DETECT DEtection Test bed for Event Correlation and Tuning Marc Dacier, Eurecom

Slides:



Advertisements
Similar presentations
Defence R&D Canada R et D pour la défense Canada Major Events Coordinated Security Solutions Public Security Science and Technology Symposium bridging.
Advertisements

Contents: The Consortium Background Goal Objectives Methodology, dissemination strategies and timetable UNIVERSITA CATTOLICA DEL SACRO CUORE MILANO.
Evaluating quality: the MILE method applied to museum Web sites Franca Garzotto - HOC- Hypermedia Open Center, Politecnico di Milano Maria Pia Guermandi.
Marc Grégoire, DRDC Ottawa Luc Beaudoin, Bologik Inc.
LEQ WHAT IS THE PRIMARY PURPOSE OF THE PROBLEM-SOLVING METHOD? IN YOUR OWN WORDS, HOW WOULD YOU DEFINE IT?
ACTS Programme M obile I ntelligent A gents for M anaging the Information I nfrastructure ACTS Programme AC338.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
ENTERFACE’08 Multimodal high-level data integration Project 2 1.
ForeScout Technologies Ayelet Steinitz, Product Manager April, 2003.
ECRYPT European Network of Excellence in Cryptology Royal Holloway Project Overview.
Trust, Privacy, and Security Moderator: Bharat Bhargava Purdue University.
Trust, Privacy, and Security Moderator: Bharat Bhargava 1 Coordinators: Bharat Bhargava 1, Csilla Farkas 2, and Leszek Lilien 1 1 Purdue University and.
Personalized Cybersecurity for Dummies Jaime G. Carbonell Eugene Fink Mehrbod Sharifi Application of machine learning and crowdsourcing to adapt cybersecurity.
Intrusion Detection Systems: A Survey and Taxonomy A presentation by Emily Fetchko.
Susana Bokobo. UAM Marcos Pascual. U.OVIEDO DER
1 This NoE is proposed to the EC in the 6th framework program Acceptance is expected before end of June,
An invitation to fight bots: the ACDC community Wout de Natris De Natris Consult/reach out officer eco RIPE 67 Athens, Tuesday 15 October 2013.
© Siemens AG, CT SE 1, Dr. A. Ulrich C O R P O R A T E T E C H N O L O G Y Research at Siemens CT SE Software & Engineering Development Techniques.
FMEA-technique of Web Services Analysis and Dependability Ensuring Anatoliy Gorbenko Vyacheslav Kharchenko Olga Tarasyuk National Aerospace University.
Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.
SECURE –FORCE Project Christodoulos Keratidis Atlantis Consulting S.A. 1 st SEE-INNOVATION Know How Event Skopje, December 2006.
The FishBase Information System Current coverage of Russian Biodiversity and Opportunities for Collaboration Rainer Froese Institute for.
Automating Forensics. 2 Speaker Passion is honeypots. President, Honeynet Project Author Honeypots: Tracking and Co-Author Know Your Enemy. 8 Years in.
International Cyber Warfare and Security Conference Cyber Defence Germany's Analysis of Global Threats 19th November 2013, Ankara.
TEMPLATE DESIGN © An increasing world population, industrial development, globalization and changing weather and climate.
Dependability in FP 6 Brian Randell Pisa Workshop, November 2002.
Dependable ICT for Utilities Proposal for DESIRE activities The CRIS Institute Hans Ottosson The International.
Secure Sensor Data/Information Management and Mining Bhavani Thuraisingham The University of Texas at Dallas October 2005.
Introducing STARDEX: STAtistical and Regional dynamical Downscaling of EXtremes for European regions Clare Goodess* & the STARDEX team *Climatic Research.
1 Commonwealth Security Information Resource Center Michael Watson Security Incident Management Director 10/17/2008
OECD WORK ON PENSION STATISTICS On-going data collection Working Party on Financial Statistics Paris, 6-7 October 2003 Organisation for Economic Co-operation.
CSCE 522 Secure Software Development Best Practices.
ENTERFACE 08 Project 2 “multimodal high-level data integration” Mid-term presentation August 19th, 2008.
SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
Validity of Researcher-Made Surveys. Evidence of Validity.
Global Observing System Simulation Experiments (Global OSSEs) How It Works Nature Run 13-month uninterrupted forecast produces alternative atmosphere.
Supporting Researchers and Institutions in Exploiting Administrative Databases for Statistical Purposes: Istat’s Strategy G. D’Angiolini, P. De Salvo,
Investigation and Evaluation of Systems for Generating Automatic Alerts Using Honeynet Data Master’s Thesis Seminar Presentation Esko Harjama.
Federal Cybersecurity Research Agenda June 2010 Dawn Meyerriecks
MAFTIA Expression of Interest for DEFINE and DESIRE presented by Robert Stroud, University of Newcastle upon Tyne.
 It is a branch of FORENSIC SCIENCE for legal evidence found in computer  It refers to detail investigation of the computers to carry out required tasks.
1 9/14/2010 Cloud Network Defense Tom Byrnes Founder & CEO x4242 Cloud Network Defense.
McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved. RESEARCH DESIGN: AN OVERVIEW Chapter 6.
WebWatcher A Lightweight Tool for Analyzing Web Server Logs Hervé DEBAR IBM Zurich Research Laboratory Global Security Analysis Laboratory
E u r o g u i d a n c e A Network of National Resource and Information Centres for Guidance Established in 1992.
DEFINE central topics: Critical infrastructures interdependencies Marcelo Masera Joint Research Centre DEFINE workshop November 2002, Pisa.
An Active Security Infrastructure for Grids Stuart Kenny*, Brian Coghlan Trinity College Dublin.
SGS-3, Washington – May 08 1 Regulations, Codes and Standards (RCS) – What can IPHE contribute? Marc Steen Co-Chair RCSWG Institute for Energy, Joint Research.
Introduction to the OECD. 4 key questions Who are we? What do we do? How do we do it? What happens next?
ECRYPT European Network of Excellence in Cryptology Project Overview.
STEP - 4 Research Design 1. The term “research design” can be defined as, The systematic study plan used to turn a research question or research questions.
SIEM Rotem Mesika System security engineering
Crime Statistics and EU Organised Crime Threat Assessment
Centre de Recherches Informatique et Droit
Collection device for Li-8 and B-8.
Access control techniques
WP 4 CERN Nov 2, 2009.
Detection and Analysis of Threats to the Energy Sector (DATES)
Self evaluation.
Constantine Stephanidis D4ALLnet Project Coordinator
How to Detect Attacks and Supervise Rail Systems?
Internet Engineering Course
AF1 Thinking scientifically
Honeypots Visit for more Learning Resources 1.
Risk Assessment in Deception: Presenting DARN and DRAT
Université catholique de Louvain, Brussels, Belgium
Presentation transcript:

