TOWARDS A FLEXIBLE DATA PROCESSING AND REPORTING STRUCTURE FOR PACKET CAPTURE FILES V 3.0.

Slides:

Advertisements

Similar presentations

Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.

Advertisements

IPv6 Background Radiation Geoff Huston APNIC R&D.

A flexible data processing and reporting system for packet capture files Ignus van Zyl (Iggy) Overlord Supervisor: Barry Irwin.

Capture Packets using Wireshark. Introduction Wireshark – – Packet analysis software – Open source.

Inferring Internet Denial-of- Service Activity David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, Stefan Savage Presented by Thangam.

 Firewalls and Application Level Gateways (ALGs)  Usually configured to protect from at least two types of attack ▪ Control sites which local users.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

Embracing the chaos mark lorenc

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Copyright © 2002 Pearson Education, Inc. Slide 3-1 PERTEMUAN 5.

Network Analyzer Example

Measurement and Diagnosis of Address Misconfigured P2P traffic Zhichun Li, Anup Goyal, Yan Chen and Aleksandar Kuzmanovic Lab for Internet and Security.

Inferring Internet Denial-of- Service Activity David Moore, Geoffrey M Voelker, Stefan Savage Presented by Yuemin Yu – CS290F – Winter 2005.

Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.

Lecture 15 Denial of Service Attacks

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Security in IP telephony (VoIP) David Andersson Erik Martinsson.

2009/9/151 Rishi : Identify Bot Contaminated Hosts By IRC Nickname Evaluation Reporter : Fong-Ruei, Li Machine Learning and Bioinformatics Lab In Proceedings.

Towards Extending the Antivirus Capability to Scan Network Traffic Mohammed I. Al-Saleh Jordan University of Science and Technology.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Network Layer Network Fundamentals – Chapter 5.

PROJECT IN COMPUTER SECURITY MONITORING BOTNETS FROM WITHIN FINAL PRESENTATION – SPRING 2012 Students: Shir Degani, Yuval Degani Supervisor: Amichai Shulman.

IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.

1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

DNS POISONING + CENSORSHIP LAB DUSTIN VANDENBERG, VIPUL AGARWAL, LIANG ZHAO 1.

Power Projection Systems Department Zombie Scan Judy Novak Vern Stark David Heinbuch June 12, 2002.

SANE: A Protection Architecture for Enterprise Networks

Bob Baker Open Systems Interconnection OSI Reference model –Layer 7 application –Layer 6 presentation –Layer 5 session –Layer 4 transport –Layer 3 network.

2012 4th International Conference on Cyber Conflict C. Czosseck, R. Ottis, K. Ziolkowski (Eds.) 2012 © NATO CCD COE Publications, Tallinn 朱祐呈.

--Harish Reddy Vemula Distributed Denial of Service.

NetFlow: Digging Flows Out of the Traffic Evandro de Souza ESnet ESnet Site Coordinating Committee Meeting Columbus/OH – July/2004.

Mitsubishi Research Institute, Inc Analyses on Distribution of Malicious Packets and Threats over the Internet August 27-31, 2007 APAN Network Research.

MonNet – a project for network and traffic monitoring Detection of malicious Traffic on Backbone Links via Packet Header Analysis Wolfgang John and Tomas.

Class 2 Agenda Networking Basics Networking Basics Nestle Case Nestle Case Text Chapter Review Text Chapter Review.

The UCSD Network Telescope A Real-time Monitoring System for Tracking Internet Attacks Stefan Savage David Moore, Geoff Voelker, and Colleen Shannon Department.

Heuristics to Classify Internet Backbone Traffic based on Connection Patterns Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering.

Verified Network Configuration. Verinec Goals Device independent network configuration Automated testing of configuration Automated distribution of configuration.

Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.

