Presentation is loading. Please wait.

Presentation is loading. Please wait.

Towards High Speed Network Defense Zhichun Li EECS Deparment Northwestern University.

Published byGeorgia Hood Modified over 9 years ago

Similar presentations

Presentation on theme: "Towards High Speed Network Defense Zhichun Li EECS Deparment Northwestern University."— Presentation transcript:

1 Towards High Speed Network Defense Zhichun Li EECS Deparment Northwestern University

2 2 Agenda Briefly introduce my thesis work Dive in high performance vulnerability signature matching Future research directions

3 3 Motivation Botnets Worms Attackers Professional attackers exploit the enterprise networks for profit $$$

4 4 Network Level Defense Network gateways/routers are the vantage points for detecting large scale attacks Only host based detection/prevention is not enough for modern enterprise networks –Some users do not apply the host-based schemes due to the reliability, overhead, and conflicts. –Many users do not update or patch their system on time. –Enterprises cannot only reply on their end users for security protection

5 5 Challenges Scalable to high speed networks with a large number of users Need to be highly accurate Adapt fast to the emerging threats Have good attack coverage.

6 6 Network-based Intrusion Detection, Prevention, and Forensics System Framework (I) Sketch based monitoring & detection (III) Signature matching engines (II) Polymorphic worm signature generation (IV) Network Situational Awareness Honynet honeyfarms Packet streams Accuracy & adapt fast Accuracy & adapt fast Scalability Accuracy & Scalability & Coverage

7 77 Network-based Intrusion Detection, Prevention, and Forensics System (I) Online traffic monitoring and recording [INFOCOM 2006, ToN 2007] (cited by 30+) –Reversible sketch for data streaming computation –Record millions of flows (GB traffic) in a few hundred KB –Small # of memory access per packet –Scalable to large key space size (2 32 or 2 64 ) Online sketch-based flow-level anomaly detection [IEEE ICDCS 2006] [IEEE CG&A, Security Visualization 2006] –Detect TCP SYN flooding, horizontal and vertical scans even when mixed 1 j H 01K-1 … … … hj(k)hj(k) hH(k)hH(k) h1(k)h1(k)

8 88 Polymorphic worm signature generation –Token based Signature [IEEE Symposium on Security and Privacy 2006] (cited by 40+, code requested by Columbia U. UT Austin, Purdue, Georgia Tech, UC Davis, etc) –Network based Vulnerability Signature [IEEE ICNP 2007] [ NSF Cyber Trust Award] 1010101 10111101 11111100 00010111 Network gateway Internet Network-based Intrusion Detection, Prevention, and Forensics System (II) Our network

9 99 NetShield Vulnerability Signature based NIDS/NIPS [under submission] [NSF Cyber Trust Award] (interested by Cisco and Juniper) Network-based Intrusion Detection, Prevention, and Forensics System (III) Focus of this talk, details come later

10 10 Large-scale botnet and P2P misconfiguration event situational-aware forensics –Botnet attack target/strategy inference [ASIACCS09] –Root cause analysis of the P2P misconfiguration/poisoning traffic [under submission] Network-based Intrusion Detection, Prevention, and Forensics System (IV)

11 11 NetShied: Matching a Large vulnerability Signature Ruleset for High Performance Network Defense

12 12 NetShield Overview NIDS/NIPS (Network Intrusion Detection/Prevention System) operation Signature DB NIDS/NIPS Packets Security alerts Accuracy Speed Attack Coverage

13 13 State of the art Pros Can efficiently match multiple sigs simultaneously, through DFA Can describe the syntactic context Regular expression (regex) based approaches Example:.*Abc.*\x90+de[^\r\n]{30} Cons Limited expressive power Cannot describe the semantic context Inaccurate

14 14 State of the art Pros Directly describe semantic context Very expressive, can express the vulnerability condition exactly Accurate Vulnerability Signature [Wang et al. 04] Cons Slow! Existing approaches all use sequential matching Require protocol parsing Example: BIND: rpc_vers==5 && rpc_vers_minor==1 && packed_drep==\x10\x00\x00\x00 && context[0].abstract_syntax.uuid=UUID_RemoteActivation BIND-ACK: rpc_vers==5 && rpc_vers_minor==1 CALL: rpc_vers==5 && rpc_vers_minors==1 && packed_drep==\x10\x00\x00\x00 && stub.RemoteActivationBody.actual_length>=40 && matchRE( stub.buffer, /^\x5c\x00\x5c\x00/)

15 15 Motivation of NetShield 15

16 16 Motivation Desired Features for Signature-based NIDS/NIPS –Accuracy (especially for IPS) –Speed –Coverage: Large ruleset Regular Expression Vulnerability AccuracyRelative Poor Much Better SpeedGood?? MemoryOK?? CoverageGood?? Shield [sigcomm’04] Focus of this work Cannot capture vulnerability condition well!

