Program Background US-CERT Mission Einstein Program > Large volumes of traffic
More informationUnderstanding Slow Start
Chapter 1 Load Balancing 57 Understanding Slow Start When you configure a NetScaler to use a metric-based LB method such as Least Connections, Least Response Time, Least Bandwidth, Least Packets, or Custom
More informationSTANDARDISATION AND CLASSIFICATION OF ALERTS GENERATED BY INTRUSION DETECTION SYSTEMS
STANDARDISATION AND CLASSIFICATION OF ALERTS GENERATED BY INTRUSION DETECTION SYSTEMS Athira A B 1 and Vinod Pathari 2 1 Department of Computer Engineering,National Institute Of Technology Calicut, India
More informationA Secure Online Reputation Defense System from Unfair Ratings using Anomaly Detections
A Secure Online Reputation Defense System from Unfair Ratings using Anomaly Detections Asha baby PG Scholar,Department of CSE A. Kumaresan Professor, Department of CSE K. Vijayakumar Professor, Department
More informationNetwork Security Incident Analysis System for Detecting Large-scale Internet Attacks
Network Security Incident Analysis System for Detecting Large-scale Internet Attacks Dr. Kenji Rikitake Security Advancement Group NICT, Japan September 6, 2005 Our goals Collaborative monitoring, centralized
More informationFault Localization in Service-Based Systems hosted in Mobile Ad Hoc Networks
Imperial College London Department of Computing Fault Localization in Service-Based Systems hosted in Mobile Ad Hoc Networks Petr Novotny July 2013 Supervised by Alexander L. Wolf Submitted in part fullment
More informationA Software Tool for Multi-Field Multi-Level NetFlows Anonymization. University of Texas at Dallas
A Software Tool for Multi-Field Multi-Level NetFlows Anonymization William Yurcik Clay Woolam, Latifur Khan, Bhavani Thuraisingham University of Texas at Dallas
More informationNetwork Traffic Evolution. Prof. Anja Feldmann, Ph.D. Dr. Steve Uhlig
Network Traffic Evolution Prof. Anja Feldmann, Ph.D. Dr. Steve Uhlig 1 Example trace Name port % bytes % packets bytes per packet world-wide-web 80???????????? netnews 119???????????? pop-3 mail 110????????????...
More informationA Semantic Approach for Semi-Automatic Detection ofsensitive Data
A Semantic Approach for Semi-Automatic Detection ofsensitive Data J. Akoka, I. Comyn-Wattiau, H. Fadili, N. Lammari, E. Métais, C. du Mouza and Samira Si-Saïd Cherfi - Lab. CEDRIC, CNAM Paris, France 1/16
More informationThe Model Checker SPIN
The Model Checker SPIN Author: Gerard J. Holzmann Presented By: Maulik Patel Outline Introduction Structure Foundation Algorithms Memory management Example/Demo SPIN-Introduction Introduction SPIN (Simple(
More informationUsing IPM to Measure Network Performance
CHAPTER 3 Using IPM to Measure Network Performance This chapter provides details on using IPM to measure latency, jitter, availability, packet loss, and errors. It includes the following sections: Measuring
More informationNetwork Monitoring and Management NetFlow Overview
Network Monitoring and Management NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)
More informationMerkle Hash Trees for Distributed Audit Logs
Merkle Hash Trees for Distributed Audit Logs Subject proposed by Karthikeyan Bhargavan Karthikeyan.Bhargavan@inria.fr April 7, 2015 Modern distributed systems spread their databases across a large number
More informationAgent Based Campus Internal Network Intrusion Detection Model
International Journal of Electronics and Computer Science Engineering 50 Available Online at www.ijecse.org ISSN- 2277-1956 Agent Based Campus Internal Network Intrusion Detection Model Adedokun, E.A 1,
More information1/1 7/4 2/2 12/7 10/30 12/25
Binary Heaps A binary heap is dened to be a binary tree with a key in each node such that: 1. All leaves are on, at most, two adjacent levels. 2. All leaves on the lowest level occur to the left, and all
More informationSupply chain management by means of FLM-rules
Supply chain management by means of FLM-rules Nicolas Le Normand, Julien Boissière, Nicolas Méger, Lionel Valet LISTIC Laboratory - Polytech Savoie Université de Savoie B.P. 80439 F-74944 Annecy-Le-Vieux,
More informationHP IMC User Behavior Auditor
