a rendezvous based paradigm a rendezvous based paradigm
play

A Rendezvous-based Paradigm A Rendezvous-based Paradigm for - PowerPoint PPT Presentation

Feb 14, 2024 •180 likes •490 views

A Rendezvous-based Paradigm A Rendezvous-based Paradigm for Analysis of Solicited and for Analysis of Solicited and Unsolicited Traffic Unsolicited Traffic DUST 2012 May 15, 2012 David Plonka & Paul Barford {plonka,pb}@cs.wisc.edu

  1. A Rendezvous-based Paradigm A Rendezvous-based Paradigm for Analysis of Solicited and for Analysis of Solicited and Unsolicited Traffic Unsolicited Traffic DUST 2012 May 15, 2012 David Plonka & Paul Barford {plonka,pb}@cs.wisc.edu

  2. Outline ● Rendezvous-based Traffic Analysis – What is it? Why use it? – a DNS rendezvous case study involving office and residential “solicited” traffic ● Darkspace Rendezvous Mechanisms – unsolicited and passively solicited traffic ● TreeTop – a DNS rendezvous-based analysis tool [Plonka & Barford, IMC 2009, SATIN 2011, work in progress] – flow export with rendezvous annotations – IPv6 performance by service names

  3. Rendezvous-based Traffic Analysis? ● Traffic classification and analysis has focussed on target traffic features (IP headers, DPI, etc.) ● However, Internet hosts learn IP addresses by some rendezvous mechanism, e.g.: – By static configuration (IP addrs in config files) – The Doman Name System (DNS) – Application-specific mechanisms (URLs, p2p) ● Inform traffic analysis by considering, “How does this host know this IP address?” rather than simply, “With what IP address did this host interact?”

  4. Why Focus on Rendezvous? rendezvous, meaning hosts and services “present themselves” ● For standard protocols, rendezvous information is not private and is of low-volume – Separate and separable from private payloads – Can be monitored in situations where target traffic is high-volume, sampled, or encrypted ● Rendezvous info can indicate when other analysis or classification techniques are effective and not – e.g., port-based classification [Kim, et al., 2008] [Plonka & Barford, 2011]

  5. Rendezvous-based Traffic Classification rendezvous, meaning “present yourselves” ● Hypothesis : We can inform and improve traffic classification by considering, “How does this host know that peer IP address?” ● DNS : Internet hosts regularly use the DNS to find remote IP addresses of the hosts with which they might interact. – It is an easily separable standard, “clear text” protocol.

  6. DNS Rendezvous: (1) Query DNS Overview

  7. DNS Rendezvous: (2) Response DNS Overview

  8. DNS Rendezvous: (3) Outbound DNS Overview

  9. DNS Rendezvous: (4) Inbound DNS Overview

  10. Traffic Observation Points DNS Overview

  11. Traffic Observation Points DNS Overview

  12. Traffic Observation Points DNS Overview

  13. Traffic Observation Points DNS Overview

  14. Characteristics of Data Sets

  15. Target Traffic Classification: Port-based method

  16. Residential: Domain Popularity

  17. Office Target Traffic Classification: “named” and “unnamed”

  18. Residential Target Traffic Classification: “named” and “unnamed”

  19. Residential Target Traffic Classification: “named” by popular domains

  20. Host Profiling and Reputation based on Rendezvous Information

  21. Residential Hosts Classification by P2P Host Profile (1 day)

  22. “unnamed” Target Traffic by P2P Profile

  23. Results Summary: Traffic Classified (% bytes)

  24. Rendezvous in Darkspace/Grayspace? ● Darkspace and Unsolicited : a host uses some technique to choose remote/peer IP addresses – Algorithm , e.g., scanning a contiguous set of IP addresses in series, choosing IP addresses at random – Bug , e.g. D-link products connect to 45.52.84.48, the 7-bit string “-4T0”, believed to be a stray value left in an uninitialized 32-bit integer meant to store an SMTP server's IP address [Yegneswaran, Barford, Plonka, 2004] – Misconfiguration or stale configuration, e.g., SNMP traps to various 45/8 addresses from Interop events – IP prefixes become encumbered by legacy roles

