detecting distributed attacks using distributed
play

Detecting distributed attacks using distributed processing - PowerPoint PPT Presentation

Aug 22, 2023 •153 likes •549 views

Detecting distributed attacks using distributed processing frameworks RP2 #59 Sudesh Jethoe Overview Introduction Problem Description Research Questions Method Results Conclusion Introduction

  1. Detecting distributed attacks using distributed processing frameworks RP2 #59 Sudesh Jethoe

  2. Overview ● Introduction ● Problem Description ● Research Questions ● Method ● Results ● Conclusion

  3. Introduction http://www.eweek.com/security/slideshows/verisign-sees-sharp-climb-in-ddos-attack-volume-in-q2.html/

  4. Overview ● Introduction ● Problem Description ● Research Questions ● Method ● Results ● Conclusion

  5. Problem Description ● Analysis of large volumes of network traffic data takes time ● A lot of time ● Can we make it faster?

  6. Solution?

  7. Overview ● Introduction ● Problem Description ● Research Questions ● Method ● Results ● Conclusion

  8. Research Questions Main research question: ● How can a distributed processing framework be utilized to identify network anomalies in historical netflow data? Sub questions: ● Which processing framework is best suited for identifying DDOS attacks? ● How can we distinguish anomalies in netflow data? ● Which algorithms for detecting network anomalies exist and how can they be applied in a distributed processing environment?

  9. Overview ● Introduction ● Problem Description ● Research Questions ● Method ● Results ● Conclusion

  10. Method 1)Review distributed processing frameworks 2)Create application for distributed processing framework 3)Implement DDOS-algorithm in application

  11. Distributed processing frameworks

  12. Distributed processing frameworks

  13. Distributed processing frameworks ● Hive – Limited to querying datasets ● Pig – Extend queries with scripting and ML ● Spark – Extract data, transform, query, extendable python

  14. Method 1)Review distributed processing frameworks 2)Create application for distributed processing framework 3)Implement DDOS-algorithm in application

  15. Implementing Spark ● Cluster ● Dataset – 26 nodes Route Dataset Size r – 2x2TB disks 1 83,4 MiB 2 126,7 MiB – AMD Opteron 3vCPU 3 1,1 GiB – 1GB/s ethernet 4 3,1 GiB 5 10 GiB 6 41,5 GiB 7 88,2 GiB 8 99,3 GiB 9 296,4 GiB 10 444,4 GiB

  16. Implementing Spark ● 3 methods – Traditional – Parallelised – Single MapReduce

  17. Implementing Spark ● Traditional 1) retrieve unique intervals 2) partition the data by interval 3) for each interval create counts of packets for each found socket ● Result > 1,5 hour / 84,4 MiB

  18. Implementing Spark ● Parallelised 1) retrieve unique intervals 2) partition the data by interval 3) Parallel: for each interval create counts of packets for each found socket ● Result ~ 10 mins / 126,7 MiB

  19. Implementing Spark ● Single MapReduce 1) Initialize cluster 2) Read network traffic data from HDFS 3) Apply map/reduce to get flow counts for “dest IP:port:protocol:hour” 4) Filter out all counts < #threshold 5) Group results by “port:protocol” 6) Filter out all combinations < #min results 7) Normalize results by “port:protocol 8) Plot all hits for remaining “port:protocol” combinations

  20. Implementing Spark ● Results Dataset Size (GiB) Execution Time (seconds) Rate (MiB/seconds) 0,128 28 4,57 1,1 45,6 4,07 99,3 430,4 231 444,4 / /

  21. Results (126,7 MiB)

  22. Results (126,7 MiB)

  23. Results (88,2 GiB)

  24. Results (10,0 GiB)

  25. Method 1)Review distributed processing frameworks 2)Create application for distributed processing framework 3)Implement DDOS-algorithm in application

  26. Implement DDOS-algorithm in application ● Weighted Moving Average x ( i + 1 ) = yx i +( 1 − y ) ^ ^ x i x i : current valueof x ^ x : estimationx y : smoothing factor

  27. Implement DDOS-algorithm in application ● Adaptive threshold – Uses weighted average – Threshold: Multiple of expected value of the average alert if x i > threshold ∗ ^ x i

  28. Implement DDOS-algorithm in application ● Exponential Weighted Moving Average (EWMA) ● Threshold Gap = 0, avg = X0, Max_Gap = # If Xi < AVG: update(AVG, Xi) If Xi > AVG: Alert() If Gap >= Max_Gap: Gap = 0 update(AVG, Xi) Gap +=1

