LOBSTER: Large Scale Monitoring of Broadband Internet Infrastructure Evangelos Markatos The LOBSTER Consortium Institute.

Slides:



Advertisements
Similar presentations
Outpost Office Firewall Product presentation. What is Outpost Office Firewall? Software firewall solution designed especially to meet small and medium.
Advertisements

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Design Deployment and Use of the DETER Testbed Terry Benzel, Robert Braden, Dongho Kim, Clifford Informatino Sciences Institute
Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.
IT security Are you protected against hackers?. Why are we in danger?  The Internet is worldwide, publicly accessible  More and more companies and institutes.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Kick-off Meeting Athens 05/10/2004 The project ’POMPEI - P2p, location and presence mobile services for managing crisis and disaster situations’
Open Workshop on e-Infrastructures, Helsinki October 4 – 5, 2006 Roadmap Parallel Session on last chapter of e-IRG Roadmap: Crossing the Boundaries of.
Evangelos Markatos, FORTH CyberSecurity Research in Crete Evangelos Markatos Institute of Computer Science.
Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Lecture 11 Intrusion Detection (cont)
Kaspersky Open Space Security: Release 2 World-class security solution for your business.
N. GSU Slide 1 Chapter 04 Cloud Computing Systems N. Xiong Georgia State University.
Hands-On Ethical Hacking and Network Defense Chapter 3 Network and Computer Attacks.
Norman SecureSurf Protect your users when surfing the Internet.
Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Supervised By: Mohammad F. Tolba Mohammad S. Abdel-Wahab.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module E Network Basics.
BotNet Detection Techniques By Shreyas Sali
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Middleware challenges to service providers, the Nordic view TERENA, Ingrid Melve, UNINETT.
“Assuring Reliable and Secure IT Services”. IT Redundancy: Its Value How much reliability to buy? Customer Service impacted as a result of 15 minutes.
WHAT IS VIRUS? NAE GRAND CHALLENGE SECURE CYBERSPACE.
Internet Drivers License CSS411/BIS421 Computing Technology & Public Policy Mark Kochanski Spring 2010.
PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.
Rutger Coolen, TNC 2005 Collaborative network monitoring for NREN’s Use cases for LOBSTER.
Evangelos Markatos, FORTH Network Monitoring for Performance and Security The LOBSTER project Evangelos.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Carleton University School of Computer Science Detecting Intra-enterprise Scanning Worms based on Address Resolution David Whyte, Paul van Oorschot, Evangelos.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.
JEnterprise Suite For Network Monitoring and Security Dr. Sureswaran Ramadass, Dr. Rahmat Budiarto, Mr. Ahmad Manasrah, Mr. M. F. Pasha.
Senior Project Ideas: Blind Communication & Internet Measurements Mehmet H. Gunes.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.
Presented by Spiros Antonatos Distributed Computing Systems Lab Institute of Computer Science FORTH.
1 CERN’s Computer Security Challenges Denise Heagerty CERN Computer Security Officer Openlab Security Workshop, 27 Apr 2004.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
7400 Samsung Confidential & Proprietary Information Copyright 2006, All Rights Reserved. -0/17- OfficeServ 7400 Enterprise IP Solutions Quick Install Guide.
ICS-FORTH 25-Nov Infrastructure for Scalable Services Are we Ready Yet? Angelos Bilas Institute of Computer Science (ICS) Foundation.
Firewall Security.
Information Technology Needs and Trends in the Electric Power Business Mladen Kezunovic Texas A&M University PS ERC Industrial Advisory Board Meeting December.
GRID Overview Internet2 Member Meeting Spring 2003 Sandra Redman Information Technology and Systems Center and Information Technology Research Center National.
Viruses According to Microsoft.com, viruses are “small software programs...that interfere with computer operation” Harm data, spread to others through.
Conficker Update John Crain. What is Conficker? An Internet worm  Malicious code that is self-replicating and distributed over a network A blended threat.
Worm Defense Alexander Chang CS239 – Network Security 05/01/2006.
SPYCE/May’04 coverage: A Cooperative Immunization System for an Untrusting Internet Kostas Anagnostakis University of Pennsylvania Joint work with: Michael.
NetTech Solutions Protecting the Computer Lesson 10.
1 Modeling, Early Detection, and Mitigation of Internet Worm Attacks Cliff C. Zou Assistant professor School of Computer Science University of Central.
IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.
Computer Security Status C5 Meeting, 2 Nov 2001 Denise Heagerty, CERN Computer Security Officer.
Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most.
Volunteer-based Monitoring System Min Gyung Kang KAIST.
Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.
 client  client/server network  communication hardware  extranet  firewall  hacker  Internet  intranet  local area network (LAN)  Network 
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Chapter 1: Explore the Network
Chapter 1: Exploring the Network
Top 5 Open Source Firewall Software for Linux User
EGEE Middleware Activities Overview
Security of Grid Computing Environments
Christos Markou Institute of Nuclear Physics NCSR ‘Demokritos’
Message Digest Cryptographic checksum One-way function Relevance
Faculty of Science IT Department By Raz Dara MA.
Computer Security By: Muhammed Anwar.
Introduction to Internet Worm
Presentation transcript:

LOBSTER: Large Scale Monitoring of Broadband Internet Infrastructure Evangelos Markatos The LOBSTER Consortium Institute of Computer Science (ICS) Foundation for Research and Technology – Hellas (FORTH)

ICS-FORTH LOBSTER – Evangelos Markatos Roadmap of the Talk Motivation Motivation  What is the problem?  Our understanding of the Internet needs to be improved Solution Solution  Better Internet traffic monitoring through the LOBSTER infrastructure How can you participate? How can you participate?