HP IMC User Behavior Auditor Administrator Guide Abstract This guide describes the User Behavior Auditor (UBA), an add-on service module of the HP Intelligent Management Center. UBA is designed for IMC
More informationApplication Level Congestion Control Enhancements in High BDP Networks. Anupama Sundaresan
Application Level Congestion Control Enhancements in High BDP Networks Anupama Sundaresan Organization Introduction Motivation Implementation Experiments and Results Conclusions 2 Developing a Grid service
More informationDetecting Flooding Attacks Using Power Divergence
Detecting Flooding Attacks Using Power Divergence Jean Tajer IT Security for the Next Generation European Cup, Prague 17-19 February, 2012 PAGE 1 Agenda 1- Introduction 2- K-ary Sktech 3- Detection Threshold
More informationZigBee IP Network Performance, Part I Unicast Messaging under SEP2.0 HAN Messaging Profile
Document Part Number 53-301017 Rev 0.1 April 2013 ii Exegin Technologies Limited Printed in Canada The information in this document is subject to change without notice. No part of this document may be
More informationIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and Solutions Liwei Ren, Ph.D Trend Micro Background Liwei Ren Research interests Data security & privacy, network security Data compression, math modeling & algorithms
More informationTiming,... in Firewall Testing
,... in Firewall Testing Information Security ETH Zurich Semester Thesis, Winter Term 2006/07 Prof. Dr. D. Basin, Tutor: Diana von Bidder April 1, 2007 Overview 1 2 3 4 5 Firewall Testing Tool Definition
More informationIntrusion Detection and Prevention System (IDPS) Technology- Network Behavior Analysis System (NBAS)
ISCA Journal of Engineering Sciences ISCA J. Engineering Sci. Intrusion Detection and Prevention System (IDPS) Technology- Network Behavior Analysis System (NBAS) Abstract Tiwari Nitin, Solanki Rajdeep
More informationAnalog Monitoring Tool AMT 0.3b User Manual
Analog Monitoring Tool AMT 0.3b User Manual 1 Introduction AMT (Analog Monitoring Tool) is a tool for checking the correctness of analog and mixed-signal simulation traces with respect to a formal specification
More informationNetwork Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC) james@cert.org.tw
Network Monitoring On Large Networks Yao Chuan Han (TWCERT/CC) james@cert.org.tw 1 Introduction Related Studies Overview SNMP-based Monitoring Tools Packet-Sniffing Monitoring Tools Flow-based Monitoring
More informationRole of Anomaly IDS in Network
Role of Anomaly IDS in Network SumathyMurugan 1, Dr.M.Sundara Rajan 2 1 Asst. Prof, Department of Computer Science, Thiruthangal Nadar College, Chennai -51. 2 Asst. Prof, Department of Computer Science,
More informationHow To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN
How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN Applicable Version: 10.6.2 onwards Overview Virtual host implementation is based on the Destination NAT concept. Virtual
More informationNetwork Management & Monitoring
Network Management & Monitoring NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)
More informationA Model For Revelation Of Data Leakage In Data Distribution
A Model For Revelation Of Data Leakage In Data Distribution Saranya.R Assistant Professor, Department Of Computer Science and Engineering Lord Jegannath college of Engineering and Technology Nagercoil,
More informationIntrusion Detection & SNORT. Fakrul Alam fakrul@bdhbu.com
Intrusion Detection & SNORT Fakrul Alam fakrul@bdhbu.com Sometimes, Defenses Fail Our defenses aren t perfect Patches weren t applied promptly enough Antivirus signatures not up to date 0- days get through
More informationConfiguring NetFlow. Information About NetFlow. Send document comments to nexus1k-docfeedback@cisco.com. CHAPTER
CHAPTER 11 Use this chapter to configure NetFlow to characterize IP traffic based on its source, destination, timing, and application information, to assess network availability and performance. This chapter
More informationConsistent Binary Classification with Generalized Performance Metrics
Consistent Binary Classification with Generalized Performance Metrics Nagarajan Natarajan Joint work with Oluwasanmi Koyejo, Pradeep Ravikumar and Inderjit Dhillon UT Austin Nov 4, 2014 Problem and Motivation
More information