  25. TreeTop: Rendezvous-annotated Flow Export

  27. TreeTop: radix tries and domain trees

  28. [3 private slides redacted]

  29. Discussion ● In what circumstances can we trust rendezvous information for traffic classification or host profiling/reputation? ● Tap rendezvous methods other than the DNS; e.g., application-specific methods (WWW, P2P); are they discoverable, separable and clear? ● Should we alter or invent rendezvous protocols to better inform classification and packet treatment? ● Is rendezvous a useful unifying analysis concept?

  30. A Rendezvous-based Paradigm A Rendezvous-based Paradigm for Analysis of Solicited and for Analysis of Solicited and Unsolicited Traffic Unsolicited Traffic FIN David Plonka & Paul Barford {plonka,pb}@cs.wisc.edu

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification,

Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification,

Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification, Measurement, and Analysis and Analysis ISC/CAIDA Data Collaboration Workshop October 22, 2012 David Plonka & Paul Barford

1.33k views • 26 slides
Design Aspects of HIP Design Aspects of HIP Rendezvous Mechanisms Rendezvous Mechanisms draft-

Design Aspects of HIP Design Aspects of HIP Rendezvous Mechanisms Rendezvous Mechanisms draft-

Design Aspects of HIP Design Aspects of HIP Rendezvous Mechanisms Rendezvous Mechanisms draft- -eggert eggert- -hip hip- -rendezvous rendezvous- -01 01 draft Lars Eggert and Marco Liebsch NEC IETF-60, San Diego, CA, USA August 6,

507 views • 11 slides
Implementing CRSM Rendezvous Communication for a Distributed Robotic System B. Election Reddy

Implementing CRSM Rendezvous Communication for a Distributed Robotic System B. Election Reddy

Concurrent Languages Fire Bird Platform CRP Rendezvous Rendezvous Implementation Network Problems Case Study: Treasure Hunt Summary Future Work Implementing CRSM Rendezvous Communication for a Distributed Robotic System B. Election Reddy

419 views • 39 slides
INF4140 - Models of concurrency RPC and Rendezvous INF4140 28 Oct. 2013 2 / 38 RPC and

INF4140 - Models of concurrency RPC and Rendezvous INF4140 28 Oct. 2013 2 / 38 RPC and

INF4140 - Models of concurrency RPC and Rendezvous INF4140 28 Oct. 2013 2 / 38 RPC and Rendezvous Outline More on asynchronous message passing interacting processes with different patterns of communication Summary Remote procedure calls

966 views • 38 slides
RPC and Rendezvous INF4140 01.11.12 Lecture 9 Outline More on asynchronous message passing

RPC and Rendezvous INF4140 01.11.12 Lecture 9 Outline More on asynchronous message passing

RPC and Rendezvous INF4140 01.11.12 Lecture 9 Outline More on asynchronous message passing Interacting processes with different patterns of communication Summary Remote procedure call (RPC) What is RPC Example: time server Rendezvous

476 views • 33 slides
Background ArDeZ - Overview Communication Sensor Networks period Low cost nodes

Background ArDeZ - Overview Communication Sensor Networks period Low cost nodes

Outline Background ArDeZ: An Asymmetric Rendezvous ArDeZ Based MAC for Sensor Networks Overview Channel Setup Kwan-Wu Chin and Raad Raad Generating Pseudo-random Rendezvous Periods Telecommunications and Information

325 views • 6 slides
XI International Rendezvous of the Forums of Psychoanalysis of the Lacanian Field "Treatments

XI International Rendezvous of the Forums of Psychoanalysis of the Lacanian Field "Treatments

XI International Rendezvous of the Forums of Psychoanalysis of the Lacanian Field "Treatments of the Body in our times and in psychoanalysis" A few words of Welcome In July 2020 we shall have a Rendezvous for the re-encounter of the