ICS-FORTH LOBSTER – Evangelos Markatos What is the problem? Our understanding of the Internet needs to be improved Our understanding of the Internet needs to be improved  For example We do not know –which applications generate most traffic We suffer –malicious cyberattacks such as viruses and worms, spyware, dos/ddos attacks We witness incidents –of “friendly fire” - Unintentional attacks to major Internet servers What is going on out there? What is going on out there?

ICS-FORTH LOBSTER – Evangelos Markatos Problem I: Security Our understanding of the Internet needs to be improved Our understanding of the Internet needs to be improved  For example We suffer –malicious cyberattacks such as viruses and worms, spyware, dos/ddos attacks We do not know –which applications generate most traffic We witness incidents –of “friendly fire” - Unintentional attacks to major Internet servers What is going on out there? What is going on out there?

ICS-FORTH LOBSTER – Evangelos Markatos Cyberattacks continue to plague our networks Famous worm outbreaks: Famous worm outbreaks:  Summer 2001: CODE RED worm Infected 350,000 computers in 24 hours  January 2003: Sapphire/Slammer worm Infected 75,000 computers in 30 minutes  March 2004: Witty Worm Infected 20,000 computers in 60 minutes

ICS-FORTH LOBSTER – Evangelos Markatos Why do Cyberattacks continue to plague Internet? Defense against worms consists of Defense against worms consists of  Detection (of the worm) It takes several minutes to a few hours (semi-manual)  Identification (i.e. generate an IDS signature or firewall rule) It takes a few hours (manual)  Deployment of signatures to firewalls/IDSs It takes minutes to hours

ICS-FORTH LOBSTER – Evangelos Markatos Why do Cyberattacks continue to plague Internet? II Cyberattack Cyberattack  Detection, identification, response/deployment May take several hours  i.e. cyberattack response is initiated AFTER almost all computers have been infected and AFTER the attack is practically over  Can we start response BEFORE all computers have been infected?

ICS-FORTH LOBSTER – Evangelos Markatos Why do Cyberattacks continue to plague Internet? III Can we start response BEFORE all computers have been infected? Can we start response BEFORE all computers have been infected?  Yes! But we need: Smart Internet traffic monitoring sensors –Capable of detecting new worms Distributed infrastructure of Internet traffic sensors –More sensitive to attacks –pinpoint attacks as soon as they emerge –Spread information about new worms fast

ICS-FORTH LOBSTER – Evangelos Markatos Problem II: traffic accounting Our understanding of the Internet needs to be improved Our understanding of the Internet needs to be improved  For example We suffer –malicious cyberattacks such as viruses and worms, spyware, dos/ddos attacks We do not know –which applications generate most traffic We witness incidents –of “friendly fire” - Unintentional attacks to Root DNSs What is going on out there? What is going on out there?

ICS-FORTH LOBSTER – Evangelos Markatos Who generates all this traffic? 69% of the traffic is unaccounted-for 69% of the traffic is unaccounted-for  Maybe belongs to p2p applications that use dynamic ports  Maybe belongs to media applications  The bottom line is: We don’t know

ICS-FORTH LOBSTER – Evangelos Markatos Problem II: traffic accounting Our understanding of the Internet needs to be improved Our understanding of the Internet needs to be improved  For example We suffer –malicious cyberattacks such as viruses and worms, spyware, dos/ddos attacks We do not know –which applications generate most traffic We witness incidents –of “friendly fire” - Unintentional attacks to major Internet servers What is going on out there? What is going on out there?

ICS-FORTH LOBSTER – Evangelos Markatos “Friendly Fire” on the Internet Win 2K and Win XP computers Win 2K and Win XP computers  Started updating root DNS servers  Created significant load to DNS  Not clear why…

ICS-FORTH LOBSTER – Evangelos Markatos So, what do these all mean? Our understanding of the Internet Our understanding of the Internet  Needs to be improved The gap between The gap between  What we measure/understand, and  What is really going on out there is already large, and is probably getting larger

ICS-FORTH LOBSTER – Evangelos Markatos The GAP The GAP continues to widen with time… The GAP continues to widen with time…

ICS-FORTH LOBSTER – Evangelos Markatos Solution? We need better Internet traffic monitoring We need better Internet traffic monitoring  Faster i.e. to detect worms BEFORE they infect the planet  More accurate i.e. to close the gap between what we measure and what is going on

