fine grained tracking of grid infections
play

Fine-Grained Tracking of Grid Infections Ashish Gehani SRI Basim - PowerPoint PPT Presentation

Jan 27, 2024 •445 likes •644 views

Fine-Grained Tracking of Grid Infections Ashish Gehani SRI Basim Baig, Salman Mahmood, Dawood Tariq, Fareed Zaffar LUMS Fine-Grained Tracking of Grid Infections p. 1/18 Introduction Grid semantics Not middleware-specific Distributed

  1. Fine-Grained Tracking of Grid Infections Ashish Gehani SRI Basim Baig, Salman Mahmood, Dawood Tariq, Fareed Zaffar LUMS Fine-Grained Tracking of Grid Infections – p. 1/18

  2. Introduction Grid semantics Not middleware-specific Distributed system “Application community” Infection Security , Reliability, Quality-of-Service Constraints Fine-grained monitoring Grid-wide correlation Timely analysis Fine-Grained Tracking of Grid Infections – p. 2/18

  3. Motivation Attractive attack platform Access to large set of resources Automatic privilege escalation Single sign-on Significant consequences Integrity loss of valuable data Exposed services Open ports for callbacks Fine-Grained Tracking of Grid Infections – p. 3/18

  4. Application Community Anomalies Grid Node Grid Node Anomalies Edit Layer 0 and 1 as needed Grid Node Grid Node Threat Edit Layer 0 and 1 as needed Anomalies Digest Edit Layer 0 and 1 as needed Risk Monitor Edit Layer 0 and 1 as needed Grid Node Grid Node Threat Edit Layer 0 and 1 as needed Edit Layer 0 and 1 as needed Digest Threat Edit Layer 0 and 1 as needed Digest Grid Node Grid Node Grid Node Fine-Grained Tracking of Grid Infections – p. 4/18

  5. Central Monitoring Collect Grid-wide anomalies Raw stream saturates network 35 clients, 10Mb/s (Oliner et al, RAID 2010) Only event types No arguments Must scale to hundreds of nodes Fine-Grained Tracking of Grid Infections – p. 5/18

  6. Local Monitoring Framed as set operations Application activity Set of events Normal behavior Union of events during training Anomalous behavior Difference set (by subtracting normal) Correlating node activity Intersection of anomaly sets Fine-Grained Tracking of Grid Infections – p. 6/18

  7. Approach Decompose sets into epochs Compress epoch activity Collect data provenance Map anomalies to provenance Fine-Grained Tracking of Grid Infections – p. 7/18

  8. Epoch Compression Grid Node Risk Monitor Anomaly Bloom Application Filter Detector User System Anomaly Calls Kernel Digest Auditing Log Set representation Allows use of Bloom filters Fold filter ⌈ log( f + b ) ⌉ times Increase update frequency by f Decrease bandwidth used by b More false positives Fine-Grained Tracking of Grid Infections – p. 8/18

  9. Correlating Activity Combine Bloom filters Counting filter Event on τ nodes Corresponding buckets are ≥ τ Construct vaccination Bloom filter bit 1 ⇐ ⇒ counting filter bucket ≥ τ Fine-Grained Tracking of Grid Infections – p. 9/18

  10. Data Provenance File 2 Read open() close() File 3 File 1 Read close() Process open() Owner Process execution Time close() File 1 File 2 open() File 3 Write Record few arguments Process creation, File versions File access, modification Fine-Grained Tracking of Grid Infections – p. 10/18

  11. Anomaly Tracking Synthetic attack #11+/7#0/,(*/(/ Unexpected write !"#$ of dump.log ?@ABCDEA*FGF3DH4@I;;J*12 /"=1+,'"*"=" .'/0" !"#$ 6',7"&&89'"#0" .'/0" ?L?9MN;<*FGF3<F;O<MII*12 &$K,0DEK*"=" 1'"2&34*5& %&"'"()*+,- !"#$ .'/0" 6',7"&&89'"#0" 0#'-"0&*0=0 7,(P-*/(/ &:&72-;<*"="8 &:&72-;<*"=" !"#$ !"#$ 6',7"&&89'"#0" K,/(7*"=" .'/0" $%>1*+,- Fine-Grained Tracking of Grid Infections – p. 11/18