17 17 Research Challenges Background –Use protocol semantics to express the vulnerability –Defined on a sequence of PDUs & one predicate for each PDU –Example: ver==1 && method==“put” && len(buf)>300 Challenges –Matching thousands of vulnerability signatures simultaneously Sequential matching  match multiple sigs simultaneously –High speed parsing

18 18 Outline Motivation High Speed Matching for Large Rulesets. High Speed Parsing Evaluation Research Contributions

19 19 A Vulnerability Signature Example Data representations –For all the vulnerability signatures we studied, we only need numbers and strings –number operators: ==, >, =, <= –String operators: ==, match_re(.,.), len(.). Example signature for Blaster worm Example: BIND: rpc_vers==5 && rpc_vers_minor==1 && packed_drep==\x10\x00\x00\x00 && context[0].abstract_syntax.uuid=UUID_RemoteActivation BIND-ACK: rpc_vers==5 && rpc_vers_minor==1 CALL: rpc_vers==5 && rpc_vers_minors==1 && packed_drep==\x10\x00\x00\x00 && stub.RemoteActivationBody.actual_length>=40 && matchRE( stub.buffer, /^\x5c\x00\x5c\x00/)

20 20 Matching Problem Formulation Consider single PDU matching first Suppose we have n signatures, defined on k matching dimensions (matchers) –A matcher is a two-tuple (field, operation) or a four-tuple for the associative array elements. –Translate the n signatures to a n by k table. Rule 6: URI.Filename=“fp40reg.dll” && len(Headers[“host”])>300

21 21 Matching Problem Formulation Challenges for Single PDU matching problem (SPM) –Large number of signatures n –Large number of matchers k –Large number of “don’t cares” –Cannot reorder matchers arbitrarily -- buffering constraint –Field dependency Arrays, associative arrays Mutually exclusive fields.

22 22 Matching Algorithms Candidate Selection Algorithm 1.Pre-computation decides the rule order and matcher order 2.Divide-and-conquer comparison w/ matchers and iteratively combine the results efficiently

23 23 Step 1: Pre-Computation Matcher reoder: Put the non-selective matchers later based on buffering constraint & field arrival order Rule reorder:

24 24 Step 2: Iterative Matching

25 25 Candidate merge operation Si Don’t care matcher i+1 require matcher i+1 In A i+1

26 26 Refinement and Extension SPM improvement –Allow negative conditions –Handle array case –Handle associate array case –Handle mutual exclusive case –Report the matched rules as early as possible Extend to Multiple PDU Matching (MPM) –Allow checkpoints.

27 27 Outline Motivation High Speed Matching for Large Rulesets. High Speed Parsing Evaluation Research Contribution

28 28 Observations array PDU PDU  parse tree Leaf nodes are integers or strings Vulnerability signatures mostly based on leaf nodes Observation 1: Only need to parse the fields related to signatures. Observation 2: Traditional recursive descent parsers which need one function call per node are too expensive.

29 29 Efficient Parsing with State Machines Studied eight protocols: HTTP, FTP, SMTP, eMule, BitTorrent, WINRPC, SNMP and DNS as well as their vulnerability signatures. Pre-construct parsing state machines based on parse trees and vulnerability signatures. Common relationship among leaf nodes.

30 30 Example for WINRPC Rectangles are states Parsing variables: R 0.. R 4 0.61 instruction/byte for BIND PDU

31 31 Outline Motivation High Speed Matching for Large Rulesets. High Speed Parsing Evaluation Research Contributions

32 32 Evaluation Methodology 26GB+ Traces from Tsinghua Univ. (TH), Northwestern (NU) and DARPA Run on a P4 3.8Ghz single core PC w/ 4GB memory. After TCP reassembly and preload the PDUs in memory For HTTP we have 794 vulnerability signatures which covers 973 Snort rules. For WINRPC we have 45 vulnerability signatures which covers 3,519 Snort rules 32 Fully implemented prototype 11,704 lines of C++ and 2,706 lines of Python Can run on both Linux and Windows Deployed at a university DC with up to 106Mbps