Attack signatures derived from Metasploit Final Presentation E. Ramirez A. Zoghbi

Chapter 2 The Internet Underlying Architecture. How the DNS works? DNS: Domain Name System Visiting a website: - Write the address - IP will use the address.

Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.

An Internet-Wide View of Internet-Wide Scanning.  Scanning  IPv4  Horizontal scanning – individual ports  Network telescope - darknet What is internet.

Network Sniffer Anuj Shah Advisor: Dr. Chung-E Wang Department of Computer Science.

CCDA DESCRIBE THE METHODOLOGY USED TO DESIGN A NETWORK.

Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF

Bradley Cowie Supervised by Barry Irwin Security and Networks Research Group Department of Computer Science Rhodes University DATA CLASSIFICATION FOR CLASSIFIER.

1. Layered Architecture of Communication Networks: TCP/IP Model

Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.

1 Virtual Dark IP for Internet Threat Detection Akihiro Shimoda & Shigeki Goto Waseda University

Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.

Routing Information Protocol

1 Modeling and Measuring Botnets David Dagon, Wenke Lee Georgia Institute of Technology Cliff C. Zou Univ. of Central Florida Funded by NSF CyberTrust.

1 CURELAN TECHNOLOGY Co., LTD Flowviewer FM-800A CURELAN TECHNOLOGY Co., LTD

Characteristics of Internet Background Radiation ACM Internet Measurement Conference (IMC), 2004 Authors: Ruoming Pang, Vinod Yegneswaran, Paul Barford,

INTERCONNECTING CISCO NETWORKING DEVICES PART 1.

IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.

Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.

Linux Firewall Iptables.

Network Address Translation Sandip Chakraborty. NAT PRIVATE NETWORK PUBLIC NETWORK IP: Port: 8123 IP: Port: 9678 IP:

Snort – IDS / IPS.

By: Samuel Oswald Hunter Supervisor: Mr Barry Irwin

Characteristics of Internet Background Radiation

Due: a start of class Oct 26

Impact of Packet Sampling on Anomaly Detection Metrics

Packet Switching To improve the efficiency of transferring information over a shared communication line, messages are divided into fixed-sized, numbered.

Setting Up Firewall using Netfilter and Iptables

Network Analyzer :- Introduction to Wireshark

Network Analyzer :- Introduction to Wireshark

Leveraging Textual Specifications for Grammar-based Fuzzing of Network Protocols Samuel Jero, Maria Leonor Pacheco, Dan Goldwasser, Cristina Nita-Rotaru.

Applied Information Technology 2016 Rhys greaney

Presentation transcript:

TOWARDS A FLEXIBLE DATA PROCESSING AND REPORTING STRUCTURE FOR PACKET CAPTURE FILES V 3.0

BASIC CONCEPTS Internet background radiation Network telescopes Datasets David promises to elaborate on these further

GENERATED REPORTS Two reports generated General report Drill-down report Breakdown of activity in dataset Relevant identifiers

WHAT HAS BEEN ACHIEVED Reporting framework that outlines the packet results for a pcap file by month and total dataset Secondary report generation that allows drill-down of results Identification and analysis of malicious packets and attacks captured by darknets

SYSTEM

CASE STUDIES Have selected some of the results from the project to show its capabilities All of the data sampled from the aforementioned datasets

EXAMPLE OUTPUT OF REPORT Source IP addressNumber of packets received Percentage of total packets

SOME GREAT ANALYSIS RESULTS Reflected DNS amplification attack DDoS backscatter Changing trends in darknets

DNS AMPLIFICATION ATTACK

DDOS

DARKNET ACTIVITY

SSH SCANNING ACTIVITY

12/1301/14 Destination port Number of packets received Percentage of total packets Destination port Number of packets received Percentage of total packets Table comparing top 5 TCP destination ports of 146 dataset across two months

FUTURE DEVELOPMENT Have real-time version of reporting structure Automatically generate relevant text in document Give document ability to decide whether drill-down report necessary

QUESTIONS?