  29. Overview ● Introduction ● Problem Description ● Research Questions ● Method ● Results ● Conclusion

  30. Results (training 126,7MiB)

  31. Results (training 126,7MiB)

  32. Results (84,3MiB)

  33. Results (88,2 GiB)

  34. Results (88,2 GiB)

  35. Overview ● Introduction ● Problem Description ● Research Questions ● Method ● Results ● Conclusion

  36. Conclusion ● ~ 100 GiB < 10 minutes ● Traffic from different routers require different parameters ● Traffic patterns differ per router and service

  37. Future work ● Optimize framework to handle datasets > 100 GiB ● Test other algorithms on framework ● Apply tuned algorithms to live data ● Identify usage of irregular ports

  38. Questions ● ?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

ICANN 50 Detecting Distributed DNS Attacks Utilizing Levenshtein String Distances

ICANN 50 Detecting Distributed DNS Attacks Utilizing Levenshtein String Distances

ICANN 50 Detecting Distributed DNS Attacks Utilizing Levenshtein String Distances Nils Clausen, M.Sc. University Lecturer n.clausen@ium.edu.na Detecting Distributed DNS Attacks Utilizing Levenshtein String

328 views • 14 slides
A Machine Learning Approach for Detecting Distributed Denial of Service Attacks Tanaphon Roempluk

A Machine Learning Approach for Detecting Distributed Denial of Service Attacks Tanaphon Roempluk

A Machine Learning Approach for Detecting Distributed Denial of Service Attacks Tanaphon Roempluk Master's degree studying Majoring in Information technology Faculty of informatics, Mahasarakham University The 4th International Conference on

207 views • 17 slides
Detecting Distributed Denial of Service Attacks: A Neural Network Approach Gulay Oke

Detecting Distributed Denial of Service Attacks: A Neural Network Approach Gulay Oke

Detecting Distributed Denial of Service Attacks: A Neural Network Approach Gulay Oke (g.oke@imperial.ac.uk) Intelligent Systems and Networks Group Dept. of Electrical and Electronic Engineering Imperial College London Multi-Service

681 views • 21 slides
Using Network-Wide Flow Data Anukool Lakhina with Mark Crovella and Christophe Diot FloCon,

Using Network-Wide Flow Data Anukool Lakhina with Mark Crovella and Christophe Diot FloCon,

Detecting Distributed Attacks Using Network-Wide Flow Data Anukool Lakhina with Mark Crovella and Christophe Diot FloCon, September 21, 2005 The Problem of Distributed Attacks NYC Victim network LA ATLA Continue to become more

485 views • 33 slides
Distributed Coordination What makes a system distributed? Time in a distributed system

Distributed Coordination What makes a system distributed? Time in a distributed system

CPSC-410/611: Operating Systems Distr Coord Distributed Coordination What makes a system distributed? Time in a distributed system How do we determine the global state of a distributed system? Event ordering Mutual exclusion

405 views • 12 slides
DCatch: Automatically Detecting Distributed Concurrency Bugs in Cloud Systems Haopeng Liu ,

DCatch: Automatically Detecting Distributed Concurrency Bugs in Cloud Systems Haopeng Liu ,

1 DCatch: Automatically Detecting Distributed Concurrency Bugs in Cloud Systems Haopeng Liu , Guangpu Li, Jeffrey Lukman, Jiaxin Li, Shan Lu, Haryadi Gunawi, and Chen Tian* * 2 Cloud systems 3 Cloud systems 4 Distributed concurrency bugs

1.3k views • 93 slides
Security Psychology Topics Weve Covered Ethics Distributed Systems (and attacks

Security Psychology Topics Weve Covered Ethics Distributed Systems (and attacks

Security Psychology Topics Weve Covered Ethics Distributed Systems (and attacks thereof) XSS CSRF SQL injection Most of these attacks are enabled by social engineering. Todays Class Pretexting Phishing

587 views • 25 slides
Outline Distributed Denial of Service Introduction Attacks Characteristics of DDoS

Outline Distributed Denial of Service Introduction Attacks Characteristics of DDoS

Outline Distributed Denial of Service Introduction Attacks Characteristics of DDoS attacks CS 239 Some examples Security for Networks and Proposed prevention methods System Software May 15, 2002 Lecture 12 Lecture 12

421 views • 9 slides
Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a distributed Definitions implementation of a classical time-sharing model of a file Distributed system - A number of loosely coupled system. machines

997 views • 8 slides
Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges

Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges

5/19/2018 Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges scalability and performance apps require more resources than one computer has 13B. Distributed Systems: Communication grow

131 views • 9 slides
Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges

Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges

5/17/2017 Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges scalability and performance apps require more resources than one computer has 13B. Distributed Systems: Communication grow

572 views • 7 slides
Distributed Systems Just what is a Distributed System? Definitions &quot;A Distributed System

