Questions on “Data Reduction for the Scalable Automated Analysis of Distributed Darknet Traffic” Yao Zhao.

Slides:

Advertisements

Similar presentations

Approaches to Multi-Homing for IPv6 An Architectural View of IPv6 MultiHoming proposals Geoff Huston 2004.

Advertisements

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.

SIMPLE Presence Traffic Optimization and Server Scalability Vishal Kumar Singh Henning Schulzrinne Markus Isomaki Piotr Boni IETF 67, San Diego.

Greg Williams CS691 Summer Honeycomb  Introduction  Preceding Work  Important Points  Analysis  Future Work.

IDPS (Intrusion Detection & Prevention System )

Module 8: Concepts of a Network Load Balancing Cluster

- 1 - Data Reduction for the Scalable Automated Analysis of Distributed Darknet Traffic Michael Bailey, Evan Cooke, David Watson and Farnam Jahanian University.

EEC-484/584 Computer Networks Discussion Session for HTTP and DNS Wenbing Zhao

IDS Colloquium 2001John Kristoff - DePaul University1 Intrusion Detection Systems (IDS) John Kristoff DePaul University.

Payload Attribution via Hierarchical Bloom Filters

Automated Worm Fingerprinting Sumeet Singh, Cristian Estan, George Varghese, and Stefan Savage Manan Sanghi.

Vulnerabilities of Passive Internet Threat Monitors Yoichi Shinoda Japan Advanced Institute of Science and Technology Ko Ikai National Police Agency, Japan.

On the Difficulty of Scalably Detecting Network Attacks Kirill Levchenko with Ramamohan Paturi and George Varghese.

Comparing Hybrid Peer-to-Peer Systems Beverly Yang and Hector Garcia-Molina Presented by Marco Barreno November 3, 2003 CS 294-4: Peer-to-peer systems.

White Flag performed by Dido

EEC-484/584 Computer Networks Lecture 14 Wenbing Zhao

DIDS part II The Return of dIDS 2/12 CIS GrIDS Graph based intrusion detection system for large networks. Analyzes network activity on networks.

DDoS Mitigation for ISP subscribers Rajaram Pejaver November 23, 2010 De-DDoS.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

China Science & Technology Network Computer Emergency Response Team Botnet Detection and Network Security Alert Tao JING CSTCERT,CNIC.

Scanners Inventory all machines on site; 12,000+ nmap farm All machines usually twice a day Find critical vulnerabilities and issue blocks Nessus Homegrown.

Introduction to Honeypot, Botnet, and Security Measurement

Chapter 9: Cooperation in Intrusion Detection Networks Authors: Carol Fung and Raouf Boutaba Editors: M. S. Obaidat and S. Misra Jon Wiley & Sons publishing.

Stochastic sleep scheduling (SSS) for large scale wireless sensor networks Yaxiong Zhao Jie Wu Computer and Information Sciences Temple University.

Global Intrusion Detection Using Distribute Hash Table Jason Skicewicz, Laurence Berland, Yan Chen Northwestern University 6/2004.

A Framework for Packe Trace Manipulation Christian Kreibich.

DoWitcher: Effective Worm Detection and Containment in the Internet Core S. Ranjan et. al in INFOCOM 2007 Presented by: Sailesh Kumar.

Managing Handoff. For operations and management to detect and isolating Handoff being particularly challenging, therefore it is important to understand.

Orbited Scaling Bi-directional web applications A presentation by Michael Carter

ICOM 6115©Manuel Rodriguez-Martinez ICOM 6115 – Computer Networks and the WWW Manuel Rodriguez-Martinez, Ph.D. Lecture 19.

Number Properties It’s all about organization!. What is a property? In math, properties are basic building blocks of math. They are rules that are always.

Modeling Worms: Two papers at Infocom 2003 Worms Programs that self propagate across the internet by exploiting the security flaws in widely used services.