63 views • 3 slides
Multi-Target Rendezvous Search Malika Meghjani, Sandeep Manjanna and Gregory Dudek 2017. 05. 29

Multi-Target Rendezvous Search Malika Meghjani, Sandeep Manjanna and Gregory Dudek 2017. 05. 29

[IROS 2016] Multi-Target Rendezvous Search Malika Meghjani, Sandeep Manjanna and Gregory Dudek 2017. 05. 29 Presented By Suzi Kim Background Rendezvous Problem How two players randomly placed in a known search region X can move at speed one

712 views • 28 slides
PARADIGM Erkin Otles CS 838 PARADIGM Approach We developed an approach called PARADIGM

PARADIGM Erkin Otles CS 838 PARADIGM Approach We developed an approach called PARADIGM

PARADIGM Erkin Otles CS 838 PARADIGM Approach We developed an approach called PARADIGM (PAthway Recognition Algorithm using Data Integration on Genomic Models) to infer the activities of genetic pathways from integrated patient data.

583 views • 30 slides
Akamatsus third flying geese paradigm Model for internal division of labor in East Asia based

Akamatsus third flying geese paradigm Model for internal division of labor in East Asia based

Akamatsus third flying geese paradigm Model for internal division of labor in East Asia based on dynamic comparative advantage Three subpatterns Imports Domestic production Exports Dunnings Eclectic Paradigm (OLI-Model) Ownership

229 views • 4 slides
The Mode Decision INST 154 Apollo at 50 Lunar Orbit Rendezvous Four Bad Ideas Direct Ascent

The Mode Decision INST 154 Apollo at 50 Lunar Orbit Rendezvous Four Bad Ideas Direct Ascent

The Mode Decision INST 154 Apollo at 50 Lunar Orbit Rendezvous Four Bad Ideas Direct Ascent Required an enormous rocket and made the landing much more difficult Earth Orbit Rendezvous, then Direct Ascent Required salvo launches

490 views • 13 slides
The Mode Decision INST 154 Apollo at 50 Lunar Orbit Rendezvous Four Bad Ideas Direct Ascent

The Mode Decision INST 154 Apollo at 50 Lunar Orbit Rendezvous Four Bad Ideas Direct Ascent

The Mode Decision INST 154 Apollo at 50 Lunar Orbit Rendezvous Four Bad Ideas Direct Ascent Required an enormous rocket and made the landing much more difficult Earth Orbit Rendezvous, then Direct Ascent Required salvo launches

131 views • 12 slides
NMR-Based Test Methods - How to Change the Paradigm of f NMR Exclusion The Perspective of a

NMR-Based Test Methods - How to Change the Paradigm of f NMR Exclusion The Perspective of a

The Practical Non-Existance of f Official NMR-Based Test Methods - How to Change the Paradigm of f NMR Exclusion The Perspective of a Small NMR Service Company John Edwards, Process NMR Associates Validation Workshop PANIC NMR Conference

528 views • 29 slides
A Study of Particle Physics based on based on e-Science Paradigm g Kihyeon Cho (On behalf of

A Study of Particle Physics based on based on e-Science Paradigm g Kihyeon Cho (On behalf of

March 9~ 12, 2010 ISGC 2010, Taipei, Taiwan A Study of Particle Physics based on based on e-Science Paradigm g Kihyeon Cho (On behalf of High Energy Physics Team @ KISTI) 1 Thank HEP Team at KISTI Members: Kih Kihyeon Cho Ch Junghyun

433 views • 28 slides
When We First Met: Visual-Inertial Person Localization for Co-Robot Rendezvous Xi Sun, Xinshuo

When We First Met: Visual-Inertial Person Localization for Co-Robot Rendezvous Xi Sun, Xinshuo

When We First Met: Visual-Inertial Person Localization for Co-Robot Rendezvous Xi Sun, Xinshuo Weng, Kris Kitani Robotics Institute, Carnegie Mellon University IROS 2020 Motivation Use case 1: Autonomous vehicle identifies and locates its user

450 views • 25 slides
Opportunity Based Thinking; Is this a Paradigm Shift for a Quality Professional? Angelo

Opportunity Based Thinking; Is this a Paradigm Shift for a Quality Professional? Angelo

Opportunity Based Thinking; Is this a Paradigm Shift for a Quality Professional? Angelo Scangas Quality Support Group, Inc. QSG Meeting 03.29.19 1 @ 2019 Agenda Risks & Opportunities - What we learned during ISO 9001:2015?