Distributed Systems Just what is a Distributed System? Definitions &quot;A Distributed System

Distributed Systems Just what is a Distributed System? Definitions &quot;A Distributed System is one in which components located at networked computers communicate and coordinate their actions only by passing messages&quot;. [Coulouris,

800 views • 42 slides
Distributed Databases 1 19.1 Distributed Database System A distributed database system

Distributed Databases 1 19.1 Distributed Database System A distributed database system

Distributed Databases 1 19.1 Distributed Database System A distributed database system consists of loosely coupled sites that share no physical component Database systems that run on each site are independent of each other

761 views • 42 slides
Overview Distributed Services for Distributed VPNs Objectives for Robust Time

Overview Distributed Services for Distributed VPNs Objectives for Robust Time

Michael Rossberg, Rene Golembewski, Guenter Schaefer Ilmenau University of Technology, Germany ICCCN 2012 Attack-Resistant Distributed Time Synchronization for Virtual Private Networks Overview Distributed Services for Distributed VPNs

212 views • 9 slides
Distributed Denial of Service Attacks &amp; Defenses Guest Lecture by: Vamsi Kambhampati Fall

Distributed Denial of Service Attacks &amp; Defenses Guest Lecture by: Vamsi Kambhampati Fall

Distributed Denial of Service Attacks &amp; Defenses Guest Lecture by: Vamsi Kambhampati Fall 2011 Distributed Denial of Service (DDoS) Exhaust resources of a target, or the resources it depends on Resources: CPU, Memory, Bandwidth

427 views • 23 slides
Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp;

Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp;

Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp; Design , George Coulouris, et al. and Engineering Distributed Objects , Wolfgang Emmerich Outline What is a Distributed System? Examples of

961 views • 36 slides
Variable Selection Using Elastic Net A Gentle Introduction to Penalized Regression Mohamad

Variable Selection Using Elastic Net A Gentle Introduction to Penalized Regression Mohamad

Variable Selection Using Elastic Net A Gentle Introduction to Penalized Regression Mohamad Hindawi, PhD, FCAS towerswatson.com Antitrust Notice Antitrust Notice The Casualty Actuarial Society is committed to adhering strictly The Casualty

777 views • 51 slides
Financing Agile Delivery with Forecasts Presented by:

Financing Agile Delivery with Forecasts Presented by:

AW9 Agile Product Development Wednesday, November 7th, 2018 1:30 PM Financing Agile Delivery with Forecasts Presented by: Robert

623 views • 30 slides
Wage convergence in south-eastern European countries KODA AUTO University September 2019

Wage convergence in south-eastern European countries KODA AUTO University September 2019

Wage convergence in south-eastern European countries KODA AUTO University September 2019 Countries analyzed Bulgaria, Romania, Turkey, Albania Other countries for comparison Czech Republic, Slovakia, Hungary, Poland Spain,

633 views • 42 slides
Considerations behind the Reflection Paper on Confirmatory Trials with an Adaptive Design Armin

Considerations behind the Reflection Paper on Confirmatory Trials with an Adaptive Design Armin

Bundesinstitut fr Arzneimittel und Medizinprodukte Considerations behind the Reflection Paper on Confirmatory Trials with an Adaptive Design Armin Koch Bundesinstitut fr Arzneimittel und Medizinprodukte Kurt-Georg-Kiesinger Allee 3

143 views • 10 slides
AGENDA Need for Proactive Adaptation Online Failure Prediction and Accuracy

AGENDA Need for Proactive Adaptation Online Failure Prediction and Accuracy

AGENDA Need for Proactive Adaptation Online Failure Prediction and Accuracy Experimental Assessment of Existing Techniques Observations &amp; Future Directions 2 Service oriented Systems About [Di Nitto et al. 2008] Service-

587 views • 24 slides
Mathematics Courses, Pathways, and Placement Process Parent Information For 5th Grade Parents

Mathematics Courses, Pathways, and Placement Process Parent Information For 5th Grade Parents

Redwood Middle School Mathematics Courses, Pathways, and Placement Process Parent Information For 5th Grade Parents February 8 &amp; 9, 2017 DRAFT 2.10.17 1 Welcome &amp; Introductions Setting the Context SUSD Math Learning

653 views • 34 slides
rst t

rst t

rst t t t rst

697 views • 66 slides
PDE computations often need to use a computational mesh which can Capture small scales and

PDE computations often need to use a computational mesh which can Capture small scales and

Monge Ampere based methods for Mesh Generation Chris Budd (Bath) Hilary Weller (Reading), Phil Browne (Reading), Mike Cullen (Met Office), Chiara Piccolo (Met Office), Emily Walsh (SFU), Bob Russell (SFU) PDE computations often need to use a

412 views • 30 slides

More recommend