Presentation is loading. Please wait.

Presentation is loading. Please wait.

Defense Questions # of correlated attacks: under-estimated or over-estimated? Conservative estimation –Average across all the three dataset? Dataset w/

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Defense Questions # of correlated attacks: under-estimated or over-estimated? Conservative estimation –Average across all the three dataset? Dataset w/"— Presentation transcript:

1 Defense Questions # of correlated attacks: under-estimated or over-estimated? Conservative estimation –Average across all the three dataset? Dataset w/ 40 IDSs hard to see correlated attacks ! Over estimation –How are the IDS deployed? For DShield data, 1657 IDSs in less than 1657 class C networks ! Multiple IDSs from the same network ?

2 Defense Questions II Time between correlated attacks. Isn’t 10 min the threshold for defining DoS attacks? Definition on correlated attacks: same src IP + interval < 10 mins. –How about DoS attacks w/ spoofed IP? Why is there no difference in Fig. 9? –Hard to send spoofed packets nowadays ? »Egress filters enabled by ISP –The attack type distribution info will be helpful.

3 Defense Questions III Persistent correlated IDSs, but attackers keep changing ! How to get the target list in advance ? Shared with different attackers !

4 Defense Questions IV How effective is the CBC ? Attackers can fool this by periodically changing the attack group. Can be effective for host-based IDS, but hard to apply for router/gateway based IDS b/c there are various types of services in the network monitored by the IDS –It ends up in every group !

Download ppt "Defense Questions # of correlated attacks: under-estimated or over-estimated? Conservative estimation –Average across all the three dataset? Dataset w/"

Similar presentations

Why Is DDoS Hard to Solve? 1.A simple form of attack 2.Designed to prey on the Internet’s strengths 3.Easy availability of attack machines 4.Attack can.

Why Is DDoS Hard to Solve? 1.A simple form of attack 2.Designed to prey on the Internet’s strengths 3.Easy availability of attack machines 4.Attack can.
TRUE Blind ip spoofed portscanning Thomas Olofsson C.T.O Defcom.

TRUE Blind ip spoofed portscanning Thomas Olofsson C.T.O Defcom.
Detectability of Traffic Anomalies in Two Adjacent Networks Augustin Soule, Haakon Ringberg, Fernando Silveira, Jennifer Rexford, Christophe Diot.

Detectability of Traffic Anomalies in Two Adjacent Networks Augustin Soule, Haakon Ringberg, Fernando Silveira, Jennifer Rexford, Christophe Diot.
Distributed Intrusion Detection Mamata Desai (99305903) M.Tech.,CSE dept, IIT Bombay.

Distributed Intrusion Detection Mamata Desai ( ) M.Tech.,CSE dept, IIT Bombay.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.
Stealth Network Strategies: Offensive and Defensive Mark Loveless RAZOR Security BindView Corporation.

Stealth Network Strategies: Offensive and Defensive Mark Loveless RAZOR Security BindView Corporation.
Cyber Security Discussion Craig D’Abreo – VP Security Operations.

Cyber Security Discussion Craig D’Abreo – VP Security Operations.
Agent Caching in APHIDS CPSC 527 Computer Communication Protocols Project Presentation Presented By: Jake Wires and Abhishek Gupta.

Agent Caching in APHIDS CPSC 527 Computer Communication Protocols Project Presentation Presented By: Jake Wires and Abhishek Gupta.
Detecting Traffic Differentiation in Backbone ISPs with NetPolice Ying Zhang Zhuoqing Morley Mao Ming Zhang.

Detecting Traffic Differentiation in Backbone ISPs with NetPolice Ying Zhang Zhuoqing Morley Mao Ming Zhang.
Inferring Internet Denial-of- Service Activity David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, Stefan Savage Presented by Thangam.

Inferring Internet Denial-of- Service Activity David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, Stefan Savage Presented by Thangam.
Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.

Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.
Internet Intrusions: Global Characteristics and Prevalence Presented By: Elliot Parsons Using slides from Vinod Yegneswaran’s presentation at SIGMETRICS.

Internet Intrusions: Global Characteristics and Prevalence Presented By: Elliot Parsons Using slides from Vinod Yegneswaran’s presentation at SIGMETRICS.
Intrusion Detection/Prevention Systems. Objectives and Deliverable Understand the concept of IDS/IPS and the two major categorizations: by features/models,

Intrusion Detection/Prevention Systems. Objectives and Deliverable Understand the concept of IDS/IPS and the two major categorizations: by features/models,
1 Controlling High Bandwidth Aggregates in the Network.

1 Controlling High Bandwidth Aggregates in the Network.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric (07016080)

DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric ( )
Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.

Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.
I.1 ii.2 iii.3 iv.4 1+1=. i.1 ii.2 iii.3 iv.4 1+1=

I.1 ii.2 iii.3 iv.4 1+1=. i.1 ii.2 iii.3 iv.4 1+1=

Similar presentations

Ads by Google