Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Framework for Packe Trace Manipulation Christian Kreibich.

Published byPhyllis Whitney Houston Modified over 9 years ago

Similar presentations

Presentation on theme: "A Framework for Packe Trace Manipulation Christian Kreibich."— Presentation transcript:

1 christian.kreibich@cl.cam.ac.uk A Framework for Packe Trace Manipulation Christian Kreibich

2 Motivation  Say you need to solve a problem that involves manipulating network traffic:  complex filtering (e.g. data analysis)  fine-grained editing (e.g. header field bitflips)  large-scale editing (e.g. anonymization)  visualization (e.g. behavioural analysis)  What do you do?

3 Motivation II  Try to find a tool that does it  where?  does it build?  maintained?  If so, lucky you!

4 Motivation II  Try to find a tool that does it  where?  does it build?  maintained?  If so, lucky you!  Mhmm... write your own... again.  Okay, pcap.  Now you typically need infrastructure:  data types  conn. state tracking  protocol header lookup  Lots of duplicated effort  Cut’n’paste sucks

5 Motivation III  Ewww.

6 Introducing...  Netdude — NETwork DUmp Data Editor  Framework for packet inspection and manipulation  Multiple usage paradigms: GUI + command line  Scalable to arbitrary trace sizes  Reusable at all levels  Extensible

7 Architecture

8

9

10

11

12 Experience  Fine-grained header field modifications:  M. Handley, C. Kreibich, V. Paxson: Network Intrusion Detection: Evasion, Traffic Normalization, end End-to-End Protocol Semantics, 9th USENIX Security Symposium, 2001.  Large-scale filtering and reassembly:  A. Moore, J. Hall, C. Kreibich, E. Harris, I. Pratt: Architecture of a Network Monitor, Passive and Active Measurement Workshop, 2003  Fine-grained payload editing:  C. Kreibich, J. Crowcroft: Honeycomb - Creating Intrusion Detection Signatures Using Honeypots, HotNets II, 2003

13 Future Work  hehe

14 Don’t get me wrong... I

15 Summary  System detects patterns in network traffic  Using honeypots, the system can create useful signatures  Good at worm detection  Todo list  Ability to control LCS algorithm (whitelisting?)  Tests with higher traffic volume  Experiment with approximate matching  Better signature reporting scheme

16 Thanks!  Shoutouts to all contributors!  Debian packagers needed...  Questions?

Download ppt "A Framework for Packe Trace Manipulation Christian Kreibich."

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Bro: A System for Detecting Network Intruders in Real-Time Vern Paxson Lawrence Berkeley National Laboratory,Berkeley, CA A stand-alone system for detecting.

Bro: A System for Detecting Network Intruders in Real-Time Vern Paxson Lawrence Berkeley National Laboratory,Berkeley, CA A stand-alone system for detecting.
Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.

Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.
Tracking the Role of Adversaries in Measuring Unwanted Traffic Mark Allman(ICSI) Paul Barford(Univ. Wisconsin) Balachander Krishnamurthy(AT&T Labs - Research)

Tracking the Role of Adversaries in Measuring Unwanted Traffic Mark Allman(ICSI) Paul Barford(Univ. Wisconsin) Balachander Krishnamurthy(AT&T Labs - Research)
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
Yan Chen Northwestern Lab for Internet and Security Technology (LIST) Dept. of Electrical Engineering and Computer Science Northwestern University

Yan Chen Northwestern Lab for Internet and Security Technology (LIST) Dept. of Electrical Engineering and Computer Science Northwestern University
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Intrusion Detection/Prevention Systems. Objectives and Deliverable Understand the concept of IDS/IPS and the two major categorizations: by features/models,

Intrusion Detection/Prevention Systems. Objectives and Deliverable Understand the concept of IDS/IPS and the two major categorizations: by features/models,
NAV Project Update By: Meghan Allen and Peter McLachlan.

NAV Project Update By: Meghan Allen and Peter McLachlan.
IDS Colloquium 2001John Kristoff - DePaul University1 Intrusion Detection Systems (IDS) John Kristoff +1 312 362-5878 DePaul University.

IDS Colloquium 2001John Kristoff - DePaul University1 Intrusion Detection Systems (IDS) John Kristoff DePaul University.
IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.

IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.
Measurement and Analysis of Link Quality in Wireless Networks: An Application Perspective V. Kolar, Saquib Razak, P. Mahonen, N. Abu-Ghazaleh Carnegie.

Measurement and Analysis of Link Quality in Wireless Networks: An Application Perspective V. Kolar, Saquib Razak, P. Mahonen, N. Abu-Ghazaleh Carnegie.
Managing Agent Platforms with the Simple Network Management Protocol Brian Remick Thesis Defense June 26, 2015.

Managing Agent Platforms with the Simple Network Management Protocol Brian Remick Thesis Defense June 26, 2015.
On the Difficulty of Scalably Detecting Network Attacks Kirill Levchenko with Ramamohan Paturi and George Varghese.

On the Difficulty of Scalably Detecting Network Attacks Kirill Levchenko with Ramamohan Paturi and George Varghese.
NetFlow Analyzer Drilldown to the root-QoS Product Overview.

NetFlow Analyzer Drilldown to the root-QoS Product Overview.
Security administrators The experts need better tools too!

Security administrators The experts need better tools too!
What Learned Last Week Homework qn –What machine does the URL go to?

What Learned Last Week Homework qn –What machine does the URL go to?
Intrusion Detection/Prevention Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality,

Intrusion Detection/Prevention Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality,
Internet Worms Paxson, Asanovic, Dharmapurikar, Lockwood, Pang, Sommer, Weaver Rethinking Hardware Support for Network Analysis and Intrusion Prevention.

Internet Worms Paxson, Asanovic, Dharmapurikar, Lockwood, Pang, Sommer, Weaver Rethinking Hardware Support for Network Analysis and Intrusion Prevention.

Similar presentations

Ads by Google