380 views • 37 slides
Automatic MySQL Schema Management with Skeema Evan Elias Percona Live, April 2017 What is

Automatic MySQL Schema Management with Skeema Evan Elias Percona Live, April 2017 What is

Automatic MySQL Schema Management with Skeema Evan Elias Percona Live, April 2017 What is Schema Management? Organize table schemas in a repo Execution of all DDL, on the correct MySQL instances, with the correct OSC flags Not

813 views • 64 slides
How to Host Your Own Instructor Training: For Project AWARE-SEA and MHAT Grantees Chayla Lyon ,

How to Host Your Own Instructor Training: For Project AWARE-SEA and MHAT Grantees Chayla Lyon ,

How to Host Your Own Instructor Training: For Project AWARE-SEA and MHAT Grantees Chayla Lyon , Manager of Instructor Trainings, Mental Health First Aid Stephanie Pozuelos , Project Coordinator, Mental Health First Aid Mental Health First Aid USA

360 views • 17 slides
HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been proposed for applications including: Encryption and authentication For detecting malicious alterations of design components For

645 views • 15 slides
TensorLights End-Host Traffic Scheduling for Distributed Deep Learning Xin Sunny Huang Ang Chen

TensorLights End-Host Traffic Scheduling for Distributed Deep Learning Xin Sunny Huang Ang Chen

TensorLights End-Host Traffic Scheduling for Distributed Deep Learning Xin Sunny Huang Ang Chen T. S. Eugene Ng Rice University 1 This Work The Parameter Server (PS) architecture is the most popular approach for distributed Deep Learning.

974 views • 28 slides
Cada Da - Welsh Meeting Template Social Language Learning Program - Template - Wednesday - Dydd

Cada Da - Welsh Meeting Template Social Language Learning Program - Template - Wednesday - Dydd

Web Meeting SET UP Cada Da - Welsh Meeting Template Social Language Learning Program - Template - Wednesday - Dydd Mercher July 6 - Wednesday UTC 15:30 [Wales 4:30pm, Argentina 12:30pm, Eastern US 11:30am] Launch Meeting and Countdown Time

878 views • 54 slides
Kantara Workshop: Making the World Safe for User-Managed Access Eve Maler Kantara UMA Work

Kantara Workshop: Making the World Safe for User-Managed Access Eve Maler Kantara UMA Work

Kantara Workshop: Making the World Safe for User-Managed Access Eve Maler Kantara UMA Work Group Chair 4 May 2010 1 About Kantara Initiative http://kantarainitiative.org Participation: Open global identity, web, and developer community

985 views • 59 slides
Scalability and Availability Ryan Eberhardt and Armin Namavari May 19, 2020 Logistics Project 1

Scalability and Availability Ryan Eberhardt and Armin Namavari May 19, 2020 Logistics Project 1

Scalability and Availability Ryan Eberhardt and Armin Namavari May 19, 2020 Logistics Project 1 due tonight Week 6 exercises coming out today Project 2 coming out end of this week Let us know how we can help! This week

892 views • 74 slides
Golden Gate Bridging The Resource-Efficiency Gap Between ASICs and FPGA Prototypes Albert Magyar

Golden Gate Bridging The Resource-Efficiency Gap Between ASICs and FPGA Prototypes Albert Magyar

Golden Gate Bridging The Resource-Efficiency Gap Between ASICs and FPGA Prototypes Albert Magyar , David Biancolin, Jack Koenig, Sanjit Seshia, Jonathan Bachrach, Krste Asanovi Two major challenges of FPGA simulation FireSim

621 views • 37 slides

More recommend