33 33 Parsing Results Trace TH DNS TH WINRPC NU WINRPC TH HTTP NU HTTP DARPA HTTP Throughput (Gbps) Binpac Our parser 0.31 3.43 1.41 16.2 1.11 12.9 2.10 7.46 14.2 44.4 1.69 6.67 Speed up ratio 11.211.511.63.63.13.9 Max. memory per connection (bytes) 15 14

34 34 Matching Results TraceTH WINRPC NU WINRPC TH HTTP NU HTTP DARPA HTTP Throughput (Gbps) Sequential CS Matching 10.68 14.37 9.23 10.61 0.34 2.63 2.37 17.63 0.28 1.85 Matching only time speed up ratio 41.811.311.78.8 Avg # of Candidates 1.161.480.0330.0380.0023 Max. memory per connection (bytes) 27 20

35 35 Other Results Memory for 973 Snort rules: DFA 5.29GB (XFA 863 rules1.08MB), NetShield 2.3MB Per flow memory: XFA 36 bytes, NetShield 20 bytes. Throughput: XFA 756Mbps, NetShield 1.9+Gbps *XFA [SIGCOMM08][Oakland08] Rule scaling results Performanc Decrease gracefully Compare with Regex

36 36 Research Contributions Demonstrate vulnerability signatures can be applied to NIDS/NIPS, which can significantly improve the accuracy of current NIDS/NIPS Propose the candidate selection algorithm for matching a large number of vulnerability signatures efficiently Propose parsing state machine for fast protocol parsing Implement the NetShield

37 37 Future work Working in process –In collaboration with MSR. Apply the semantic rich analysis for cloud Web service profiling. To understand why slow and how to improve. Future work –Web security (browser security, web server security) –Data Center security –High Speed Network Intrusion Prevention System with Hardware Support

38 38 Long Term Research Challenges Combat the professional profit-driven attackers. Online applications (including Web 2.0 applications) become more complex and vulnerable. Network speed keeps increasing, which demands highly scalable approaches.

39 39 Q & A Thanks!

40 40 Backup Slides

41 41 Measure Snort Rules Semi-manually classify the rules. 1.Group by CVE-ID 2.Manually look at each vulnerability Results –86.7% of rules can be improved by protocol semantic vulnerability signatures. –Most of remaining rules (9.9%) are web DHTML and scripts related which are not suitable for signature based approach. –On average 4.5 Snort rules are reduced to one vulnerability signature. –For binary protocol the reduction ratio is much higher than that of text based ones. For netbios.rules the ratio is 67.6.

42 42 Motivation Network security has been recognized as the single most important attribute of their networks, according to survey to 395 senior executives conducted by AT&T Many new emerging threats make the situation even worse

43 43 System Framework Scalability Accuracy & adapt fast Accuracy & Scalability & Coverage Accuracy & adapt fast Scalability Accuracy & Scalability & Coverage Accuracy & adapt fast Scalability Accuracy & Scalability & Coverage Accuracy & adapt fast Accuracy & adapt fast Scalability Accuracy & Scalability & Coverage

44 44 Example of Vulnerability Signatures At least 75% vulnerabilities are due to buffer overflow Sample vulnerability signature Field length corresponding to vulnerable buffer > certain threshold Intrinsic to buffer overflow vulnerability and hard to evade Vulnerable buffer Protocol message Overflow!

45 45 Old Slides

46 46 Conclusions A novel network-based vulnerability signature matching engine –Through measurement study on Snort ruleset, prove the vulnerability signature can improve most of the signatures in NIDS/IPS. –Proposed parsing state machine for fast parsing –Propose a candidate selection algorithm for matching a large number of vulnerability signature simultaneously

47 47 Outline Motivation Feasibility Study: a measurement approach Problem Statement High Speed Parsing High Speed Matching for massive vulnerability Signatures. Evaluation Conclusions

48 48 Outline Motivation Feasibility Study: a measurement approach Problem Statement High Speed Parsing High Speed Matching for massive vulnerability Signatures. Evaluation Conclusions

49 49 Outline Motivation Feasibility Study: a measurement approach Problem Statement High Speed Parsing High Speed Matching for massive vulnerability Signatures. Evaluation Conclusions

50 50 Outline Motivation Feasibility Study: a measurement approach Problem Statement High Speed Parsing High Speed Matching for a large number of vulnerability Signatures. Evaluation Conclusions

51 51 Outline Motivation Feasibility Study: a measurement approach Problem Statement High Speed Parsing High Speed Matching for massive vulnerability Signatures. Evaluation Conclusions

52 52 Limitations of Regular Expression Signatures 1010101 10111101 11111100 00010111 Our network Traffic Filtering Internet Signature: 10.*01 X X Polymorphic attack (worm/botnet) might not have exact regular expression based signature Polymorphism!

