Protec'ng Communica'on Networks, Devices, and their Users: Technology and Psychology

Similar documents
DNS Traffic Monitoring. Dave Piscitello VP Security and ICT Coordina;on, ICANN

Applying Machine Learning to Network Security Monitoring. Alex Pinto Chief Data Scien2st

Bank of America Security by Design. Derrick Barksdale Jason Gillam

NGFW is yesterdays news what is next in scope for the firewall in the threat intelligence age

NETWORK DEVICE SECURITY AUDITING

Network that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE

DNS Big Data

Gyrus: A Framework for User- Intent Monitoring of Text- Based Networked ApplicaAons

PROJECT PORTFOLIO SUITE

Capitalize on your carbon management solu4on investment

Gyrus: A Framework for User- Intent Monitoring of Text- Based Networked ApplicaAons

Privacy- Preserving P2P Data Sharing with OneSwarm. Presented by. Adnan Malik

Identity and Access Positioning of Paradgimo

Kaseya Fundamentals Workshop DAY THREE. Developed by Kaseya University. Powered by IT Scholars

Big Data. The Big Picture. Our flexible and efficient Big Data solu9ons open the door to new opportuni9es and new business areas

/Endpoint Security and More Rondi Jamison

Adding Value to Automated Web Scans. Burp Suite and Beyond

Connec(ng to the NC Educa(on Cloud

Main Research Gaps in Cyber Security

Adaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW. Jürgen Seitz Systems Engineering Manager

Strategies for Medical Device So2ware Development Presented By Anthony Giles of Blackwood Embedded Solu;ons And a Case Study by Francis Amoah of Creo

This is a picture of a kiqen

Project Por)olio Management

SDN- based Mobile Networking for Cellular Operators. Seil Jeon, Carlos Guimaraes, Rui L. Aguiar

Mobile Applica,on and BYOD (Bring Your Own Device) Security Implica,ons to Your Business. Dmitry Dessiatnikov

Phone Systems Buyer s Guide

Blue Medora VMware vcenter Opera3ons Manager Management Pack for Oracle Enterprise Manager

Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP HP ENTERPRISE SECURITY SERVICES

ENISA: Cybersecurity policy in Energy Dr. Andreas Mitrakas, LL.M., M.Sc., Head of Unit Quality & data mgt

QRadar SIEM and Zscaler Nanolog Streaming Service

.nl ENTRADA. CENTR-tech 33. November 2015 Marco Davids, SIDN Labs. Klik om de s+jl te bewerken

AVOIDING SILOED DATA AND SILOED DATA MANAGEMENT

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

IT Change Management Process Training

PERDIX: A FRAMEWORK FOR REALTIME BEHAVIORAL EVALUATION OF SECURITY THREATS IN CLOUD COMPUTING ENVIRONMENT

Information and Communications Technology Supply Chain Risk Management (ICT SCRM) AND NIST Cybersecurity Framework

Network Security. Computer Security & Forensics. Security in Compu5ng, Chapter 7. l Network Defences. l Firewalls. l Demilitarised Zones

An Integrated Approach to Manage IT Network Traffic - An Overview Click to edit Master /tle style

Splunk and Big Data for Insider Threats

FRESCO: Modular Composable Security Services for So;ware- Defined Networks

TLD Data Analysis. ICANN Tech Day, Dublin. October 19th 2015 Maarten Wullink, SIDN. Klik om de s+jl te bewerken

The importance of supply chain

ITS Strategic Plan Enabling an Unbounded University

Cloud Security. Let s Open the Box. Abu Shohel Ahmed ahmed.shohel@ericsson.com NomadicLab, Ericsson Research

Adventures in Bouncerland. Nicholas J. Percoco Sean Schulte Trustwave SpiderLabs

Security testing the Internet-of-things

DDOS Mi'ga'on in RedIRIS. SIG- ISM. Vienna

The model of SWOT-analysis is the most

CYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION

Program Model: Muskingum University offers a unique graduate program integra6ng BUSINESS and TECHNOLOGY to develop the 21 st century professional.

Perspec'ves on SDN. Roadmap to SDN Workshop, LBL

Zscaler Internet Security Frequently Asked Questions

Data Stream Algorithms in Storm and R. Radek Maciaszek

Intra- CDN Provider CDNi Experiment

OFERTIE OpenFlow Experiments in Real- Time Interac7ve Edutainment

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals

Malicious Network Traffic Analysis

CSER & emerge Consor.a EHR Working Group Collabora.on on Display and Storage of Gene.c Informa.on in Electronic Health Records

COMPSCI 111 / 111G An introduc)on to prac)cal compu)ng

So#ware quality assurance - introduc4on. Dr Ana Magazinius

Unifying Incident Response Teams Via Multi Lateral Cyber Exercise for Mitigating Cros Border Incidents: Malaysia CERT Case Study

Stream Deployments in the Real World: Enhance Opera?onal Intelligence Across Applica?on Delivery, IT Ops, Security, and More

Transcription:

Protec'ng Communica'on Networks, Devices, and their Users: Technology and Psychology Alexey Kirichenko, F- Secure Corpora7on ICT SHOK, Future Internet program 30.5.2012

Outline 1. Security WP (WP6) overview 2. Projects, challenges 3. Theore7cal and prac7cal results 4. One important outcome

Brief History Cross- WP ac7vity in FI 1 st phase (FI- 1) (led by Mikko Särelä of Ericsson, Sasu Tarkoma of TKK) WP with three ac7vi7es in FI- 2: - Unwanted Traffic - Anomaly Detec7on - Trust, Reputa7on and Management of Creden7als (1.6.2009 31.12.2010, led by Mika Rau7la of VTT) WP with three ac7vi7es in FI- 3: - Botnet Problem - Data Analysis for Informa7on Security - Understanding and Designing Security Experience (1.4.2011 31.3.2012)