  12. Evaluation Platform Microsoft Windows XP (SP3) BOINC 6.10.43 volunteer Grid application Process Monitor 2.7 tool Open Bloom Filter library Synthetic infection Internet Explorer vulnerability Windows CreateRemoteThread() MailBoy 2004 injected Fine-Grained Tracking of Grid Infections – p. 12/18

  13. Workload 24 hours 20 minutes 1.5 million events Raw log: 216 MB / Grid node Anomaly detection with 11-tuples MailBoy 2004 as spam relay 20 threads 30 second timeout 1,700 email addresses Fine-Grained Tracking of Grid Infections – p. 13/18

  14. Storage 1e+06 100000 10000 Storage Space Used (KB) 1000 Disk Storage 4000-bit Bloom filter 2000-bit Bloom filter 100 10 1 0.1 0 200000 400000 600000 800000 1e+06 1.2e+06 1.4e+06 Number of Events Fine-Grained Tracking of Grid Infections – p. 14/18

  15. Normal Operation 1 0.9 False Positives Normalized by Anomalous Sequences 0.8 0.7 0.6 500-bit Bloom filter 1000-bit Bloom filter 0.5 2000-bit Bloom filter 4000-bit Bloom filter 0.4 0.3 0.2 0.1 0 0 200000 400000 600000 800000 1e+06 1.2e+06 1.4e+06 1.6e+06 Total Number of Events Fine-Grained Tracking of Grid Infections – p. 15/18

  16. Malware Injected 1 0.9 False Positives Normalized by Anomalous Sequences 0.8 0.7 0.6 500-bit Bloom filter 1000-bit Bloom filter 0.5 2000-bit Bloom filter 4000-bit Bloom filter 0.4 0.3 0.2 0.1 0 0 200000 400000 600000 800000 1e+006 1.2e+006 1.4e+006 1.6e+006 1.8e+006 Total Number of Events Fine-Grained Tracking of Grid Infections – p. 16/18

  17. Provenance Database 2500 File Identifiers in Normal Data File Identifiers in Attack Data Process Identifiers in Normal and Attack Data 2000 Number of Unique Identifiers 1500 1000 500 0 0 200 400 600 800 1000 1200 1400 1600 Time (minutes) Fine-Grained Tracking of Grid Infections – p. 17/18

  18. Conclusion Apparent tension Fine-grained anomaly detection Grid-wide monitoring Solution Audit provenance on Grid nodes Compress event stream Map anomalies to provenance Acknowledgement NSF Grant OCI-0722068 Fine-Grained Tracking of Grid Infections – p. 18/18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Fine-Grained Geographic Communication (Geocast) Nexus Workshop Frank Drr 23.07.2003 1

Fine-Grained Geographic Communication (Geocast) Nexus Workshop Frank Drr 23.07.2003 1

Fine-Grained Geographic Communication (Geocast) Nexus Workshop Frank Drr 23.07.2003 1 Overview Motivation Requirements for Fine-Grained Geocast Location Model for Fine-Grained Geographic Addressing Summary Related Work

752 views • 18 slides
Mechanized Verification of Fine-grained Concurrent Programs Ilya Sergey Aleks Nanevski

Mechanized Verification of Fine-grained Concurrent Programs Ilya Sergey Aleks Nanevski

Mechanized Verification of Fine-grained Concurrent Programs Ilya Sergey Aleks Nanevski Anindya Banerjee PLDI 2015 Terminology Coarse-grained Concurrency synchronisation between threads via locks ; Fine-grained

973 views • 72 slides
Parts of Speech More Fine-Grained Classes More

Parts of Speech More Fine-Grained Classes More

Parts of Speech More Fine-Grained Classes More Fine-Grained Classes Actually , I ran home extremely quickly yesterday The closed classes Example of POS tagging The Penn Treebank Part-of-Speech

747 views • 54 slides
Fine Grained Access Control Fine-Grained Access Control Fine Grained Access Control

Fine Grained Access Control Fine-Grained Access Control Fine Grained Access Control

Fine Grained Access Control Fine-Grained Access Control Fine Grained Access Control Fine-grained access control examples: p g Students can see their own grades Students can see grades of all students in courses they registered for

548 views • 34 slides
Fine-grained Visual Analysis: From Classification to Retrieval Yi-Zhe Song SketchX Lab, CVSSP,

Fine-grained Visual Analysis: From Classification to Retrieval Yi-Zhe Song SketchX Lab, CVSSP,

