anomaly detection on dns auths
play

Anomaly Detection on DNS Auths Root DNS, ccTLDs and DNS providers - PowerPoint PPT Presentation

Sep 26, 2022 •229 likes •362 views

Anomaly Detection on DNS Auths Root DNS, ccTLDs and DNS providers Team SchabeltierAnomalizers RIPE 74 Budapest, Hungary 2017-05-09 1/12 Team Members (alphabetically) Christian Doerr (TU Delft) Ella Titova

  1. Anomaly Detection on DNS Auths Root DNS, ccTLDs and DNS providers ✭ Team ✭✭✭✭✭✭ SchabeltierAnomalizers RIPE 74 Budapest, Hungary 2017-05-09 1/12

  2. Team Members (alphabetically) ◮ Christian Doerr (TU Delft) ◮ Ella Titova (VivaCell) ◮ Giovane Moura (SIDN Labs) ◮ Jan Harm Kuipers (University of Twente/SIDN Labs) ◮ Moritz M¨ uller (SIDN Labs/University of Twente) ◮ Ricardo Schmidt (University of Twente) ◮ Wouter de Vries (University of Twente) 2/12

  3. Main Problem Auth DNS Anomaly Detection ◮ How can we use Ripe Atlas data to automatically detect failures (anomalies) on Auth DNS (Roots, ccTLDs, etc...)? 3/12

  4. Step-by-step - CHAOS/RTT 1. Download Ripe datasets and parse them ◮ https://github.com/ripe-dns-anomaly/chaos ◮ parse-json.sh $startTime $endTime bins $mid ◮ start and end = timestamps ◮ bins= 600 (10minutes) ◮ mid = Ripe measurement ID 2. Then, run anomaly detection per letter and site: ◮ https: //github.com/ripe-dns-anomaly/anomalyDetector ◮ python letter-level-detector.py data/k-root-ddos-20151130.csv output/k-root-ddos-20151130-ad-hoc.csv 3. Then, it outputs anomalies per class type: ◮ https://github.com/ripe-dns-anomaly/ anomalyDetector/blob/master/README.md 4/12

  5. Step-by-step - Path 1. Download Ripe datasets and parse them ◮ https://github.com/ripe-dns-anomaly/traceroute ◮ python traceget.py --start $startTime --end $endTime --msmid $msmid ◮ start and end = timestamps ◮ msmid = atlas measurement id (5001 for K-root) 2. Then, convert to AS Path (plus IXPs): ◮ https://github.com/ripe-dns-anomaly/traceroute ◮ java -jar 3. Last step: anomaly detection and conversion to webformat (JSON) 5/12

  6. AS Graph - Path change during Nov 30 2015 Root DNS Attack 6/12

  7. Algorithms for Anomaly Detection ◮ See discussion on https://github.com/ripe-dns-anomaly/ anomalyDetector/blob/master/README.md ◮ Twitter’s robust TS analysis, ARIMA, ad-hoc ◮ We chose ad-hoc (ours) ◮ We need more time to evaluate the best one 7/12

  8. Overall reachability (K-root) 8/12

  9. Reachability London site (K-root) 9/12

  10. Path stability (K-root) 10/12

  11. ”Ready” to be used by others ◮ Others being: ccTLDs, Roots, etc. ◮ Requirement: Ripe Atlas measurements with chaos.id support and traceroute measurements ◮ Next: automate it to continuously probe it, detect and notify 11/12

  12. Resources ◮ GitHub: https://github.com/orgs/ripe-dns-anomaly/ ◮ Demo: https://ripe-dns-anomaly.github.io 12/12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier) in a dataset is an instance that is abnormal or unlikely based on the rest of the dataset If the instances in the dataset are labeled as

760 views • 19 slides
What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

DataCamp Anomaly Detection in R ANOMALY DETECTION IN R What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining the term anomaly Anomaly: a data point or collection of data points that do not follow the