Partners Stoneso` Aalto/HIIT, ICS, CSE VTT F- Secure NSN TUT Nokia UH Ericsson

WP6 in FI- 2 High diversity in the plans: - Malware and targeted acacks detec7on and preven7on - Security for Cloud Compu7ng - Manipula7on- resistant robust reputa7on systems - Trust between devices and en77es in data networks - Data access authoriza7on rules and key management Selected results and advances: - Detec7ng botnets through anomalous use of network services; iden7fying Command and Control traffic - Security anomaly visualiza7on for a network intrusion detec7on system, feature selec7on - Call graph- based analysis of executable files - UI prototype for collec7ng feedback and presen7ng reputa7on informa7on on widgets and their developers

Moving to FI- 3 Due to smaller alloca7ons, fewer direc7ons and partners, narrower focus Greater effort to implemen7ng and tes7ng methods and algorithms: Milestones defined as prototypes and produc7on system integra7ons Core areas are: - Data analysis for recognizing malicious objects and ac7vi7es - Role of humans in security systems; visualiza7ons - Security- related User Experience

WP6 Projects in FI- 3 Botnet techniques and botnet characteriza7on and detec7on approaches (Stoneso`, HIIT) Network- based intrusion detec7on, role of security officer (NSN) Classifica7on and clustering for detec7ng malicious files by their sta7c and dynamic features (Aalto/ICS, F- Secure) Study of user percep7on and experience of security (HIIT, F- Secure) Compara7ve evalua7on of UX for security products (TUT, F- Secure) Security events visualiza7on (Stoneso`)

Figh'ng Botnets Analyzing botnet techniques and vulnerabili7es used by botnet writers Fingerprints for iden7fying botnets - Based on communica7on: - between bots within a botnet - between bots and Command and Control (C&C) - from bot to drop zone - Based on popular exploits Botnet detec7on techniques - DPI of malicious payload or C&C communica7on - Port scanning detec7on - Detec7ng outgoing spam messages - Domain flux analysis (number of DNS requests, mostly failed) - Detec7ng HTTP requests in click fraud cases

Network- based Intrusion Detec'on High- level goals: - Select right features for monitoring and analysis - Keep false alarms level low - Make analysis results understandable for security officers - Ensure that analysis speed scales for high traffic volumes Several Master Thesis works towards the goals: - Traffic analysis for intrusion detec7on in telecommunica7ons networks on feature selec7on for specified threat scenarios - Graphical user interface for intrusion detec7on in telecommunica7on networks on GUI concept and prototype for security anomaly visualiza7on in telco networks - Graph- based clustering for anomaly detec7on in IP networks on NodeClustering, a fast and simple anomaly detec7on method - Selec7ve Flow Distribu7on for Network- based Intrusion Detec7on Clusters on an NIDS cluster load balancing system

UX of Security Products Compara7ve evalua7on of user experience of several major Internet and mobile security products - Development and tes7ng of a process for evalua7ng security so`ware user experience - Usability and security experts were involved in discovering usability problems and sugges7ng solu7ons - Compara7ve results were used to find differen7a7ng factors Examples of findings: - Warnings in risky situa7ons require understandable words - Warning dialogs needed before dangerous changes are applied - All evaluated warning flyers diminish too quickly - Windows built- in warning appears at the same 7me

Security Experience A user study on how end users perceive and experience security in connec7on with support calls dealing with security issues - Run in collabora7on with a local teleoperator - Individual interviews with support call specialists - Focus group with a group of support call specialists - Analysis of randomly selected support calls on security - Pair interview with support call specialists to check the findings Examples of findings: - Security support calls have an essen7al part in how users try to manage their security - Security problems are o`en confused with device- or network- related ones - problems are o`en associated with security - Constant safety concerns are a major cause for security support calls

Security Events Visualiza'on Mul7ple views supported Non- determinis7c layout algorithm (Kamada- Kawaii) Hoovering and zooming Drill- in features Event normaliza7on Aggrega7on logic for becer scalability Poten7al in security device configuring

Research results As more 7me went to implementa7ons, the number of publica7ons was modest in WP6 FI- 3: Two conference papers published One conference and one journal papers submiced Five University theses (Aalto, TUT) Two conference papers will be submiced in June

Implementa'ons Presented Classifica7on and clustering methods for iden7fying malware run in F- Secure s Security Labs hcp://www.slideshare.net/7vit/7vit- interac7ve- 10185532 Security logs visualiza7on func7onality integrated with StoneGate SMC product hcp://www.slideshare.net/7vit/7vit- interac7ve- log- visualiza7on

Observa'ons and Thoughts Inves7ng in strategic research and long- term commitments are hard for many industrial partners Challenging to pursue both breakthrough results and research to lead to new business Most of work done as two- or even one- party projects Working out wider collabora7ons requires 7me and effort Rela7vely short funding periods make it tough to keep key personnel at academic partners

Data to Security Ecosystem An idea of uni7ng network and device views: - Analyzing network traffic, files, scripts, - Was discussed within the FI program, is becoming a reality now, as a business pilot ecosystem All the FI- 3 WP6 industrial partners are involved: Stoneso`, NSN, F- Secure New partners: Elisa, EXFO NetHawk Protec7ng ISP and MNO networks by sharing informa7on from network equipment, end- user devices, and backend analysis systems In par7cular, to deal with botnets

Thank you www.futureinternet.fi Alexey Kirichenko, F- Secure Corpora7on ICT SHOK, Future Internet program 30.5.2012

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information