53 53 What we do? Build a NIDS/NIPS with much better accuracy and similar speed comparing with Regular Expression based approaches –Feasibility: Snort ruleset (6,735 signatures) 86.7% can be improved by vulnerability signatures. –High speed Parsing: 2.7~12 Gbps –High speed Matching: Efficient Algorithm for matching massive vulnerability rules HTTP, 791 vulnerability signatures at ~1Gbps

54 54 Problem Formulation Parsing problem formulation –Given a PDU and the protocol specification as input, output the set of fields which required by matching.

55 55 Publications Zhichun Li, Lanjia Wang, Yan Chen and Zhi (Judy) Fu, Network-based and Attack-resilient Length Signature Generation for Zero-day Polymorohic Worms, in the Proc. of IEEE ICNP 2007. Robert Schweller, Zhichun Li, Yan Chen, Yan Gao, Ashish Gupta, Elliot Parons, Yin Zhang, Peter Dinda, Ming-Yang Kao, and Gokhan Memik, Reversible sketches: Enabling monitoring and analysis over high speed data streams, in the IEEE/ACM Transaction on Networking, Volume 15, Issue 5, Oct, 2007 Reversible sketches: Enabling monitoring and analysis over high speed data streams Zhichun Li, Manan Sanghi, Brian Chavez, Yan Chen and Ming-Yang Kao, Hamsa: Fast Signature Generation for Zero-day Polymorphic Worms with Provable Attack Resilience, in Proc. of IEEE Symposium on Security and Privacy, 2006 Hamsa: Fast Signature Generation for Zero-day Polymorphic Worms with Provable Attack Resilience Zhichun Li, Yan Chen and Aaron Beach, Towards Scalable and Robust Distributed Intrusion Alert Fusion with Good Load Balacing, in Proc. of ACM SIGCOMM LSAD 2006 Yan Gao, Zhichun Li and Yan Chen, A DoS Resilient Flow-level Intrusion Detection Approach for High-speed Networks, In Proc. Of IEEE ICDCS 2006 Robert Schweller, Zhichun Li, Yan Chen, Yan Gao, Ashish Gupta, Elliot Parons, Yin Zhang, Peter Dinda, Ming-Yang Kao, and Gokhan Memik, Reverse Hashing for High-speed Network Monitoring: Algorithms, Evaluations, and Applications, in the Proc. Of IEEE INFOCOM 2006 Reverse Hashing for High-speed Network Monitoring: Algorithms, Evaluations, and Applications

56 56 Current Status Part I: Sketch based monitoring & detection –Robert Schweller, Zhichun Li, Yan Chen, Yan Gao, Ashish Gupta, Elliot Parons, Yin Zhang, Peter Dinda, Ming-Yang Kao, and Gokhan Memik, Reversible sketches: Enabling monitoring and analysis over high speed data streams, in the IEEE/ACM Transaction on Networking, Volume 15, Issue 5, Oct, 2007Reversible sketches: Enabling monitoring and analysis over high speed data streams –Robert Schweller, Zhichun Li, Yan Chen, Yan Gao, Ashish Gupta, Elliot Parons, Yin Zhang, Peter Dinda, Ming-Yang Kao, and Gokhan Memik, Reverse Hashing for High-speed Network Monitoring: Algorithms, Evaluations, and Applications, in the Proc. Of IEEE INFOCOM 2006 (252/1400=18%)Reverse Hashing for High-speed Network Monitoring: Algorithms, Evaluations, and Applications –Yan Gao, Zhichun Li and Yan Chen, A DoS Resilient Flow-level Intrusion Detection Approach for High-speed Networks, In Proc. Of IEEE International Conference on Distributed Computing Systems (ICDCS) 2006 (75/536=14%) (Alphabetical order) Part II: Polymorphic worm signature generation –TOSG: Zhichun Li, Manan Sanghi, Brian Chavez, Yan Chen and Ming-Yang Kao, Hamsa: Fast Signature Generation for Zero-day Polymorphic Worms with Provable Attack Resilience, in Proc. of IEEE Symposium on Security and Privacy, 2006 (23/251=9%) Hamsa: Fast Signature Generation for Zero-day Polymorphic Worms with Provable Attack Resilience –LESG: Zhichun Li, Lanjia Wang, Yan Chen and Zhi (Judy) Fu, Network-based and Attack-resilient Length Signature Generation for Zero-day Polymorohic Worms, in the Proc. of IEEE International Conference on Network Protocols (ICNP) 2007 (32/220=14%)