Fine-grained Visual Analysis: From Classification to Retrieval Yi-Zhe Song SketchX Lab, CVSSP, University of Surrey, UK http://sketchx.ai Why fine-grained? Dog Dog Dog I am not just a dog Why fine-grained? Husky

615 views • 24 slides
Fine-grained Image Recognition Lei Wang VILA group School of Computing and Information

Fine-grained Image Recognition Lei Wang VILA group School of Computing and Information

Learning Kernel-matrix-based Representation for Fine-grained Image Recognition Lei Wang VILA group School of Computing and Information Technology University of Wollongong, Australia 11-Dec-2019 Introduction Fine-grained image recognition

1.56k views • 58 slides
TRILL Fine Grained Labeling Donald Eastlake 3 rd Huawei

TRILL Fine Grained Labeling Donald Eastlake 3 rd Huawei

TRILL Fine Grained Labeling Donald Eastlake 3 rd Huawei Technologies d3e3e3@gmail.com November 2011 TRILL WG 1 Fine Grained Labeling A way to

469 views • 8 slides
Addressing Inter-Class Similarity in Fine-Grained Visual Classification Abhimanyu Dubey

Addressing Inter-Class Similarity in Fine-Grained Visual Classification Abhimanyu Dubey

Addressing Inter-Class Similarity in Fine-Grained Visual Classification Abhimanyu Dubey Collaborators: Nikhil Naik, Ryan Farrell, Otkrist Gupta, Pei Guo, Ramesh Raskar Fine-Grained Visual Classification - Image classification with target

760 views • 35 slides
Fine-Grained Power Modeling for Smartphones Using System Call Tracing Based on paper and

Fine-Grained Power Modeling for Smartphones Using System Call Tracing Based on paper and

Fine-Grained Power Modeling for Smartphones Using System Call Tracing Based on paper and presentation by: Abhinav Pathak, Y. Charlie Hu, Ming Zhang Paramvir Bahl, Yi-Min Wang Damian Rodziewicz Fine-Grained Power Modeling for Smartphones

701 views • 33 slides
On the Correctness Criteria of Fine-Grained Access Control in Relational Databases Qihua Wang,

On the Correctness Criteria of Fine-Grained Access Control in Relational Databases Qihua Wang,

On the Correctness Criteria of Fine-Grained Access Control in Relational Databases Qihua Wang, Ting Yu, Ninghui Li Jorge Lobo, Elisa Bertino Keith Irwin, Ji-Won Byun Outline Introduction Correctness Criteria A Fine-Grained Access

1.21k views • 51 slides
Fine-Grained Access Control Fine Grained Access Control Fine-grained access control examples:

Fine-Grained Access Control Fine Grained Access Control Fine-grained access control examples:

Fine-Grained Access Control Fine Grained Access Control Fine-grained access control examples: Students can see their own grades Students can see their own grades Students can see grades of all students in courses they registered for

338 views • 17 slides
Fine Grained Coordinated Parallelism in a Real World Application Mohammad Rezaei, PhD June 2012

Fine Grained Coordinated Parallelism in a Real World Application Mohammad Rezaei, PhD June 2012

Fine Grained Coordinated Parallelism in a Real World Application Mohammad Rezaei, PhD June 2012 1 Outline Types of parallelism Algorithm description Why fine grained parallelism? Concurrency is hard no, its different

419 views • 19 slides
Mesos A Platform for Fine-Grained Resource Sharing in the

Mesos A Platform for Fine-Grained Resource Sharing in the

Mesos A Platform for Fine-Grained Resource Sharing in the Data Center Benjamin Hindman, Andy Konwinski, Matei Zaharia , Ali Ghodsi, Anthony Joseph,

438 views • 32 slides
Enhancing Fine- Grained Parallelism Loop vectorization, Loop distribution, Scalar expansion

Enhancing Fine- Grained Parallelism Loop vectorization, Loop distribution, Scalar expansion

Enhancing Fine- Grained Parallelism Loop vectorization, Loop distribution, Scalar expansion Scalar and array renaming 1 Fine-Grained Parallelism Theorem 2.8. A sequential loop can be converted to a parallel loop if the loop carries no

606 views • 41 slides
Owen S. Hofmann, Xuan Wang, Emmett Witchel, Donald E. Porter 1 Fine-grained locking -

Owen S. Hofmann, Xuan Wang, Emmett Witchel, Donald E. Porter 1 Fine-grained locking -

