Presentation is loading. Please wait.

Presentation is loading. Please wait.

LOBSTER: Large Scale Monitoring of Broadband Internet Infrastructure Evangelos Markatos The LOBSTER Consortium Institute.

PublishNicholas Wilkinson Modified over 8 years ago

Similar presentations

Presentation on theme: "LOBSTER: Large Scale Monitoring of Broadband Internet Infrastructure Evangelos Markatos The LOBSTER Consortium Institute."— Presentation transcript:

1 LOBSTER: Large Scale Monitoring of Broadband Internet Infrastructure Evangelos Markatos The LOBSTER Consortium http://www.ics.forth.gr/~markatos Institute of Computer Science (ICS) Foundation for Research and Technology – Hellas (FORTH)

2 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr Roadmap of the Talk Motivation Motivation  What is the problem?  Our understanding of the Internet needs to be improved Solution Solution  Better Internet traffic monitoring through the LOBSTER infrastructure How can you participate? How can you participate?

3 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr What is the problem? Our understanding of the Internet needs to be improved Our understanding of the Internet needs to be improved  For example We do not know –which applications generate most traffic We suffer –malicious cyberattacks such as viruses and worms, spyware, dos/ddos attacks We witness incidents –of “friendly fire” - Unintentional attacks to major Internet servers What is going on out there? What is going on out there?

4 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr Problem I: Security Our understanding of the Internet needs to be improved Our understanding of the Internet needs to be improved  For example We suffer –malicious cyberattacks such as viruses and worms, spyware, dos/ddos attacks We do not know –which applications generate most traffic We witness incidents –of “friendly fire” - Unintentional attacks to major Internet servers What is going on out there? What is going on out there?

5 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr Cyberattacks continue to plague our networks Famous worm outbreaks: Famous worm outbreaks:  Summer 2001: CODE RED worm Infected 350,000 computers in 24 hours  January 2003: Sapphire/Slammer worm Infected 75,000 computers in 30 minutes  March 2004: Witty Worm Infected 20,000 computers in 60 minutes

6 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr Why do Cyberattacks continue to plague Internet? Defense against worms consists of Defense against worms consists of  Detection (of the worm) It takes several minutes to a few hours (semi-manual)  Identification (i.e. generate an IDS signature or firewall rule) It takes a few hours (manual)  Deployment of signatures to firewalls/IDSs It takes minutes to hours

7 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr Why do Cyberattacks continue to plague Internet? II Cyberattack Cyberattack  Detection, identification, response/deployment May take several hours  i.e. cyberattack response is initiated AFTER almost all computers have been infected and AFTER the attack is practically over  Can we start response BEFORE all computers have been infected?

8 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr Why do Cyberattacks continue to plague Internet? III Can we start response BEFORE all computers have been infected? Can we start response BEFORE all computers have been infected?  Yes! But we need: Smart Internet traffic monitoring sensors –Capable of detecting new worms Distributed infrastructure of Internet traffic sensors –More sensitive to attacks –pinpoint attacks as soon as they emerge –Spread information about new worms fast

9 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr Problem II: traffic accounting Our understanding of the Internet needs to be improved Our understanding of the Internet needs to be improved  For example We suffer –malicious cyberattacks such as viruses and worms, spyware, dos/ddos attacks We do not know –which applications generate most traffic We witness incidents –of “friendly fire” - Unintentional attacks to Root DNSs What is going on out there? What is going on out there?

10 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr Who generates all this traffic? 69% of the traffic is unaccounted-for 69% of the traffic is unaccounted-for  Maybe belongs to p2p applications that use dynamic ports  Maybe belongs to media applications  The bottom line is: We don’t know

11 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr Problem II: traffic accounting Our understanding of the Internet needs to be improved Our understanding of the Internet needs to be improved  For example We suffer –malicious cyberattacks such as viruses and worms, spyware, dos/ddos attacks We do not know –which applications generate most traffic We witness incidents –of “friendly fire” - Unintentional attacks to major Internet servers What is going on out there? What is going on out there?