57 57 Current Status Part III: Signature matching engines –Work in progress, will be focus of this talk –Zhichun Li, Gao Xia, Yi Tang, Jian Chen, Ying He, Yan Chen and Bin Liu, NetShield : Towards High Performance Network- based Semantic Signature Matching, in submission Part IV: Network Situational Awareness –Work in process –Zhichun Li, Anup Goyal, Yan Chen and Vern Paxson, Towards Situational Awareness of Large-Scale Botnet Events using Honeynets, in preparation –Zhichun Li, Anup Goyal, Yan Chen and Aleksandar Kuzmanovic, P2P Doctor: Measurement and Diagnosis of Misconfigured Peer-to-Peer Traffic, in submission

58 58 Current Status Part I: Sketch based monitoring & detection –Result in [Infocom06,ToN,ICDCS06] Part II: Polymorphic worm signature generation –Result in [Oakland06,ICNP07] Part III: Signature matching engines –Work in progress, will be focus of this talk Part IV: Network Situational Awareness –Work in process

59 59 Limitations of Exploit Based Signature 1010101 10111101 11111100 00010111 Our network Traffic Filtering Internet Signature: 10.*01 X X Polymorphic worm might not have exact exploit based signature Polymorphism!

60 60 Vulnerability Signature Work for polymorphic worms Work for all the worms which target the same vulnerability Vulnerability signature traffic filtering Internet X X Our network Vulnerability X X

Download ppt "Towards High Speed Network Defense Zhichun Li EECS Deparment Northwestern University."

Similar presentations

An Introduction of Botnet Detection – Part 2 Guofei Gu, Wenke Lee (Georiga Tech)

An Introduction of Botnet Detection – Part 2 Guofei Gu, Wenke Lee (Georiga Tech)
A Fast and Compact Method for Unveiling Significant Patterns in High-Speed Networks Tian Bu 1, Jin Cao 1, Aiyou Chen 1, Patrick P. C. Lee 2 Bell Labs,

A Fast and Compact Method for Unveiling Significant Patterns in High-Speed Networks Tian Bu 1, Jin Cao 1, Aiyou Chen 1, Patrick P. C. Lee 2 Bell Labs,
Hamsa: Fast Signature Generation for Zero-day Polymorphic Worms with Provable Attack Resilience Zhichun Li, Manan Sanghi, Yan Chen, Ming-Yang Kao and Brian.

Hamsa: Fast Signature Generation for Zero-day Polymorphic Worms with Provable Attack Resilience Zhichun Li, Manan Sanghi, Yan Chen, Ming-Yang Kao and Brian.
1 Yan Chen Northwestern Lab for Internet and Security Technology (LIST) Dept. of Computer Science Northwestern University

1 Yan Chen Northwestern Lab for Internet and Security Technology (LIST) Dept. of Computer Science Northwestern University
Yan Chen Northwestern Lab for Internet and Security Technology (LIST) Dept. of Electrical Engineering and Computer Science Northwestern University

Yan Chen Northwestern Lab for Internet and Security Technology (LIST) Dept. of Electrical Engineering and Computer Science Northwestern University
High-Performance Network Anomaly/Intrusion Detection & Mitigation System (HPNAIDM) Yan Chen Department of Electrical Engineering and Computer Science Northwestern.

High-Performance Network Anomaly/Intrusion Detection & Mitigation System (HPNAIDM) Yan Chen Department of Electrical Engineering and Computer Science Northwestern.
1 Reversible Sketches for Efficient and Accurate Change Detection over Network Data Streams Robert Schweller Ashish Gupta Elliot Parsons Yan Chen Computer.