Sangman Kim , Michael Z. Lee, Alan M. Dunn, Owen S. Hofmann, Xuan Wang, Emmett Witchel, Donald E. Porter 1 Fine-grained locking - Bug-prone, hard to maintain Parallelism - OS provides poor support Coarse-grained locking - Reduced

536 views • 34 slides
Part-based R-CNNs for Fine-grained Category Detec7on

Part-based R-CNNs for Fine-grained Category Detec7on

Part-based R-CNNs for Fine-grained Category Detec7on Ning Zhang Jeff Donahue Ross Girshick Trevor Darrell

741 views • 39 slides
Now Do Voters Notice Review Screen Anomalies? A Look at Voting System Usability Bryan A.

Now Do Voters Notice Review Screen Anomalies? A Look at Voting System Usability Bryan A.

Now Do Voters Notice Review Screen Anomalies? A Look at Voting System Usability Bryan A. Campbell Michael D. Byrne Department of Psychology Rice University Houston, TX bryan.campbell@rice.edu byrne@acm.org http://chil.rice.edu/ Overview

802 views • 29 slides
What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

DataCamp Anomaly Detection in R ANOMALY DETECTION IN R What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining the term anomaly Anomaly: a data point or collection of data points that do not follow the

870 views • 21 slides
Portrait of an anomaly Attribution Game Made up by Sue and Katherine To incite you to discuss the

Portrait of an anomaly Attribution Game Made up by Sue and Katherine To incite you to discuss the

Portrait of an anomaly Attribution Game Made up by Sue and Katherine To incite you to discuss the cost and value effectiveness of monitoring and think about what key drivers are require to deliver an optimum outcome Watch for wild cards! Po

99 views • 7 slides
Topics in Software Dynamic White-box Testing Part 2: Data-flow Testing [Reading assignment:

Topics in Software Dynamic White-box Testing Part 2: Data-flow Testing [Reading assignment:

Topics in Software Dynamic White-box Testing Part 2: Data-flow Testing [Reading assignment: Chapter 7, pp. 105-122 plus many things in slides that are not in the book ] Data-Flow Testing Data-flow testing uses the control flowgraph to

1.09k views • 43 slides
A Tale of Two Anomalies: from LHCb to ANITA Speaker: Yicong Sui In collaboration with: Wolfgang

A Tale of Two Anomalies: from LHCb to ANITA Speaker: Yicong Sui In collaboration with: Wolfgang

A Tale of Two Anomalies: from LHCb to ANITA Speaker: Yicong Sui In collaboration with: Wolfgang Altmannshofer, Bhupal Dev, Amarjit Soni Introduction of B-anomaly Introduction of B-anomaly Introduction of B-anomaly Gregory Ciezarek, etl, ,

964 views • 78 slides
Metadata format for benchmarking anomaly detection algorithms Youki Kadobayashi NICT / NAIST

Metadata format for benchmarking anomaly detection algorithms Youki Kadobayashi NICT / NAIST

Metadata format for benchmarking anomaly detection algorithms Youki Kadobayashi NICT / NAIST youki-k &lt;at&gt; is.naist.jp 10 th CAIDA-WIDE workshop / 1 st CAIDA-WIDE-CASFI workshop August 2008 Anomaly detection algorithms:

444 views • 10 slides
Vacuum structure of 2 d adjoint QCD anomaly, mod 2 index, and semiclassics Yuya Tanizaki

Vacuum structure of 2 d adjoint QCD anomaly, mod 2 index, and semiclassics Yuya Tanizaki

Vacuum structure of 2 d adjoint QCD anomaly, mod 2 index, and semiclassics Yuya Tanizaki North Carolina State University Sep, 2019 @ ICTP, Trieste Collaborators: Aleksey Cherman, Theodore Jacobson (UMN), Mithat Unsal (NCSU)

538 views • 29 slides
Adaptive Anomaly Detection via Self-Calibration and Dynamic Updating Gabriela F. Cretu-Ciocarlie

Adaptive Anomaly Detection via Self-Calibration and Dynamic Updating Gabriela F. Cretu-Ciocarlie

Adaptive Anomaly Detection via Self-Calibration and Dynamic Updating Gabriela F. Cretu-Ciocarlie Department of Computer Science Columbia University Joint work with Angelos Stavrou, Michael E. Locasto, Salvatore J. Stolfo Motivation and

487 views • 28 slides

More recommend