12 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr “Friendly Fire” on the Internet Win 2K and Win XP computers Win 2K and Win XP computers  Started updating root DNS servers  Created significant load to DNS  Not clear why…

13 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr So, what do these all mean? Our understanding of the Internet Our understanding of the Internet  Needs to be improved The gap between The gap between  What we measure/understand, and  What is really going on out there is already large, and is probably getting larger

14 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr The GAP The GAP continues to widen with time… The GAP continues to widen with time…

15 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr Solution? We need better Internet traffic monitoring We need better Internet traffic monitoring  Faster i.e. to detect worms BEFORE they infect the planet  More accurate i.e. to close the gap between what we measure and what is going on

16 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr Solution: Better Internet traffic monitoring A solution should be based on two principles: A solution should be based on two principles:  Distributed Collaboration among traffic monitoring sensors an infrastructure of traffic monitors  State-of-the-art Research In passive network traffic monitoring –The SCAMPI monitoring system

17 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr SCAMPI: High-Performance Network traffic Monitoring Passive Network Traffic Monitoring Passive Network Traffic Monitoring  For high-speed networks High-performance programmable High-performance programmable  (FPGA-based) monitoring card Flexible programming environment Flexible programming environment  Monitoring Application Programming Interface (MAPI) Highly effective Highly effective  Intrusion Detection Algorithms, and  System Architectures (IDSes, IPSes)

18 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr The LOBSTER infrastructure LOBSTER LOBSTER  A network of passive Internet traffic monitors  which collaborate Exchange information and observations Correlate results

19 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr LOBSTER SSA LOBSTER is a LOBSTER is a  Specific Support Action Funded by European Commission Funded by European Commission Two-year project Two-year project  Duration 1/1/05-31/12/06

20 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr LOBSTER partners Research Organizations Research Organizations  ICS-FORTH, Greece  Vrije University, The Netherlands  TNO Telecom, The Netherlands NRNs/ISPs, Associations NRNs/ISPs, Associations  CESNET, Czech Republic  UNINETT, Norway  FORTHNET, Greece  TERENA, The Netherlands Industrial Partners Industrial Partners  ALCATEL, France  Endace, UK

21 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr Challenging issues I Trust: cooperating sensors may not trust each other Trust: cooperating sensors may not trust each other  Protection of private data  Protection of confidential data  Solution: anonymization Outside users will be able to operate on –Anonymized data

22 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr Challenging issues II Need a Common Programming Environment Need a Common Programming Environment  Use DiMAPI (Distributed Monitoring Application Programming Interface)  MAPI developed within the SCAMPI project

23 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr Challenging issues III Resilience to attackers: What if intruders penetrate LOBSTER? Resilience to attackers: What if intruders penetrate LOBSTER?  Can they have access to private/confidential data?  NO! Hardware anonymization The level of anonymization can be tuned by system administrators

24 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr Potential LOBSTER applications: traffic monitoring Accurate traffic monitoring Accurate traffic monitoring  how much of your bandwidth is going to file sharing applications such as Gnutella?  Which application generates most of the traffic?

25 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr Potential LOBSTER applications: Early-warning systems Automatic Detection of New worms Automatic Detection of New worms Contributes to early-warning System Contributes to early-warning System  Detect worms within minutes  i.e. before they manage to spread Facilitates early response to worms Facilitates early response to worms  Before they infect all computers

26 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr Potential LOBSTER applications: GRIDs GRID Performance debugging GRID Performance debugging  GRID-enabled applications access: Remote data Remote resources (e.g. sensors, instruments) Remote computing power  How can you figure out what is the problem if the application is slow? The local LAN? the WAN? The remote LAN? The local computer? The remote server? A middleware server?

