Loading. ######################################################## # Welcome ! # # # We are the # # Internet Defense Council.

Slides:



Advertisements
Similar presentations
Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.
Advertisements

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.
Cyber X-Force-SMS alert system for threats.
Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Web server security Dr Jim Briggs WEBP security1.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
Securing Information Systems
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.
Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.
TCP/IP Malicious Packet Detection (SQL Injection Detection) Ashok Parchuri.
What is FORENSICS? Why do we need Network Forensics?
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.
Software Security Testing Vinay Srinivasan cell:
OSI and TCP/IP Models And Some Vulnerabilities AfNOG th May 2011 – 10 th June 2011 Tanzania By Marcus K. G. Adomey.
بسم الله الرحمن الرحيم Islamic University of Gaza Electrical & Computer Engineering Department Prepared By : Eman Khaled El-mashharawi Miriam Mofeed El-Mukhallalati.
Computer Crimes 8 8 Chapter. The act of using a computer to commit an illegal act Authorized and unauthorized computer access. Examples- o Stealing time.
Operating system Security By Murtaza K. Madraswala.
Web Application Security ECE ECE Internetwork Security What is a Web Application? An application generally comprised of a collection of scripts.
Copyright © 2003 OPNET Technologies, Inc. Confidential, not for distribution to third parties. Session 1341: Case Studies of Security Studies of Intrusion.
Lecture 20 Hacking. Over the Internet Over LAN Locally Offline Theft Deception Modes of Hacker Attack.
Systems II San Pham CS /20/03. Topics Operating Systems Resource Management – Process Management – CPU Scheduling – Deadlock Protection/Security.
CHAPTER 9 Sniffing.
Security. Security Flaws Errors that can be exploited by attackers Constantly exploited.
Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Intrusion Detection Reuven, Dan A. Wei, Li Patel, Rinku H.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Security.
Database Security David Nguyen. Dangers of Internet  Web based applications open up new threats to a corporation security  Protection of information.
DoS/DDoS attack and defense
Computer Security By Duncan Hall.
EECS 354: Network Security Group Members: Patrick Wong Eric Chan Shira Schneidman Web Attacks Project: Detecting XSS and SQL Injection Vulnerabilities.
Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.
Forms of Network Attacks Gabriel Owens COSC 352 February 24, 2011.
1 Web Technologies Website Publishing/Going Live! Copyright © Texas Education Agency, All rights reserved.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
Network System Security - Task 2. Russell Johnston.
The purpose of a CPU is to process data Custom written software is created for a user to meet exact purpose Off the shelf software is developed by a software.
Securing Information Systems
Chapter 7: Identifying Advanced Attacks
Managing Secure Network Systems
Threats to computers Andrew Cormack UKERNA.
ADVANCED PERSISTENT THREATS (APTs) - Simulation
Securing Information Systems
High Coverage Detection of Input-Related Security Faults
Security.
Operating System Concepts
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Loading. ######################################################## # Welcome ! # # # We are the # # Internet Defense Council # # Jared McCollum, Aidan Globus, Isaac Luther, and Pranav Shankar # # ######################################################## Loading Presentation.ppt..

Ohio Supercomputer Center SI 2012 GROUP MEMBERS: Jared McCollum Isaac Luther Pranav Shankar Aidan Globus MENTORS: Dr. Prasad Calyam Arun Selvadhurai Dr. Marcio Faerman

Our Organization  Internet Defense Council  Network Security Firm  Intrusion Detection and Litigation

Overview: Thunderbolt Games  Client: Thunderbolt Games  User passwords and credit card information hi-jacked  Suspect: AccordionSoft, rival game company

Hackers: Who are they? Hackers are people who attack computers or intercept data from servers for malicious purposes Why?  Financial Gain  Blackmail  Vengeance

SSL-Authentication Attack  “Man-in-the-Middle” Attack  Hacker hijacks User Data  Bypasses nearly all site security

Ping Flood  Often from many computers  Ping used for testing latency  Huge amounts of pinging can slow a server and make it unusable

Buffer Overflow  Buffer is the window of space allotted for use in a computer  Hackers use viruses to use more memory than the buffer can handle  Often causes computer or server to crash

SQL-Injection  Executes malicious code with purposeful errors  Allows access into the computer’s or server’s databases

Network Security Tools  Wireshark - monitors all information entering and leaving the computer  Snort - detects intrusions into the system and logs them for further examination on servers AND networks

Network Security Tools (cont.)  Perl - programming language used for web development and interfacing with servers, files and databases  MySQL - engine used for managing databases on a server or computer

Goals  Generate attack log identical to real log file  Randomly select IP address from list  Randomly select network protocol  Randomly generate timestamps in chronological order

Select corresponding country Select attack type from uneven distribution based on country Randomly select a protocol Generate frequency, fluctuating differently depending on location Calculate threat level from frequency and attack type Print out to file Select an IP address

Timestamp Attack Type Protocol Source IP Destination IP Country Originated From Threat Level Frequency

Parsing the Attack Log: Goals  Compile the attack log into an organized list  Calculate “Danger Level” of each entry  Calculate the Threshold level  Compile threats into a table  Import tables into MySQL

Plan Load log file into our Perl code Organize anomalies into a list Modify Danger Level based upon certain parameters Organize data into table Upload table to MySQL database

Part 1 Gather data from log file Parse Data Put data into array Display array in proper form IP Address Type of Attack Danger Level

Explanation of the Danger Level Wanted Danger Level to represent frequency, time, and logged Threat Level Danger Level = Allowed us to represent all “Danger” factors in one variable ((Frequency/Time) + Threat Level) 2

Part 2 1.Gather data from log file 2.Parse Data with Threshold 5.Display array in proper form 2.5Get IP’s and look for repeats 3.Apply algorithm to remove false alarms 4.Put data into array 6.Upload forms to database

Explanation of the Threshold Average Danger Level Standard Deviation Confidence Interval Wanted to capture all entries that were above the average Danger Level Used a confidence interval Interval gave a range for the mean Upper limit of the interval became our threshold

Output of our Code: We imported certain data from the log file to MySQL and into this table Listed IP, Type, and Danger Level IP addresses differed among the processes Contained 4 Types of attacks; SQL Injection, Buffer Overflow, SSL Authorization, and Ping Overflow

Output of our Code: We listed the anomalies in the attack log These entries all had a Danger Level that was more than our Threshold We registered 170 anomalies/threats to the system We tracked through a series of CPU’s being used as botnets to find the IP address of the controller

June 8 th Legend: = SSL Authentication = Ping Flood = Buffer Overflow = SQL Injection We traced the source IP addresses of the attacks to certain locations. We will now show you a demonstration illustrating where the attacks came from:

Map of all Attacks Throughout the 5 Days Legend: = SSL Authentication = Ping Flood = Buffer Overflow = SQL Injection

Successful project outcomes Learned how to program in Perl Learned how to use MySQL Learned about general network security and forensics Excellent communication

Special Thanks to…  Dr. Prasad Calyam  Renea Colopy  Dr. Marcio Faerman  Arun Selvadhurai  Dr. Alan Chalker  Liz Hudak  Liz Stong  Dr. Ben Smith  Zarius Shroff

Thank you for your attention!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.