1 Reversible Sketches for Efficient and Accurate Change Detection over Network Data Streams Robert Schweller Ashish Gupta Elliot Parsons Yan Chen Computer.
Intrusion Detection/Prevention Systems. Objectives and Deliverable Understand the concept of IDS/IPS and the two major categorizations: by features/models,

Intrusion Detection/Prevention Systems. Objectives and Deliverable Understand the concept of IDS/IPS and the two major categorizations: by features/models,
Reverse Hashing for High-speed Network Monitoring: Algorithms, Evaluation, and Applications Robert Schweller 1, Zhichun Li 1, Yan Chen 1, Yan Gao 1, Ashish.

Reverse Hashing for High-speed Network Monitoring: Algorithms, Evaluation, and Applications Robert Schweller 1, Zhichun Li 1, Yan Chen 1, Yan Gao 1, Ashish.
RAIDM: Router-based Anomaly/Intrusion Detection and Mitigation Zhichun Li EECS Deparment Northwestern University 2008-04-29 Thesis Proposal.

RAIDM: Router-based Anomaly/Intrusion Detection and Mitigation Zhichun Li EECS Deparment Northwestern University Thesis Proposal.
Yan Chen, Hai Zhou Northwestern Lab for Internet and Security Technology (LIST) Dept. of Electrical Engineering and Computer Science Northwestern University.

Yan Chen, Hai Zhou Northwestern Lab for Internet and Security Technology (LIST) Dept. of Electrical Engineering and Computer Science Northwestern University.
High-Performance Network Anomaly/Intrusion Detection & Mitigation System (HPNAIDM) Zhichun Li Lab for Internet & Security Technology (LIST) Department.

High-Performance Network Anomaly/Intrusion Detection & Mitigation System (HPNAIDM) Zhichun Li Lab for Internet & Security Technology (LIST) Department.
Reverse Hashing for Sketch Based Change Detection in High Speed Networks Ashish Gupta Elliot Parsons with Robert Schweller, Theory Group Advisor: Yan Chen.

Reverse Hashing for Sketch Based Change Detection in High Speed Networks Ashish Gupta Elliot Parsons with Robert Schweller, Theory Group Advisor: Yan Chen.
Internet Cache Pollution Attacks and Countermeasures Yan Gao, Leiwen Deng, Aleksandar Kuzmanovic, and Yan Chen Electrical Engineering and Computer Science.

Internet Cache Pollution Attacks and Countermeasures Yan Gao, Leiwen Deng, Aleksandar Kuzmanovic, and Yan Chen Electrical Engineering and Computer Science.
Towards a High-speed Router-based Anomaly/Intrusion Detection System (HRAID) Zhichun Li, Yan Gao, Yan Chen Northwestern.

Towards a High-speed Router-based Anomaly/Intrusion Detection System (HRAID) Zhichun Li, Yan Gao, Yan Chen Northwestern.
High-Performance Network Anomaly/Intrusion Detection & Mitigation System (HPNAIDM) Yan Chen Lab for Internet & Security Technology (LIST) Department of.

High-Performance Network Anomaly/Intrusion Detection & Mitigation System (HPNAIDM) Yan Chen Lab for Internet & Security Technology (LIST) Department of.
Measurement and Diagnosis of Address Misconfigured P2P traffic Zhichun Li, Anup Goyal, Yan Chen and Aleksandar Kuzmanovic Lab for Internet and Security.

Measurement and Diagnosis of Address Misconfigured P2P traffic Zhichun Li, Anup Goyal, Yan Chen and Aleksandar Kuzmanovic Lab for Internet and Security.
A DoS Resilient Flow-level Intrusion Detection Approach for High-speed Networks Yan Gao, Zhichun Li, Yan Chen Lab for Internet and Security Technology.

A DoS Resilient Flow-level Intrusion Detection Approach for High-speed Networks Yan Gao, Zhichun Li, Yan Chen Lab for Internet and Security Technology.
1 Towards Anomaly/Intrusion Detection and Mitigation on High-Speed Networks Yan Gao, Zhichun Li, Manan Sanghi, Yan Chen, Ming- Yang Kao Northwestern Lab.

1 Towards Anomaly/Intrusion Detection and Mitigation on High-Speed Networks Yan Gao, Zhichun Li, Manan Sanghi, Yan Chen, Ming- Yang Kao Northwestern Lab.
What Learned Last Week Homework qn –What machine does the URL go to?

What Learned Last Week Homework qn –What machine does the URL go to?

Similar presentations

Ads by Google