Detecting Targeted Attacks Using Shadow Honeypots Authors: K.G. Anagnostakis, S. Sidiroglou, P. Akritidis, K. Xinidis, E. Markatos, A.D. Keromytis Published:

A VIRTUAL HONEYPOT FRAMEWORK Author : Niels Provos Publication: Usenix Security Symposium Presenter: Hiral Chhaya for CAP6103.

1 Honeypot, Botnet, Security Measurement, Spam Cliff C. Zou CDA /01/07.

1 More on Plaxton routing There are n nodes, and log B n digits in the id, where B = 2 b The neighbor table of each node consists of - primary neighbors.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 4 Switching Concepts.

Defending Against Internet Worms: A Signature-Based Approach Aurthors: Yong Tang, and Shigang Chen Publication: IEEE INFOCOM'05 Presenter : Richard Bares.

Jose Jimenez Telefónica I+D Future Network & Mobile Summit 2011 The vision of Future Internet in the FI PPP Core Platform project.

Sales Video Structure Welcome & Intro Example: Hi there, it’s Sandra welcome to my live training

DETECTING TARGETED ATTACKS USING SHADOW HONEYPOTS AUTHORS: K. G. Anagnostakisy, S. Sidiroglouz, P. Akritidis, K. Xinidis, E. Markatos, A. D. Keromytisz.

Worm Defense Alexander Chang CS239 – Network Security 05/01/2006.

How likely is it that…..?. The Law of Large Numbers says that the more times you repeat an experiment the closer the relative frequency of an event will.

Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.

Automated Worm Fingerprinting Authors: Sumeet Singh, Cristian Estan, George Varghese and Stefan Savage Publish: OSDI'04. Presenter: YanYan Wang.

Click to edit Master title style Multi-Destination Routing and the Design of Peer-to-Peer Overlays Authors John Buford Panasonic Princeton Lab, USA. Alan.

Hyperion :High Volume Stream Archival Divya Muthukumaran.

Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.

1 CCNA 3 v3.1 Module 4 Switching Concepts Claes Larsen, CCAI.

INTERNET SIMULATOR Jelena Mirkovic USC Information Sciences Institute

The Internet Motion Sensor: A Distributed Blackhole Monitoring System Authors: Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, and David Watson.

Wingu A Synchronization Layer For Safe Concurrent Access to Cloud Storage Craig Chasseur and Allie Terrell December 20, 2010.

MIT – Laboratory for Computer Science

Affinity Depending on the application and client requirements of your Network Load Balancing cluster, you can be required to select an Affinity setting.

EN Lecture Notes Spring 2016

Revisiting Ethernet: Plug-and-play made scalable and efficient

Network-based Intrusion Detection, Prevention and Forensics System

Northwestern Lab for Internet and Security Technology (LIST) Yan Chen Department of Computer Science Northwestern University.

SU-MIMO Type for Group Addressed Frames

Normal Distributions.

Applications of the Derivative

كيــف تكتـب خطـة بحـث سيئـة ؟؟

الدكتـور/ عبدالناصـر محمـد عبدالحميـد

SU-MIMO Type for Group Addressed Frames

Distributed computing deals with hardware

THE INTERNET MOTION SENSOR: A Distributed Blackhole Monitoring System

An Architecture for Secure Wide-Area Service Discovery

Networks of CR and NCR cells in reeler layer 1

Presentation transcript:

Questions on “Data Reduction for the Scalable Automated Analysis of Distributed Darknet Traffic” Yao Zhao

Hybrid Architecture IMS + HMS IMS Proxy back to HMS –Detectable by delay

Filtering with First Payload Only use hash of the payload –A little bit change in the first payload will escape –Polymorphic worms

Collaboration Works? The IDS collaboration paper tells that collaboration helps much This paper tries to say collaboration of darknet doesn’t make much sense.

Duration of Event Figure 8 Obtained from one honeypot host Heavy tail? Long durations –A single /17 darknet block need to handle from 40,000 to 200,000 simultaneous connections –But session <> infection session

Different Scale of Darknets