870 views • 21 slides
Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative Anomaly Detection Motivation Developing an anomaly detection system Anomaly detection vs. supervised learning Choosing what features

514 views • 34 slides
Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

984 views • 72 slides
Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

905 views • 74 slides
Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview

Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview

Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview Prior Work in Network Anomaly Detection The 1999 DARPA Intrusion Detection Evaluation Packet Header Anomaly Detection (PHAD) Application

575 views • 18 slides
<Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection

<Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection

Data Council Singapre 2019 Autoencoder Forest for Anomaly Detection from IoT Time Series <Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection Autoencoder for anomaly detection Autoencoder

540 views • 27 slides
In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong,

In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong,

In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong, Alan Fern, Thomas G. Dietterich and Md Amran Siddiqui School of EECS Anomaly Detection Goal: Identify rare or strange objects 2 Anomaly

756 views • 51 slides
Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The

Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The

Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The Pennsylvania State University Anomaly Intrusion Detection Systems Anomaly Intrusion Detection Systems Model normal behavior. Attack - Any

417 views • 20 slides
Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection Jiong Zhang and

Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection Jiong Zhang and

Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection Jiong Zhang and Mohammad Zulkernine School of Computing Queens University, Kingston Ontario, Canada K7L 3N6 {zhang, mzulker} @cs.queensu.ca Abstract- Anomaly

284 views • 6 slides
Efficient Anomaly Detection by Isolation using Nearest Neighbour Ensemble Tharindu

Efficient Anomaly Detection by Isolation using Nearest Neighbour Ensemble Tharindu

Information Technology Efficient Anomaly Detection by Isolation using Nearest Neighbour Ensemble Tharindu Rukshan Bandaragoda Kai Ming Ting David Albrecht Fei Tony Liu Jonathan R. Wells Outline Overview of anomaly detection

657 views • 41 slides
Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation

Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation

DataCamp Anomaly Detection in R ANOMALY DETECTION IN R Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation tree DataCamp Anomaly Detection in R Isolation tree plots DataCamp Anomaly Detection in R

631 views • 19 slides
On Entropy in Network Traffic Anomaly Detection Jayro Santiago-Paz, Deni Torres-Roman.

On Entropy in Network Traffic Anomaly Detection Jayro Santiago-Paz, Deni Torres-Roman.

Introduction Feature Extraction Entropy Calculation Anomaly detection Classification Open Issues On Entropy in Network Traffic Anomaly Detection Jayro Santiago-Paz, Deni Torres-Roman. Cinvestav, Campus Guadalajara, Mexico November 2015

690 views • 24 slides
An Evaluation of Effect of Packet Sampling on Anomaly Detection Method Takuya Motodate

An Evaluation of Effect of Packet Sampling on Anomaly Detection Method Takuya Motodate

An Evaluation of Effect of Packet Sampling on Anomaly Detection Method Takuya Motodate April 25, 2010 The 3rd CAIDA-WIDE-CASFI Joint Measurement Workshop @Osaka 1 2010 4 25 Background Anomaly Detection:

331 views • 20 slides
ACCT 420: Topic modeling and anomaly detection Session 8 Dr. Richard M. Crowley 1 Front matter

ACCT 420: Topic modeling and anomaly detection Session 8 Dr. Richard M. Crowley 1 Front matter

ACCT 420: Topic modeling and anomaly detection Session 8 Dr. Richard M. Crowley 1 Front matter 2 . 1 Learning objectives Theory: NLP Anomaly detection Application: Understand annual report readability Examine the

1.12k views • 85 slides
Anomaly Detection with State Space Models Multi-dimensional State Space Models SVD Method EM

Anomaly Detection with State Space Models Multi-dimensional State Space Models SVD Method EM

Anomaly Detection CAMCOS 2009 Introduction ADAPT Anomaly Detection with State Space Models Multi-dimensional State Space Models SVD Method EM Algorithm Kalman Filter Maja Derek, Kate Isaacs, Duncan McElfresh, Jennifer Alarm Murguia,

