PREDICT: A Data Repository for Cyber Security Research

Similar documents
DHS S&T Cyber Security Division (CSD) PREDICT Overview

Working with the FBI

EINSTEIN 3 - Accelerated (E 3 A)

Secure Gateway (EMSG)

How Cisco IT Protects Against Distributed Denial of Service Attacks

Network Metrics Content Pack for VMware vrealize Log Insight

Network Security Deployment (NSD)

I. Introduction to Privacy: Common Principles and Approaches

The FBI and the Internet

Comprehensive Understanding of Malicious Overlay Networks

SECURING AN INTEGRATED SCADA SYSTEM. Technical Paper April 2007

PART D NETWORK SERVICES

Federated Threat Data Sharing with the Collective Intelligence Framework (CIF)

Configuration Example

Environment. Attacks against physical integrity that can modify or destroy the information, Unauthorized use of information.

Log Management Standard 1.0 INTRODUCTION 2.0 SYSTEM AND APPLICATION MONITORING STANDARD. 2.1 Required Logging

Joint Information Environment Single Security Architecture (JIE SSA)

Network Security. by David G. Messerschmitt. Secure and Insecure Authentication. Security Flaws in Public Servers. Firewalls and Packet Filtering

Practical Steps To Securing Process Control Networks

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

Security Toolsets for ISP Defense

Detect Malware and APTs with DNS Firewall Virtual Evaluation

Network Monitoring for Cyber Security

Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011

VMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic

Written Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security.

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

LASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains

Log Analysis: Overall Issues p. 1 Introduction p. 2 IT Budgets and Results: Leveraging OSS Solutions at Little Cost p. 2 Reporting Security

Chapter 11 Cloud Application Development

Society, Law Enforcement and the Internet

SCADA/Business Network Separation: Securing an Integrated SCADA System

Firewall Environments. Name

High Speed Data Transfer from the APS. Kenneth Sidorowicz September 27, 2006

DDoS Overview and Incident Response Guide. July 2014

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

KASPERSKY DDOS PROTECTION. Discover how Kaspersky Lab defends businesses against DDoS attacks

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Web Foundations Series Internet Business Associate

Log Management for the University of California: Issues and Recommendations

Network Security Administrator

CSCI Computer Network Attacks and Defenses

CASE MATTER MANAGEMENT TRACKING SYSTEM

Vladimir Yordanov Director of Technology F5 Networks, Asia Pacific Developments in Web Application and Cloud Security

Server Protection Policy 1 1. Rationale 1.1. Compliance with this policy will help protect the privacy and integrity of data created by and relating

CYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION

Developing Network Security Strategies

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

DYNAMIC DNS: DATA EXFILTRATION

TABLE OF CONTENTS. Section 5 IPv Introduction Definitions DoD IPv6 Profile Product Requirements...

Analysis of Network Beaconing Activity for Incident Response

LACNIC 25 CSIRTs Meeting Havana, Cuba May 4 th, 2016

Zscaler Internet Security Frequently Asked Questions

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

I N T E L L I G E N C E A S S E S S M E N T

locuz.com Professional Services Security Audit Services

Request for Records Disposition Authority

eprism Security Appliance 6.0 Release Notes What's New in 6.0

How To Configure Forefront Threat Management Gateway (Forefront) For An Server

Homeland Open Security Technology HOST Program

Availability Digest. Prolexic a DDoS Mitigation Service Provider April 2013

Network Intrusion Analysis (Hands-on)

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Fireware Essentials Exam Study Guide

A General-purpose Laboratory for Large-scale Botnet Experiments

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Cyber Watch. Written by Peter Buxbaum

Release Notes for NeoGate TE X

Enabling NetFlow and NetFlow Data Export (NDE) on Cisco Catalyst Switches

Development of an IPv6 Honeypot

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

Network/Internet Forensic and Intrusion Log Analysis

Firewalls & Intrusion Detection

IPv6 Security. Scott Hogg, CCIE No Eric Vyncke. Cisco Press. Cisco Press 800 East 96th Street Indianapolis, IN USA

Characterization and Analysis of NTP Amplification Based DDoS Attacks

FortiDDos Size isn t everything

Lessons from the DHS Cyber Test Bed Project

Firewalls Overview and Best Practices. White Paper

Understand SIP trunk and registration in DWG gateway Version: 1.0 Dinstar Technologies Co., Ltd. Date:

DHS S&T Cyber Security R&D Program

Justice Management Division

Privacy Impact Assessment. For Person Authentication Service (PAS) Date: January 9, 2015

The Importance of Cyber Threat Intelligence to a Strong Security Posture

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Transcription:

PREDICT: A Data Repository for Cyber Security Research Charlotte Scheper RTI International Manish Karir DHS S&T 1 RTI International is a trade name of Research Triangle Institute. www.rti.org

What is PREDICT? A Protected REpository for Defense of Infrastructure against Cyber Threats (PREDICT) A research data repository sponsored by DHS/S&T A trusted framework for sharing data for cyber security research A program for advancing tools, methods, and policies for collecting and sharing security-related Internet data In operation since 2008, PREDICT has shared realworld datasets for cyber security research to advance the state-of-the-art network security research and development. 2