DETECT DEtection Test bed for Event Correlation and Tuning Marc Dacier, Eurecom

Contributors University of Milano (Italy): D. Buschi Internet Systematics Lab (Greece) : Y. Corovesis Institut Eurecom (France): M. Dacier France Telecom R&D (France), H. Debar Chalmers University (Sweden): E. Jonsson Université Catholique de Louvain (Belgium): B. Le Charlier Joint Research Centre, Ispra (Italy): P. Loekkemyhr Defence Science and Technology Laboratory (Dstl, UK): T. McCutcheon Queensland University of Technology (Australia): G. Mohay Centre de Recherche Droit et Informatique, FUNDP Namur (Belgium): Y. Poullet IBM Zurich Research Laboratorium (Switzerland): A. Wespi

Paradigm Shift From Security by Obscurity –The bad guys dont know how to break into the system. To Security by Ignorance –The good guys dont know how to break into the system.

Assumptions There exists a large deployment of reliable sensors that capture data about real attacks: –DESIRE (?) –Honeynet project (?) –… ? Gathered data are freely available. The collection process is precisely defined

Open Issues Can we use these data in order to get a better understanding of the threats we are facing ? Can we use the data to validate the models? Can we carry out epidemiological studies? Can we use those data for educational purposes?

Research items Data Analysis techniques Fault taxonomy Modelling of attack patterns Trends analysis Validation of scenarios Forensic Analysis Identification of new modus operandi. Correlation of alerts Legal issues ….

Expected outcome A better understanding of the threats. A community-building task for research on malicious faults. Educational material. Input for the developpers and the security community as a whole.

Define vs. Desire Desire is where we could build such a large intrusion tolerant test bed. Define is where we would analyse together the available data.

Why a NoE ? Joint use of infrastructure Mutual cooperation but individual specialization. multidisciplinarity

Why Define ? JER -> Central Topics -> System Evaluation -> Field Experiments