Presentation is loading. Please wait.

Presentation is loading. Please wait.

THE INTERNET MOTION SENSOR: A Distributed Blackhole Monitoring System

Published byArnaldo Mari Modified over 5 years ago

Similar presentations

Presentation on theme: "THE INTERNET MOTION SENSOR: A Distributed Blackhole Monitoring System"— Presentation transcript:

1 THE INTERNET MOTION SENSOR: A Distributed Blackhole Monitoring System
Presented by: Bruce Meeks, Jr. Authors: Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, and David Watson Publisher: Electrical Engineering and Computer Science Department, University of Michigan

2 INTRODUCTION AND MOTIVATION
National Infrastructure of global networks vulnerable to rapidly growing internet threats Amongst them, fast moving worms, distributed denial of service attacks, and routing exploits

3 INTRODUCTION AND MOTIVATION
Threats’ share several key components: 1) globally scoped 2) occasional zero-day threats 3) evolutionary characteristic 4) many are exceptionally virulent

4 AUTHORS’ PROPOSED METHODS FOR MONITORING AND ANALYSIS
One promising method for investigating these threats is monitoring unused or dark address space Two key design challenges necessary to incorporate this monitoring infrastructure:

5 SENSOR COVERAGE The visibility of the system into Internet threats
One method to increase visibility is to monitor larger blocks of address space

6 SERVICE EMULATION Difficult to emulate realistic Internet services because the IMS doesn’t interact with live hosts An ideal system would reproduce all current and future services with exactly the same behaviors as all possible end-hosts.

7 MAIN CONTRIBUTIONS The design and implementation of a distributed, globally scoped, Internet threat monitoring system - IMS architecture The deployment and demonstration of the IMS on production networks - Current deployment and observations

8 INTERNET MOTION SENSOR ARCHITECURE
Offers Three Novel Contributions: Distributed Monitoring Infrastruture 2) Lightweight Active Reponder 3) Payload Signatures and Caching

9 INTERNET MOTION SENSOR ARCHITECURE 1st Novel Contribution
Distributed Monitoring Infrastructure - Distributed deployment to increase visibility

10 INTERNET MOTION SENSOR ARCHITECURE 2nd Novel Contribution
Lightweight Active Responder - Characterize threats on emerging ports and services - Essentially a honeypot (low responsive)

11 INTERNET MOTION SENSOR ARCHITECURE 2nd Novel Contribution
Light Weight Active Responder

12 INTERNET MOTION SENSOR ARCHITECURE 3rd Novel Contribution
Payload Signatures and Caching Only stores new payloads Storage conservation Identifies new payloads ** Note: Goal of IMS is to measure, characterize, and track a broad range of Internet threats **

13 Deployment Observations and Experiences
Three events captured using IMS deployment: Internet Worm activity Scanning 3) DDoS

14 Weaknesses of Paper Next step of counteraction after detection ?
Why should this method of monitoring and analyzing be superior to others? Provides little to no information on defending against threats that depend on application level responses.

Download ppt "THE INTERNET MOTION SENSOR: A Distributed Blackhole Monitoring System"

Similar presentations

Tanmoy Sarkar, Johnny Wong, Samik Basu Response to Collaborative Attacks Against Network Vulnerability Iowa State University, Department Of Computer Science.

Tanmoy Sarkar, Johnny Wong, Samik Basu Response to Collaborative Attacks Against Network Vulnerability Iowa State University, Department Of Computer Science.
The Internet Motion Sensor: A Distributed Blackhole Monitoring System Michael Bailey*, Evan Cooke*, Farnam Jahanian* †, Jose Nazario †, David Watson* Presenter:

The Internet Motion Sensor: A Distributed Blackhole Monitoring System Michael Bailey*, Evan Cooke*, Farnam Jahanian* †, Jose Nazario †, David Watson* Presenter:
David Grochocki et al.  Lures Potential attackers  Smartmeters do two way communication  Millions of Meters has to be replaced  Serious damages just.

David Grochocki et al.  Lures Potential attackers  Smartmeters do two way communication  Millions of Meters has to be replaced  Serious damages just.
I would like to thank Louis P. Wilder and Dr. Joseph Trien for the opportunity to work on this project and for their continued support. The Research Alliance.

I would like to thank Louis P. Wilder and Dr. Joseph Trien for the opportunity to work on this project and for their continued support. The Research Alliance.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
- 1 - Data Reduction for the Scalable Automated Analysis of Distributed Darknet Traffic Michael Bailey, Evan Cooke, David Watson and Farnam Jahanian University.

- 1 - Data Reduction for the Scalable Automated Analysis of Distributed Darknet Traffic Michael Bailey, Evan Cooke, David Watson and Farnam Jahanian University.
Questions on “Data Reduction for the Scalable Automated Analysis of Distributed Darknet Traffic” Yao Zhao.

Questions on “Data Reduction for the Scalable Automated Analysis of Distributed Darknet Traffic” Yao Zhao.
T H E O H I O S T A T E U N I V E R S I T Y Computer Science and Engineering Current Calendar Calendar Index Upcoming Speakers About... Artificial Intelligence.

T H E O H I O S T A T E U N I V E R S I T Y Computer Science and Engineering Current Calendar Calendar Index Upcoming Speakers About... Artificial Intelligence.
Modeling/Detecting the Spread of Active Worms Lixin Gao Dept. Of Electrical & Computer Engineering Univ. of Massachusetts

Modeling/Detecting the Spread of Active Worms Lixin Gao Dept. Of Electrical & Computer Engineering Univ. of Massachusetts
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
1 Integrating a Network IDS into an Open Source Cloud Computing Environment 1st International Workshop on Security and Performance in Emerging Distributed.

1 Integrating a Network IDS into an Open Source Cloud Computing Environment 1st International Workshop on Security and Performance in Emerging Distributed.
Introduction to Honeypot, Botnet, and Security Measurement

Introduction to Honeypot, Botnet, and Security Measurement
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.

Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.
Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
Enhancing the Security of Corporate Wi-Fi Networks using DAIR PRESENTED BY SRAVANI KAMBAM 1.

Enhancing the Security of Corporate Wi-Fi Networks using DAIR PRESENTED BY SRAVANI KAMBAM 1.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
Authors:Jon Oberheide, Kaushik Veeraraghavan, Evan Cooke, Jason Flinn, Farnam Jahanian Electrical Engineering and Electrical Engineering and Computer Science.

Authors:Jon Oberheide, Kaushik Veeraraghavan, Evan Cooke, Jason Flinn, Farnam Jahanian Electrical Engineering and Electrical Engineering and Computer Science.

Similar presentations

Ads by Google