ICS-FORTH LOBSTER – Evangelos Markatos Solution: Better Internet traffic monitoring A solution should be based on two principles: A solution should be based on two principles:  Distributed Collaboration among traffic monitoring sensors an infrastructure of traffic monitors  State-of-the-art Research In passive network traffic monitoring –The SCAMPI monitoring system

ICS-FORTH LOBSTER – Evangelos Markatos SCAMPI: High-Performance Network traffic Monitoring Passive Network Traffic Monitoring Passive Network Traffic Monitoring  For high-speed networks High-performance programmable High-performance programmable  (FPGA-based) monitoring card Flexible programming environment Flexible programming environment  Monitoring Application Programming Interface (MAPI) Highly effective Highly effective  Intrusion Detection Algorithms, and  System Architectures (IDSes, IPSes)

ICS-FORTH LOBSTER – Evangelos Markatos The LOBSTER infrastructure LOBSTER LOBSTER  A network of passive Internet traffic monitors  which collaborate Exchange information and observations Correlate results

ICS-FORTH LOBSTER – Evangelos Markatos LOBSTER SSA LOBSTER is a LOBSTER is a  Specific Support Action Funded by European Commission Funded by European Commission Two-year project Two-year project  Duration 1/1/05-31/12/06

ICS-FORTH LOBSTER – Evangelos Markatos LOBSTER partners Research Organizations Research Organizations  ICS-FORTH, Greece  Vrije University, The Netherlands  TNO Telecom, The Netherlands NRNs/ISPs, Associations NRNs/ISPs, Associations  CESNET, Czech Republic  UNINETT, Norway  FORTHNET, Greece  TERENA, The Netherlands Industrial Partners Industrial Partners  ALCATEL, France  Endace, UK

ICS-FORTH LOBSTER – Evangelos Markatos Challenging issues I Trust: cooperating sensors may not trust each other Trust: cooperating sensors may not trust each other  Protection of private data  Protection of confidential data  Solution: anonymization Outside users will be able to operate on –Anonymized data

ICS-FORTH LOBSTER – Evangelos Markatos Challenging issues II Need a Common Programming Environment Need a Common Programming Environment  Use DiMAPI (Distributed Monitoring Application Programming Interface)  MAPI developed within the SCAMPI project

ICS-FORTH LOBSTER – Evangelos Markatos Challenging issues III Resilience to attackers: What if intruders penetrate LOBSTER? Resilience to attackers: What if intruders penetrate LOBSTER?  Can they have access to private/confidential data?  NO! Hardware anonymization The level of anonymization can be tuned by system administrators

ICS-FORTH LOBSTER – Evangelos Markatos Potential LOBSTER applications: traffic monitoring Accurate traffic monitoring Accurate traffic monitoring  how much of your bandwidth is going to file sharing applications such as Gnutella?  Which application generates most of the traffic?

ICS-FORTH LOBSTER – Evangelos Markatos Potential LOBSTER applications: Early-warning systems Automatic Detection of New worms Automatic Detection of New worms Contributes to early-warning System Contributes to early-warning System  Detect worms within minutes  i.e. before they manage to spread Facilitates early response to worms Facilitates early response to worms  Before they infect all computers

ICS-FORTH LOBSTER – Evangelos Markatos Potential LOBSTER applications: GRIDs GRID Performance debugging GRID Performance debugging  GRID-enabled applications access: Remote data Remote resources (e.g. sensors, instruments) Remote computing power  How can you figure out what is the problem if the application is slow? The local LAN? the WAN? The remote LAN? The local computer? The remote server? A middleware server?

ICS-FORTH LOBSTER – Evangelos Markatos Who can benefit from LOBSTER? NRNs/ISPs NRNs/ISPs  Better Internet traffic monitoring of their networks  Better understanding of their interactions with other NRNs/ISPs Security Researchers Security Researchers  Access to anonymized data  Access to anonymized testbed Study trends and validate theories about cybersecurity Network/Security Administrators Network/Security Administrators  Access to a traffic monitoring Infrastructure  Access to early-warning systems  Access to software and tools

ICS-FORTH LOBSTER – Evangelos Markatos How can you get involved Join our list Join our list   to Subject: subscribe Join the infrastructure Join the infrastructure  expected to be operational on late 2005

ICS-FORTH LOBSTER – Evangelos Markatos Summary Our understanding of the Internet Our understanding of the Internet  needs to be improved LOBSTER will provide better monitoring LOBSTER will provide better monitoring  based on A network of passive monitoring sensors, and State-of-the-art SCAMPI research  and by providing Trusted co-operation in an un-trusted world Common programming platform Resilience to attackers Join us! Join us!

LOBSTER: Large Scale Monitoring of Broadband Internet Infrastructure Evangelos Markatos Institute of Computer Science (ICS) Foundation for Research and Technology – Hellas (FORTH)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.