THE INTERNET MOTION SENSOR: A Distributed Blackhole Monitoring System

Slides:

Advertisements

Similar presentations

Tanmoy Sarkar, Johnny Wong, Samik Basu Response to Collaborative Attacks Against Network Vulnerability Iowa State University, Department Of Computer Science.

Advertisements

The Internet Motion Sensor: A Distributed Blackhole Monitoring System Michael Bailey*, Evan Cooke*, Farnam Jahanian* †, Jose Nazario †, David Watson* Presenter:

David Grochocki et al.  Lures Potential attackers  Smartmeters do two way communication  Millions of Meters has to be replaced  Serious damages just.

I would like to thank Louis P. Wilder and Dr. Joseph Trien for the opportunity to work on this project and for their continued support. The Research Alliance.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

- 1 - Data Reduction for the Scalable Automated Analysis of Distributed Darknet Traffic Michael Bailey, Evan Cooke, David Watson and Farnam Jahanian University.

Questions on “Data Reduction for the Scalable Automated Analysis of Distributed Darknet Traffic” Yao Zhao.

T H E O H I O S T A T E U N I V E R S I T Y Computer Science and Engineering Current Calendar Calendar Index Upcoming Speakers About... Artificial Intelligence.

Modeling/Detecting the Spread of Active Worms Lixin Gao Dept. Of Electrical & Computer Engineering Univ. of Massachusetts

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Lecture 11 Intrusion Detection (cont)

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

1 Integrating a Network IDS into an Open Source Cloud Computing Environment 1st International Workshop on Security and Performance in Emerging Distributed.

Introduction to Honeypot, Botnet, and Security Measurement

Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.

Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

Enhancing the Security of Corporate Wi-Fi Networks using DAIR PRESENTED BY SRAVANI KAMBAM 1.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Authors:Jon Oberheide, Kaushik Veeraraghavan, Evan Cooke, Jason Flinn, Farnam Jahanian Electrical Engineering and Electrical Engineering and Computer Science.

A Virtual Honeypot Framework Author: Niels Provos Published in: CITI Report 03-1 Presenter: Tao Li.

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

The Internet Motion Sensor: A Distributed Blackhole Monitoring System Presented By: Arun Krishnamurthy Authors: Michael Bailey, Evan Cooke, Farnam Jahanian,

A Multifaceted Approach to Understanding the Botnet Phenomenon Authors : Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis Computer Science.

DISTRIBUTED tcpdump CAPABILITY FOR LINUX Research Paper EJAZ AHMED SYED Dr. JIM MARTIN Internet Research Group. Department Of Computer Science – Clemson.

HONEYPOT By SIDDARTHA ELETI CLEMSON UNIVERSITY. Introduction Introduced in 1990/1991 by Clifford Stoll’s in his book “The Cuckoo’s Egg” and by Bill Cheswick’s.

Presented by Spiros Antonatos Distributed Computing Systems Lab Institute of Computer Science FORTH.

A VIRTUAL HONEYPOT FRAMEWORK Author : Niels Provos Publication: Usenix Security Symposium Presenter: Hiral Chhaya for CAP6103.

Grid-based Future Internet with Wireless sensor network By Mohammad Mehedi Hassan Student ID:

The UCSD Network Telescope A Real-time Monitoring System for Tracking Internet Attacks Stefan Savage David Moore, Geoff Voelker, and Colleen Shannon Department.

A Virtual Honeypot Framework Niels Provos Google, Inc. The 13th USENIX Security Symposium, August 9–13, 2004 San Diego, CA Presented by: Sean Mondesire.

1 Modeling, Early Detection, and Mitigation of Internet Worm Attacks Cliff C. Zou Assistant professor School of Computer Science University of Central.

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

A SDN-based HoneyGrid. HoneyGrid Goals (cont.) 2. Distributed Resources Management through DLB NFV – Deploying honeynets at multiple locations is not.

1 On the Performance of Internet Worm Scanning Strategies Authors: Cliff C. Zou, Don Towsley, Weibo Gong Publication: Journal of Performance Evaluation,

DETECTING TARGETED ATTACKS USING SHADOW HONEYPOTS AUTHORS: K. G. Anagnostakisy, S. Sidiroglouz, P. Akritidis, K. Xinidis, E. Markatos, A. D. Keromytisz.

Botnets Usman Jafarey Including slides from The Zombie Roundup by Cooke, Jahanian, McPherson of the University of Michigan.

Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.

1 Modeling, Early Detection, and Mitigation of Internet Worm Attacks Cliff C. Zou Assistant professor School of Computer Science University of Central.

Early Detection of DDoS Attacks against SDN Controllers

1 Virtual Dark IP for Internet Threat Detection Akihiro Shimoda & Shigeki Goto Waseda University

Automated Worm Fingerprinting Authors: Sumeet Singh, Cristian Estan, George Varghese and Stefan Savage Publish: OSDI'04. Presenter: YanYan Wang.

Advanced Anti-Virus Techniques

Mapping Internet Sensor With Probe Response Attacks Authors: John Bethencourt, Jason Franklin, and Mary Vernon. University of Wisconsin, Madison. Usenix.

