Network Security Lab Jelena Mirkovic Sig NewGrad presentantion.

Slides:



Advertisements
Similar presentations
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
Advertisements

CIS 459/659 – Introduction to Network Security – Spring 2005 – Class 13 – 4/5/05 1 D-WARD 1  Goal: detect attacks, reduce the attack traffic, recognize.
By Hiranmayi Pai Neeraj Jain
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
1 Anti Virus vs virus System i-Specific Anti-Virus Product Ali ameen al said.
Overview of Distributed Denial of Service (DDoS) Wei Zhou.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
 Well-publicized worms  Worm propagation curve  Scanning strategies (uniform, permutation, hitlist, subnet) 1.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.
Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Worm Defense. Outline  Internet Quarantine: Requirements for Containing Self-Propagating Code  Netbait: a Distributed Worm Detection Service  Midgard.
Lecture 11 Reliability and Security in IT infrastructure.
Max Robinson Jelena Mirković DR. Peter Reiher DefCOM Motivation Distributed denial-of-service attacks require a distributed solution. Detection is more.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
1 Computer Security: Protect your PC and Protect Yourself.
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Stamping out worms and other Internet pests Miguel Castro Microsoft Research.
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.
Distributed Denial of Service CRyptography Applications Bistro Presented by Lingxuan Hu April 15, 2004.
Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,
A Crawler-based Study of Spyware on the Web Authors: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, and Henry M. Levy University of Washington 13.
Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
Vigilante: End-to-End Containment of Internet Worms Authors : M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham In Proceedings.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
Stamping out worms and other Internet pests Miguel Castro Microsoft Research.
Worm Defense Alexander Chang CS239 – Network Security 05/01/2006.
Malicious Software.
1 ForeScout Technologies Inc. Frontline Defense against Network Attack Tim Riley, Forescout.
Computer Security By Duncan Hall.
Advanced Anti-Virus Techniques
DDoS Defense: Utilizing P2P architecture By Joshua Aslan Smith.
Lecture 16 Page 1 CS 239, Spring 2007 Designing Performance Experiments: An Example CS 239 Experimental Methodologies for System Software Peter Reiher.
Virus Assignment JESS D. How viruses affect people and businesses  What is a virus? A computer virus is a code or a program that is loaded onto your.
Role Of Network IDS in Network Perimeter Defense.
Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
INTERNET SIMULATOR Jelena Mirkovic USC Information Sciences Institute
Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.
DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.
Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.
Vigilante: End-to-End Containment of Internet Worms Manuel Costa, Jon Crowcroft, Miguel Castro, Antony Rowstron, Lidong Zhou, Lintao Zhang and Paul Barham.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Botnets A collection of compromised machines
Internet Quarantine: Requirements for Containing Self-Propagating Code
Seminar On Ethical Hacking Submitted To: Submitted By:
Malicious Software.
Secure Software Confidentiality Integrity Data Security Authentication
Distributed Denial of Service (DDoS) Attacks
Data Streaming in Computer Networking
Botnets A collection of compromised machines
Defending Against DDoS
- Issues, Answers & A Comparison 江政祐 Henry, Cheng-You Chiang
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Chap 10 Malicious Software.
Forensics Week 12.
Chap 10 Malicious Software.
DDoS Attack and Its Defense
Computer Security By: Muhammed Anwar.
WJEC GCSE Computer Science
Introduction to Internet Worm
Outline Why is DDoS hard to handle?
Distributed Denial of Service (DDoS) Attacks
An overview over Botnets
Presentation transcript:

Network Security Lab Jelena Mirkovic Sig NewGrad presentantion

Main Research Areas Distributed Denial of Service Distributed Denial of Service Distributed defense: DefCOM Distributed defense: DefCOM Internet Worms Internet Worms Worm simulation: PAWS Worm simulation: PAWS Cooperative defense: WIN Cooperative defense: WIN Detecting new malicious executables Detecting new malicious executables Application-level Honeynets, summarizing firewall logs, predicting routing changes … Application-level Honeynets, summarizing firewall logs, predicting routing changes …

Distributed Denial of Service

Ideal solution! Too much traffic Attack traffic looks like legitimate

Distributed Denial of Service Detect attack Stop attack Differentiate between attack and legitimate traffic

DefCOM Distributed defense against DDoS Distributed defense against DDoS Combines nodes at: Combines nodes at: Victim – Alert generators: detect attack and alert other nodes Victim – Alert generators: detect attack and alert other nodes Core – Rate limiters: stop attack by dropping traffic Core – Rate limiters: stop attack by dropping traffic Source – Classifiers: differentiate between legitimate and attack traffic Source – Classifiers: differentiate between legitimate and attack traffic Nodes cooperate through an overlay Nodes cooperate through an overlay

DefCOM AG RL C C Attack! 1. Attack detection

DefCOM AG RL C C 2. Forming the traffic tree mark = 3 mark = 5 mark = 12 mark 56 I see mark 3! I see mark 5! I see marks 12 and 56!

DefCOM AG RL C C 2. Forming the traffic tree

DefCOM AG RL C C 3. Distributed rate-limiting 100Mbps 50Mbps

DefCOM AG RL C C 4. Traffic differentiation 100Mbps 50Mbps L=76 M=43 L=6 M=20 L=33 M=17 L=4 M=25

DefCOM AG RL C C 4. Traffic differentiation 100Mbps 50Mbps L=76 M=43 L=6 M=20 L=33 M=17 L=4 M=25

Internet Worms  A program that:  Scans network for vulnerable machines  Breaks into machines by exploiting the found vulnerability  Installs some piece of malicious code – backdoor, DDoS tool  Moves on  Don’t need any user action to spread  Spread very fast!

PAWS  Parallel worm simulator  Runs on multiple machines – gain memory and CPU resources  Can simulate greater detail than single-node simulators  Can simulate various defenses  Machines synchronize with network messages

WIN  Worm information network  We need fast, automatic response to stop worms  How can we detect worms  How can we devise signatures quickly and automatically  How can we share signatures with other networks  How can we accept signatures from others and be sure we won’t filter out legitimate traffic

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.