1.4k views • 96 slides
On the safety assessment of RPAS safety policy ERTS January 30th, 2020 Diego Couto, Kevin

On the safety assessment of RPAS safety policy ERTS January 30th, 2020 Diego Couto, Kevin

On the safety assessment of RPAS safety policy ERTS January 30th, 2020 Diego Couto, Kevin Delmas, Xavier Pucel Increasing demands for RPAS Increasing number of operational concepts involving Remotely Piloted Aircraft Systems (RPASs) Urban

519 views • 40 slides
Dead Letters to Alice - Reachability of E-Mail Addresses in the PGP Web of Trust Benjamin

Dead Letters to Alice - Reachability of E-Mail Addresses in the PGP Web of Trust Benjamin

Introduction Study Design Results Conclusion Dead Letters to Alice - Reachability of E-Mail Addresses in the PGP Web of Trust Benjamin Leiding 1 ahn 2 Andreas D 1 University of G ottingen Telematics Group

428 views • 18 slides
Vodacom Interim results for the six months ended 30 September 2017 Disclaimer The following

Vodacom Interim results for the six months ended 30 September 2017 Disclaimer The following

Vodacom Interim results for the six months ended 30 September 2017 Disclaimer The following presentation is being made only to, and is only directed at, persons to whom such presentations may lawfully be co mmunicated (relevant persons).

873 views • 50 slides
SAND Project Self-managing Anycast Networks for the DNS ICANN 55 TechDay 7 March, 2016 Ricardo

SAND Project Self-managing Anycast Networks for the DNS ICANN 55 TechDay 7 March, 2016 Ricardo

SAND Project Self-managing Anycast Networks for the DNS ICANN 55 TechDay 7 March, 2016 Ricardo de O. Schmidt SAND Project Bring autonomous management to anycast DNS M onitoring: system health, reachability, performance, resilience... A

308 views • 14 slides
Tecnotree Corporation Half Year Financial Report January - June 2016 12 August, 2016 Summary of

Tecnotree Corporation Half Year Financial Report January - June 2016 12 August, 2016 Summary of

Tecnotree Corporation Half Year Financial Report January - June 2016 12 August, 2016 Summary of the Report MEUR Q2 2016 Q2 2015 1-6 2016 1-6 2015 Net sales 16.2 17.1 29.2 34.2 Orders received 17.8 6.4 32.2 32.7 Order backlog 29.8

470 views • 12 slides
Anna Kirchgater Back to School Night Thursday, August 18, 2016 Anna Kirchgater will provide a

Anna Kirchgater Back to School Night Thursday, August 18, 2016 Anna Kirchgater will provide a

Anna Kirchgater Back to School Night Thursday, August 18, 2016 Anna Kirchgater will provide a learning community that challenges ALL students to realize their greatest potential. Welcome to Anna Kirchgater GREAT schools Have GREAT people Who

378 views • 16 slides
Magnum Project on Boarding, OpenStack Summit Vancouver Spyros Trigazis @strigazi, Ricardo Rocha

Magnum Project on Boarding, OpenStack Summit Vancouver Spyros Trigazis @strigazi, Ricardo Rocha

May 2018 Magnum Project on Boarding, OpenStack Summit Vancouver Spyros Trigazis @strigazi, Ricardo Rocha @ahcorporto What is Magnum? OpenStack API service for creation of container clusters Single-tenant clusters Credential

320 views • 19 slides
The Mathematics of Quatrainment Finding the Solution Loran Briggs and Daniel McBride College of

The Mathematics of Quatrainment Finding the Solution Loran Briggs and Daniel McBride College of

The Mathematics of Quatrainment Finding the Solution Loran Briggs and Daniel McBride College of the Redwoods Eureka, CA 95501, USA December 17, 2010 Abstract The game of Quatrainment is a simple game where you flip over tiles to make a 4 by

584 views • 19 slides

More recommend