Countering Denial of Information Attacks with Network Visualization Gregory Conti

Slides:



Advertisements
Similar presentations
Intrusion Detection/Prevention Systems Charles Poff Bearing Point.
Advertisements

6/1/2014FLOCON 2009, Scottsdale, AZ. DoD Disclaimer 6/1/2014FLOCON 2009, Scottsdale, AZ This document was prepared as a service to the DoD community.
ESafe Reporter V3.0 eSafe Learning and Certification Program February 2007.
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
1 Visualizing Network Attacks Eric Conrad April 2009.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
$200 $300 $400 $500 $100 $200 $300 $400 $500 $100 $200 $300 $400 $500 $100 $200 $300 $400 $500 $100 $200 $300 $500 $100 Category One Category Two Category.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Intrusion Detection Systems and Practices
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.
Hardware and Software Basics. Computer Hardware  Central Processing Unit - also called “The Chip”, a CPU, a processor, or a microprocessor  Memory (RAM)
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Jayne Bernardini Peter Schunk Jan Vanecek. Presentation Outline Evolution of Security Software Company Profiles Compare System.
Computers, The Internet & The Web Jacie Yang Texas State University.
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 
Introduction to Honeypot, Botnet, and Security Measurement
© 2006 Consumer Jungle Minimizing Online Risks. © 2006 Consumer Jungle 15 Steps to Minimizing Online Risks 1.Update your operating system 2.Use a firewall.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Article presentation for: The Dark Cloud: Understanding and Defending against Botnets and Stealthy Malware Based on article by: Jaideep Chandrashekar,
Countering Denial of Information Attacks Gregory Conti Original Photos: National Geographic, Photoshopper: Unknown.
BotNet Detection Techniques By Shreyas Sali
Security Threats Connecting Computers Copyright Law & Ethics Storage & Memory Computer System
Part 2  Access Control 1 CAPTCHA Part 2  Access Control 2 Turing Test Proposed by Alan Turing in 1950 Human asks questions to another human and a computer,
What is FORENSICS? Why do we need Network Forensics?
1. 2 First Things First: Internet and Web Basics Chapter 1.
Internet Security facilities for secure communication.
Passive Visual Fingerprinting of Network Attack Tools Gregory Conti Kulsoom Abdullah College of Computing Georgia Institute of Technology Passive.
1 INTERNET AND WORLD WIDE WEB TECHNOLOGIES BUS Abdou Illia, Spring 2007 (Week 11, Thursday 3/22/2007)
ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.
Windows XP Basics By Jane Maringer-Cantu CSIS 572.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
--Harish Reddy Vemula Distributed Denial of Service.
DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.
Beyond Ethereal: Crafting A Tivo for Security Datastreams Gregory Conti
CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.
Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.
Internet Fundamentals Presented by the Tech Team.
Network Attack Visualization Greg Conti
The UCSD Network Telescope A Real-time Monitoring System for Tracking Internet Attacks Stefan Savage David Moore, Geoff Voelker, and Colleen Shannon Department.
Welcome to Introduction to Computer Security. Why Computer Security The past decade has seen an explosion in the concern for the security of information.
Computer Guts and Operating Systems CSCI 101 Week Two.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
Mapping Internet Sensors with Probe Response Attacks Authors: John Bethencourt, Jason Franklin, Mary Vernon Published At: Usenix Security Symposium, 2005.
Click here to download this powerpoint template : Colorful Networks Free Powerpoint TemplateColorful Networks Free Powerpoint Template For more : Powerpoint.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
MSBCS-BCSI-1 Students will identify computer system components MSBCS-BCSIII-8 Students will examine basics of networking Computer Basics & Terminology.
Filtering, Fusion and Dynamic Information Presentation: Towards a General Information Firewall Gregory Conti College of Computing Georgia Institute of.
Chapter 1: Applying Computer Basics – Lesson 1 © 2010, 2006 South-Western, Cengage Learning.
CHAPTER 7 THE INTERNET AND INTRANETS 1/11. What is the Internet? 2/11 Large computer network ARPANET (Dept of Defense) It is international and growing.
Security fundamentals Topic 9 Securing internet messaging.
Today: Student will be able to describe the basics of their class and computing Tell me about you and how you use computers. Lesson 1 Slide 1.
Louisiana Tech Capstone Submitted by Capstone 2010 Cyber Security Situational Awareness System.
Real Time and Forensic Network Data Analysis Using Animated Combined Visualizations Sven Krasser Gregory Conti Julian Grizzard Jeff Gribschaw Henry Owen.
Understand Malware LESSON Security Fundamentals.
Slammer Worm By : Varsha Gupta.P 08QR1A1216.
1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.
@Yuan Xue Worm Attack Yuan Xue Fall 2012.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Instructor Materials Chapter 7 Network Security
HTTP and Abstraction on the Internet
Information Security Session October 24, 2005
Internet Worm propagation
Introduction to computers
Bethesda Cybersecurity Club
Presentation transcript:

Countering Denial of Information Attacks with Network Visualization Gregory Conti

Disclaimer The views expressed in this presentation are those of the author and do not reflect the official policy or position of the United States Military Academy, the Department of the Army, the Department of Defense or the U.S. Government. image:

Denial of Information Attacks: Intentional Attacks that overwhelm the human or otherwise alter their decision making

The Problem of Information Growth The surface WWW contains ~170TB (17xLOC) IM generates five billion messages a day (750GB), or 274 terabytes a year. generates about 400,000 TB/year. P2P file exchange on the Internet is growing rapidly. The largest files exchanged are video files larger than 100 MB, but the most frequently exchanged files contain music (MP3 files).