27 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr Who can benefit from LOBSTER? NRNs/ISPs NRNs/ISPs  Better Internet traffic monitoring of their networks  Better understanding of their interactions with other NRNs/ISPs Security Researchers Security Researchers  Access to anonymized data  Access to anonymized testbed Study trends and validate theories about cybersecurity Network/Security Administrators Network/Security Administrators  Access to a traffic monitoring Infrastructure  Access to early-warning systems  Access to software and tools

28 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr How can you get involved Join our email list Join our email list  lobster-news@ics.forth.gr lobster-news@ics.forth.gr  Email to lobster-news-request@ics.forth.gr Subject: subscribe Join the infrastructure Join the infrastructure  expected to be operational on late 2005

29 ICS-FORTH LOBSTER – Evangelos Markatos markatos@ics.forth.gr Summary Our understanding of the Internet Our understanding of the Internet  needs to be improved LOBSTER will provide better monitoring LOBSTER will provide better monitoring  based on A network of passive monitoring sensors, and State-of-the-art SCAMPI research  and by providing Trusted co-operation in an un-trusted world Common programming platform Resilience to attackers Join us! (lobster-news-request@ics.forth.gr) Join us! (lobster-news-request@ics.forth.gr)lobster-news-request@ics.forth.gr

30 LOBSTER: Large Scale Monitoring of Broadband Internet Infrastructure Evangelos Markatos markatos@ics.forth.gr http://www.ics.forth.gr/~markatos Institute of Computer Science (ICS) Foundation for Research and Technology – Hellas (FORTH)

Download ppt "LOBSTER: Large Scale Monitoring of Broadband Internet Infrastructure Evangelos Markatos The LOBSTER Consortium Institute."

Similar presentations

Outpost Office Firewall Product presentation. What is Outpost Office Firewall? Software firewall solution designed especially to meet small and medium.

Outpost Office Firewall Product presentation. What is Outpost Office Firewall? Software firewall solution designed especially to meet small and medium.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Design Deployment and Use of the DETER Testbed Terry Benzel, Robert Braden, Dongho Kim, Clifford Informatino Sciences Institute 2008. 10. 22.

Design Deployment and Use of the DETER Testbed Terry Benzel, Robert Braden, Dongho Kim, Clifford Informatino Sciences Institute
Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.

Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.
IT security Are you protected against hackers?. Why are we in danger?  The Internet is worldwide, publicly accessible  More and more companies and institutes.

IT security Are you protected against hackers?. Why are we in danger?  The Internet is worldwide, publicly accessible  More and more companies and institutes.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Kick-off Meeting Athens 05/10/2004 The project ’POMPEI - P2p, location and presence mobile services for managing crisis and disaster situations’

Kick-off Meeting Athens 05/10/2004 The project ’POMPEI - P2p, location and presence mobile services for managing crisis and disaster situations’
Open Workshop on e-Infrastructures, Helsinki October 4 – 5, 2006 Roadmap Parallel Session on last chapter of e-IRG Roadmap: Crossing the Boundaries of.

Open Workshop on e-Infrastructures, Helsinki October 4 – 5, 2006 Roadmap Parallel Session on last chapter of e-IRG Roadmap: Crossing the Boundaries of.
Evangelos Markatos, FORTH CyberSecurity Research in Crete Evangelos Markatos Institute of Computer Science.

Evangelos Markatos, FORTH CyberSecurity Research in Crete Evangelos Markatos Institute of Computer Science.
Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.

Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.

Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
N. GSU Slide 1 Chapter 04 Cloud Computing Systems N. Xiong Georgia State University.

N. GSU Slide 1 Chapter 04 Cloud Computing Systems N. Xiong Georgia State University.
Hands-On Ethical Hacking and Network Defense Chapter 3 Network and Computer Attacks.

Hands-On Ethical Hacking and Network Defense Chapter 3 Network and Computer Attacks.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.

Similar presentations

Ads by Google