Presentation is loading. Please wait.

Presentation is loading. Please wait.

DETECTING A CYBER-ATTACK SOURCE IN REAL TIME R. Romanyak 1), A. Sachenko 1), S. Voznyak 1), G. Connolly 2), G. Markowsky 2) 1) Ternopil Academy of National.

Published byHalle Sherin Modified over 10 years ago

Similar presentations

Presentation on theme: "DETECTING A CYBER-ATTACK SOURCE IN REAL TIME R. Romanyak 1), A. Sachenko 1), S. Voznyak 1), G. Connolly 2), G. Markowsky 2) 1) Ternopil Academy of National."— Presentation transcript:

1 DETECTING A CYBER-ATTACK SOURCE IN REAL TIME R. Romanyak 1), A. Sachenko 1), S. Voznyak 1), G. Connolly 2), G. Markowsky 2) 1) Ternopil Academy of National Economy 2) Department of Computer Science, U. of Maine

2 The Web Neighborhood Watch Project This project seeks to identify websites belonging to dangerous people such as terrorists In addition to the artificial intelligence components, there is a need for locating the website in physical space At last year's conference, work was presented on using the distributed traceroute approach to help locate computers physically

3 Not only is locating computers physically important for the Web Neighborhood Watch Project, but for dealing with cyber- attacks in general Current methods for tracking Internet- based attacks are primitive. It is almost impossible to trace sophisticated attacks using current tools. Locating Computers in Physical Space

4 Intruders Attack Sophistication and Intruder Technical Knowledge High Low 1980198619921998 2004 Intruder Knowledge Attack Sophistication Cross site scripting password guessing self-replicating code password cracking exploiting known vulnerabilities disabling audits back doors hijacking sessions sweepers sniffers packet spoofing GUI automated probes/scans denial of service www attacks Tools stealth / advanced scanning techniques burglaries network mgmt. diagnostics distributed attack tools Staged Auto Coordinated

5 Techniques for Physically Locating Computers Whois Traceroute Distributed Traceroute Time Delay Method (new)

6 Whois Limitations Whois contains information about top-level domains only Distributed databases are not always connected

7 Traceroute Limitations It does not take advantage of the fact that there typically exist several different paths to the target computer Executing a single trace from a single location tends to produce results that are geographically insufficient

8 Distributed Traceroute Limitations The results are not always as accurate as one would want This approach cannot be applied when the attacker uses intermediate hosts with software redirectors to make a cyber-attack

9 Time Delay Method (new) Based on the concept that the most recent computer from which the attack was received was either: – a) The actual attacking computer – b) An intermediate host being used with redirection software Choosing between a) and b) is based on comparing the time delay between the attacking computer (AC) and the victim computer (VC) to the most recent time delay

10 A Cyber-attack using Redirectors T total = t 1 + t 2 + t 3 +…+t n + t n+1, t i - the time delay of the i-th link Attacking Computer Redirector 1 t1t1 t2t2 t3t3 tntn t n+1 Redirector 2 … Redirector n Victim Computer

11 Experimental Results The following servers were used: –TANE (Ternopil Academy of the National Economy, Ukraine, 217.196.166.105) –Kiel University (Germany, 134.245.52.122) –HTTL (Home To good service and Technology Ltd, London, England, 217.34.204.1)

12 Direct connection

13 Time Delays From HTTL to TANE

14 Time Delays from TANE to HTTL

15 Connection using redirector

16 Time Delays from HTTL to TANE using Kiel-redirector

17 Conclusion The Time Delay Method has the ability to locate a remote computer in real time based on delays in IP packet travel The Time Delay Method can also be used to analyze the nature of the links involved in the attack chain

18 Contact Information Roman Romanyak: rrm@tanet.edu.te.uarrm@tanet.edu.te.ua Anatoly Sachenko: as@tanet.edu.te.uaas@tanet.edu.te.ua Serhiy Voznyak: sv@tanet.edu.te.uasv@tanet.edu.te.ua Gene Connolly: gene@einakabob.comgene@einakabob.com George Markowsky: markov@umcs.maine.edumarkov@umcs.maine.edu

Download ppt "DETECTING A CYBER-ATTACK SOURCE IN REAL TIME R. Romanyak 1), A. Sachenko 1), S. Voznyak 1), G. Connolly 2), G. Markowsky 2) 1) Ternopil Academy of National."

Similar presentations

Module X Session Hijacking

Module X Session Hijacking
High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.

High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.
DDoS A look back from 2003 Dave Dittrich The Information School / Computing & Communications University of Washington I2 DDoS Workshop - August 6/7 2003.

DDoS A look back from 2003 Dave Dittrich The Information School / Computing & Communications University of Washington I2 DDoS Workshop - August 6/
Lesson 3-Hacker Techniques

Lesson 3-Hacker Techniques
CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 SEI is sponsored by the U.S. Department of Defense ©

CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA SEI is sponsored by the U.S. Department of Defense ©
1`1 Hacking and Information Warfare. 2 Overview Information Warriors  Who Are They  What Do They Do Types of Threat PsyOps Civil Affairs Electronic.

1`1 Hacking and Information Warfare. 2 Overview Information Warriors  Who Are They  What Do They Do Types of Threat PsyOps Civil Affairs Electronic.
1  Carnegie Mellon University System Security and U. Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213.

1  Carnegie Mellon University System Security and U. Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh, PA
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Increasing customer value through effective security risk management

Increasing customer value through effective security risk management
Legal and Ethical Issues in Computer Security

Legal and Ethical Issues in Computer Security
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Or, How to Spend Your Weekends… Fall 2007 Agenda General Overview of the CISO Arena Technical Security Information Security Strategic Security Kirk Bailey.

Or, How to Spend Your Weekends… Fall 2007 Agenda General Overview of the CISO Arena Technical Security Information Security Strategic Security Kirk Bailey.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
DDos Distributed Denial of Service Attacks by Mark Schuchter.

DDos Distributed Denial of Service Attacks by Mark Schuchter.
1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management.

1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Similar presentations

Ads by Google