Defending against Hitlist Worms using NASR Khanh Nguyen.

1 Monitoring and Early Warning for Internet Worms Authors: Cliff C. Zou, Lixin Gao, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst Publish: 10th.

1 Modeling and Measuring Botnets David Dagon, Wenke Lee Georgia Institute of Technology Cliff C. Zou Univ. of Central Florida Funded by NSF CyberTrust.

1 NES554: Computer Networks Defense Course Overview.

HoneyStat: Local Worm Detection Using Honeypots David Dagon, Xinzhou Qin, Guofei Gu, Wenke Lee, et al from Georgia Institute of Technology Authors: The.

Investigating the Prefix-level Characteristics A Case Study in an IPv6 Network Department of Computer Science and Information Engineering, National Cheng.

Network Anomaly Detection Using Autonomous System Flow Aggregates Thienne Johnson 1,2 and Loukas Lazos 1 1 Department of Electrical and Computer Engineering.

Criticality Aware Smart Spaces T. Mukherjee Impact Lab ( Department of Computer Science & Engineering Ira A. Fulton School of Engineering.

Deployable Filtering Architectures Against Denial-of-Service Attacks Department of Computer Science University College London Telephone: +44 (0)

CRESST ONR/NETC Meetings, July July, 2003 ONR Advanced Distributed Learning Bill Kaiser UCLA/SEAS Wireless Networked Sensors for Assessment.

The Internet Motion Sensor: A Distributed Blackhole Monitoring System Authors: Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, and David Watson.

Physical Security at Data Center: A survey. Objective of the Survey  1. To identify the current physical security in data centre.  2.To analyse the.

CloudAV: N-Version Antivirus in the Network Cloud Jon Oberheide, Evan Cooke, Farnam Jahanian Electrical Engineering and Computer Science Department, University.

Internet Quarantine: Requirements for Containing Self-Propagating Code

Authors – Johannes Krupp, Michael Backes, and Christian Rossow(2016)

Honeypots at CESNET/MU

Honeypots and Honeynets

DDoS Attack Detection under SDN Context

Honeypots and Honeynets

12/6/2018 Honeypot ICT Infrastructure Sashan

Intrusion Detection system

Modeling, Early Detection, and Mitigation of Internet Worm Attacks

Towards an Archival Intermemory

Data Mining & Machine Learning Lab

Introduction to Internet Worm

Lightweight Security Scheme for Vehicle Tracking System Using CoAP

Presentation transcript:

THE INTERNET MOTION SENSOR: A Distributed Blackhole Monitoring System Presented by: Bruce Meeks, Jr. Authors: Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, and David Watson Publisher: Electrical Engineering and Computer Science Department, University of Michigan

INTRODUCTION AND MOTIVATION National Infrastructure of global networks vulnerable to rapidly growing internet threats Amongst them, fast moving worms, distributed denial of service attacks, and routing exploits

INTRODUCTION AND MOTIVATION Threats’ share several key components: 1) globally scoped 2) occasional zero-day threats 3) evolutionary characteristic 4) many are exceptionally virulent

AUTHORS’ PROPOSED METHODS FOR MONITORING AND ANALYSIS One promising method for investigating these threats is monitoring unused or dark address space Two key design challenges necessary to incorporate this monitoring infrastructure:

SENSOR COVERAGE The visibility of the system into Internet threats One method to increase visibility is to monitor larger blocks of address space

SERVICE EMULATION Difficult to emulate realistic Internet services because the IMS doesn’t interact with live hosts An ideal system would reproduce all current and future services with exactly the same behaviors as all possible end-hosts.

MAIN CONTRIBUTIONS The design and implementation of a distributed, globally scoped, Internet threat monitoring system - IMS architecture The deployment and demonstration of the IMS on production networks - Current deployment and observations

INTERNET MOTION SENSOR ARCHITECURE Offers Three Novel Contributions: Distributed Monitoring Infrastruture 2) Lightweight Active Reponder 3) Payload Signatures and Caching

INTERNET MOTION SENSOR ARCHITECURE 1st Novel Contribution Distributed Monitoring Infrastructure - Distributed deployment to increase visibility

INTERNET MOTION SENSOR ARCHITECURE 2nd Novel Contribution Lightweight Active Responder - Characterize threats on emerging ports and services - Essentially a honeypot (low responsive)

INTERNET MOTION SENSOR ARCHITECURE 2nd Novel Contribution Light Weight Active Responder

INTERNET MOTION SENSOR ARCHITECURE 3rd Novel Contribution Payload Signatures and Caching Only stores new payloads Storage conservation Identifies new payloads ** Note: Goal of IMS is to measure, characterize, and track a broad range of Internet threats **

Deployment Observations and Experiences Three events captured using IMS deployment: Internet Worm activity Scanning 3) DDoS

Weaknesses of Paper Next step of counteraction after detection ? Why should this method of monitoring and analyzing be superior to others? Provides little to no information on defending against threats that depend on application level responses.