Objectives Rationale Researchers had insufficient access to data unable to adequately test their research prototypes Government technology decision-makers and researchers need data to evaluate competing products Legal and ethical policies for Internet research are unclear Scientific method via repeatability of tests and evaluations needed support Project Impetus: National Strategy to Secure Cyberspace (February 2003) and 2009 Cyberspace Policy Review Expanding Public Access to the Results of Federally Funded Research see http://m.whitehouse.gov/blog/2013/02/22/expanding -public-access-results-federally-funded-research PREDICT Cyber Security Datasets Collect Archive Share PREDICT is the only freely available, legally collected repository of large-scale datasets containing real network traffic and system logs. 3

Key Issues Addressed Providing secure, centralized access to multiple sources of security-related data Assuring confidentiality Privacy of individuals Proprietary information Security of the networks from which the data are collected Establishing a legal structure to reduce legal risks Assuring data integrity Protect access to data Ensure proper use of data 4

PREDICT Data Sharing Model Sensitivity assessments for inclusion and access Legally binding terms and conditions for data use Protocols for repository operations Data requests subject to expert review and approval Centralized view of and portal into the repository and management of repository processes through a Data Coordinating Center 5

Privacy Outreach Activities Briefed privacy advocates and obtained input ACLU, Electronic Frontier Foundation (EFF), Center for Democracy and Technology (CDT), EPIC (invited) Prepared Privacy Impact Assessment (PIA) Worked with DHS Privacy Office Briefed government officials, privacy advocates, participants DHS S&T General Counsel DHS General Counsel Department of Justice 6

PREDICT Repository Framework Distributed Repository Multiple data providers collect & prepare data for sharing Multiple data hosts provide computing infrastructure to store datasets and provide access Central coordinating center provides portal and manages repository processes 7

Operational Context with No Data Repository 8

Operational Context with PREDICT 9

Current Repository Holdings Current Data Categories Address Space Allocation Data Border Gateway Protocol (BGP) Routing Data Blackhole Address Space Data Domain Name System (DNS) Data Intrusion Detection System (IDS) and Firewall Data Infrastructure Data Internet Topology Data Internet Protocol (IP) Packet Headers Performance and Quality Measurements Sinkhole Data Synthetically Generated Datasets Traffic Flow Data Unsolicited Bulk Email Data 407 Datasets - Collection periods vary from hours to days to months - Sizes vary from Bytes to TBytes Research groups that have used PREDICT - 97 academic institutions - 88 commercial entities - 37 Government organizations - 3 Foreign - 11 non-profit organizations 10

Current Data Host/Providers UCSD/CAIDA Topology Measurements, Network Telescope 45.4 TB USC - ISI NetFlow, Internet Topology Data, Address Allocation 42 TB Colorado State University NetFlow, Spam logs, IP Reputation lists 90 TB University of Michigan/Merit Networks Netflow, BGP Routing, Dark Address Space Monitoring, BGP Beacon Routing 188.7 TB Georgia Tech Botnet Sinkhole Connection 0.01 TB University of Wisconsin Global Intrusion Detection Database 2.5 TB Packet Clearing House BGP Routing, VoIP Measurement, Synthetic 8.0 TB TOTAL = 596+ TB 11

Data collection, storage, and access Advance the state of the art in data collection techniques, packet formats, new data types, data cataloging/annotation, cross dataset analysis Develop systems for storage and processing of large volumes of data Continue technical and policy work on disclosure control for Internet traffic data Add Data Access Methods such as VMs/Virtual Enclaves Advancement of tools and techniques to analyze Internet datasets to extract and represent useful information Center for Configuration Analytics and Automation (UNCC) project RTI International IR&D project Additional Research Activities Investigate and highlight legal and ethical issues in Internet data collection and analysis Menlo Report on Ethical Principles Guiding Information and Communication Technology Research More than 200 research papers/journals/technical reports using PREDICT datasets within the past 3 years 12

Add classes of data Unrestricted Quasi-restricted Restricted Streamline processes Improvements on the Way Cleaner account request process Click-through agreements for unrestricted and quasi-restricted classes Expand international cooperation framework Japan (Complete), Canada (Close), Australia (started) 13

Summary PREDICT is addressing an acknowledged need by providing large-scale, real-world security-related datasets for cyber security research PREDICT is addressing the significant policy and legal issues in collecting and sharing security-related data PREDICT is helping to achieve DHS s goal of improving the quality of defensive cyber security technologies 14

PREDICT Information https://www.predict.org DHS Privacy Impact Assessment: http://www.dhs.gov/xlibrary/assets/privacy/privacy _pia_st_predict.pdf 15

Contact Information Charlotte Scheper Director PREDICT Coordinating Center RTI International USA cscheper@rti.org 919-485-5587 Manish Karir Program Manager Cyber Security Division DHS S&T USA Manish.Karir@hq.dhs.gov 202-407-0690 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information