Applying the Model & Taxonomy…

Defense Taxonomy (Big Picture) Microsoft, AOL, Earthlink and Yahoo file 6 antispam lawsuits (Mar 04) Federal Can Spam Legislation (Jan 04) California Business and Professions Code, prohibits the sending of unsolicited commercial (September 98) First Spam Conference (Jan 03)

Defense Taxonomy (Big Picture) Microsoft, AOL, Earthlink and Yahoo file 6 antispam lawsuits (Mar 04) Federal Can Spam Legislation (Jan 04) California Business and Professions Code, prohibits the sending of unsolicited commercial (September 98) First Spam Conference (Jan 03)

Human Consumer Human Producer Communication Channel Consumer Node RAM Hard Drive CPU Producer Node STM LTM Cognition Consumer Producer RAM Hard Drive CPU STM LTM Cognition Vision Hearing Speech Motor Vision Hearing Speech Motor System Model

Human Consumer Human Producer Communication Channel Consumer Node RAM Hard Drive CPU Producer Node STM LTM Cognition Consumer Producer RAM Hard Drive CPU STM LTM Cognition Vision Hearing Speech Motor Vision Hearing Speech Motor very small text exploit round off algorithm trigger many alerts Example DoI Attacks misleading advertisements spoof browser

Human Consumer Human Producer Communication Channel Consumer Node RAM Hard Drive CPU Producer Node STM LTM Cognition Consumer Producer RAM Hard Drive CPU STM LTM Cognition Vision Hearing Speech Motor Vision Hearing Speech Motor TCP Damping Usable Security Eliza Spam Responder Decompression Bombs Example DoI Defenses Computational Puzzle Solving

Orient Observe Act Decide Scan Subject Line Spam Delete Confirm Deletion Successful Not Spam No Observation No Action Overhead Number of x Time to Decide Overhead Number of Spam x Time to Delete Overhead Number of Spam x Time to Observe Total Overhead = (Number of Spam x (Time to Delete + Time to Observe))+(Number of X (Time to Decide + Time to Scan)) Overhead Number of x Time to Scan

For more information… G. Conti and M. Ahamad; "A Taxonomy and Framework for Countering Denial of Information Attacks;" IEEE Security and Privacy. (to be published) me…

DoI Countermeasures in the Network Security Domain

information visualization is the use of interactive, sensory representations, typically visual, of abstract data to reinforce cognition.

rumint v.51

nmap 3 (RH8) NMapWin 3 (XP) SuperScan 3.0 (XP) SuperScan 4.0 (XP) nmap 3 UDP (RH8) nmap 3.5 (XP) scanline 1.01 (XP) nikto 1.32 (XP)

For more information… G. Conti and K. Abdullah; " Passive Visual Fingerprinting of Network Attack Tools;" ACM Conference on Computer and Communications Security's Workshop on Visualization and Data Mining for Computer Security (VizSEC); October Talk PPT Slides see and for the tool G. Conti; "Network Attack Visualization;" DEFCON 12; August Talk PPT Slides --Classical InfoVis Survey PPT Slides --Security InfoVis Survey PPT Slides

Last year at DEFCON First question… How do we attack it?

Malicious Visualizations…

Pokemon

Visual Information Overload (perception)

Attack Fading (memory) Image:

Motion Induced Blindness (perception)

Optical Illusions (perception)

Crying Wolf… (cognitive/motor) Snot vs. Snort

CDX 2003 Dataset X = Time Y = Destination IP Z = Destination Port Labeling Attack (algorithm)

AutoScale Attack/Force User to Zoom (algorithm)

Precision Attack (algorithm)

Occlusion (visualization design)

Jamming (visualization design)

For more information… G. Conti, M. Ahamad and J. Stasko; "Attacking Information Visualization System Usability: Overloading and Deceiving the Human;" Symposium on Usable Privacy and Security (SOUPS); July (submitted, under review) See also for the tool. me…

rumint v 1.15 beta

Network packets over time Bit 0, Bit 1, Bit 2 Length of packet - 1

rumint 1.15 tool overview network monitoring mode (left), clicking the small pane brings up the detailed analysis view for that visualization.

So what do you think…

Visual exploration of binary objects…

Reverse Engineering IDA Pro Dissassembler and Debugger

Textual vs. Visual Exploration

binaryexplorer.exe

visualexplorer.exe (visual studio) calc.exe (unknown compiler) rumint.exe (visual studio) regedit.exe (unkown compiler) Comparing Executable Binaries (1 bit per pixel) mozillafirebird.exe (unknown compiler) cdex.exe (unknown compiler) apache.exe (unknown compiler) ethereal.exe (unknown compiler)

image.bmp image.zipimage.jpg image.pae (encrypted) Comparing Image Files (1 bit per pixel)

pash.mp3 disguises.mp3the.mp3 Comparing mp3 files (1 bit per pixel)

secvis w/Sven Krasser, Julian Grizzard, Jeff Gribschaw and Henry Owen (Georgia Tech)

Overview of Visualization

Overview and Detail

Routine Honeynet Traffic (baseline)

Compromised Honeypot

Slammer Worm

Constant Bitrate UDP Traffic

Port Sweep

System Performance

For more information… S. Krasser, G. Conti, J. Grizzard, J. Gribschaw and H. Owen; "Real-Time and Forensic Network Data Analysis Using Animated and Coordinated Visualization;" IEEE Information Assurance Workshop (IAW); June (submitted) me…

Demos binary exploration rumint 1.15 secvis

Questions? Image: Gregory Conti

Backup Slides

External IP to Internal Port 6 Oct Oct Oct Oct Nov 04 One Week SnapshotsOne Month

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.