Presentation is loading. Please wait.

Presentation is loading. Please wait.

Loading. ######################################################## # Welcome ! # # # We are the # # Internet Defense Council.

Published byJamar Salazar Modified over 9 years ago

Similar presentations

Presentation on theme: "Loading. ######################################################## # Welcome ! # # # We are the # # Internet Defense Council."— Presentation transcript:

1 I.D.C.@Glenn-bash-3.2:./Welcome Loading. ######################################################## # Welcome ! # # # We are the # # Internet Defense Council # # Jared McCollum, Aidan Globus, Isaac Luther, and Pranav Shankar # # ######################################################## Loading Presentation.ppt..

2 Ohio Supercomputer Center SI 2012 GROUP MEMBERS: Jared McCollum Isaac Luther Pranav Shankar Aidan Globus MENTORS: Dr. Prasad Calyam Arun Selvadhurai Dr. Marcio Faerman

3 Our Organization  Internet Defense Council  Network Security Firm  Intrusion Detection and Litigation

4 Overview: Thunderbolt Games  Client: Thunderbolt Games  User passwords and credit card information hi-jacked  Suspect: AccordionSoft, rival game company

5 Hackers: Who are they? Hackers are people who attack computers or intercept data from servers for malicious purposes Why?  Financial Gain  Blackmail  Vengeance

6 SSL-Authentication Attack  “Man-in-the-Middle” Attack  Hacker hijacks User Data  Bypasses nearly all site security

7 Ping Flood  Often from many computers  Ping used for testing latency  Huge amounts of pinging can slow a server and make it unusable

8 Buffer Overflow  Buffer is the window of space allotted for use in a computer  Hackers use viruses to use more memory than the buffer can handle  Often causes computer or server to crash

9 SQL-Injection  Executes malicious code with purposeful errors  Allows access into the computer’s or server’s databases

10 Network Security Tools  Wireshark - monitors all information entering and leaving the computer  Snort - detects intrusions into the system and logs them for further examination on servers AND networks http://www.wireshark.org/ http://www.snort.org/

11 Network Security Tools (cont.)  Perl - programming language used for web development and interfacing with servers, files and databases  MySQL - engine used for managing databases on a server or computer

12

13 Goals  Generate attack log identical to real log file  Randomly select IP address from list  Randomly select network protocol  Randomly generate timestamps in chronological order

14

15 Select corresponding country Select attack type from uneven distribution based on country Randomly select a protocol Generate frequency, fluctuating differently depending on location Calculate threat level from frequency and attack type Print out to file Select an IP address

16 Timestamp Attack Type Protocol Source IP Destination IP Country Originated From Threat Level Frequency

17

18

19 Parsing the Attack Log: Goals  Compile the attack log into an organized list  Calculate “Danger Level” of each entry  Calculate the Threshold level  Compile threats into a table  Import tables into MySQL

20 Plan Load log file into our Perl code Organize anomalies into a list Modify Danger Level based upon certain parameters Organize data into table Upload table to MySQL database

21 Part 1 Gather data from log file Parse Data Put data into array Display array in proper form IP Address Type of Attack Danger Level

22 Explanation of the Danger Level Wanted Danger Level to represent frequency, time, and logged Threat Level Danger Level = Allowed us to represent all “Danger” factors in one variable ((Frequency/Time) + Threat Level) 2

23 Part 2 1.Gather data from log file 2.Parse Data with Threshold 5.Display array in proper form 2.5Get IP’s and look for repeats 3.Apply algorithm to remove false alarms 4.Put data into array 6.Upload forms to database

24 Explanation of the Threshold Average Danger Level Standard Deviation Confidence Interval Wanted to capture all entries that were above the average Danger Level Used a confidence interval Interval gave a range for the mean Upper limit of the interval became our threshold

25 Output of our Code: We imported certain data from the log file to MySQL and into this table Listed IP, Type, and Danger Level IP addresses differed among the processes Contained 4 Types of attacks; SQL Injection, Buffer Overflow, SSL Authorization, and Ping Overflow

26 Output of our Code: We listed the anomalies in the attack log These entries all had a Danger Level that was more than our Threshold We registered 170 anomalies/threats to the system We tracked through a series of CPU’s being used as botnets to find the IP address of the controller

27 June 8 th Legend: = SSL Authentication = Ping Flood = Buffer Overflow = SQL Injection We traced the source IP addresses of the attacks to certain locations. We will now show you a demonstration illustrating where the attacks came from:

28 Map of all Attacks Throughout the 5 Days Legend: = SSL Authentication = Ping Flood = Buffer Overflow = SQL Injection

29 Successful project outcomes Learned how to program in Perl Learned how to use MySQL Learned about general network security and forensics Excellent communication

30 Special Thanks to…  Dr. Prasad Calyam  Renea Colopy  Dr. Marcio Faerman  Arun Selvadhurai  Dr. Alan Chalker  Liz Hudak  Liz Stong  Dr. Ben Smith  Zarius Shroff

31 Thank you for your attention!

Download ppt "Loading. ######################################################## # Welcome ! # # # We are the # # Internet Defense Council."

Similar presentations

Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.

Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.

Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.
Cyber X-Force-SMS alert system for E-mail threats.

Cyber X-Force-SMS alert system for threats.
Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.

Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.

WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.

Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.

Similar presentations

Ads by Google