heap bgp observatory
play

HEAP BGP Observatory Johannes Zirngibl, Patrick Sattler, Markus - PowerPoint PPT Presentation

Jun 23, 2023 •111 likes •223 views

Chair of Network Architectures and Services Department of Informatics Technical University of Munich HEAP BGP Observatory Johannes Zirngibl, Patrick Sattler, Markus Sosnowski, Georg Carle Acknowledgements: Johann Schlamp, Ralph Holz, Quentin

  1. Chair of Network Architectures and Services Department of Informatics Technical University of Munich HEAP BGP Observatory Johannes Zirngibl, Patrick Sattler, Markus Sosnowski, Georg Carle Acknowledgements: Johann Schlamp, Ralph Holz, Quentin Jacquemart, Ernst Biersack Thursday 27 th February, 2020 Chair of Network Architectures and Services Department of Informatics Technical University of Munich

  2. Hijacking Event Analysis Program (HEAP) HEAP Input Goal: Investigating BGP hijacking events IRR Registry Inference • Identify false positives based on three in- dependent filters Topology BENIGN • Active research since 2015 BGP Analysis • Initial work: Heap: Reliable Assessment of BGP Hi- SSL/TLS jacking Attacks by J. Schlamp, R. Holz, Q. Jacquemart, G. Scans Carle, E. Biersack in IEEE JSAC, June 2016 [2] Remaining Events Zirngibl, Sattler, Sosnowski, Carle — HEAP 2

  3. Hijacking Event Analysis Program (HEAP) HEAP Input IRR Registry Inference HEAP Input Topology • Possible hijacks BENIGN Analysis BGP • subMOAS from local BGP dumps and up- dates SSL/TLS • Published events from BGPMON 1 Scans Remaining Events 1 https://bgpstream.com/ Zirngibl, Sattler, Sosnowski, Carle — HEAP 3

  4. Hijacking Event Analysis Program (HEAP) HEAP Input Registry Inference IRR Registry • Legitimizing relations between actors dis- Inference prove an attack • Based on Internet Routing Registries Topology BENIGN • Historical data available BGP Analysis Topology Analysis • An upstream provider should filter attacks SSL/TLS • Based on AS paths Scans • Extracted from local BGP dumps and col- lectors Remaining Events Zirngibl, Sattler, Sosnowski, Carle — HEAP 4

  5. Hijacking Event Analysis Program (HEAP) HEAP Input Cryptographic Assurance IRR Registry An attacker does not possess private keys Inference and can not perform successful SSL/TLS hand- shakes with the according certificate. Topology • Ground truth: BENIGN BGP Analysis • Host behavior before a possible hijack • Regular updates • Good coverage, Internet-wide SSL/TLS • Event scans Scans • Host behavior during a possible hijack • Fast reaction to events Remaining Events Zirngibl, Sattler, Sosnowski, Carle — HEAP 5

  6. Hijacking Event Analysis Program (HEAP) Ground truth: Internet-wide Scans • Regularly collects certificates from HTTPS capable IPv4 Hosts • Complete IPv4 ZMAP scan towards port 443 • SSL/TLS connections to each host with an open port • Results: • ~47 M hosts with open port 443 • ~35 M successful SSL/TLS handshakes • Covering 3 M /24 networks Zirngibl, Sattler, Sosnowski, Carle — HEAP 6

  7. Hijacking Event Analysis Program (HEAP) Alert Scans • Establish SSL/TLS connections during an alert • Scan alerts in seconds • Only consider hosts from ground truth • Small number of hosts • High scan rate • Average daily events: • subMOAS: ~5000 • BGPMON: ~5-10 → ~30% benign Zirngibl, Sattler, Sosnowski, Carle — HEAP 7

  8. Prefix Top List Ranking the Importance of Events How can the importance and impact of a hijack be evaluated? • Rank events based on the hijacked prefix → Prefix Top Lists https://prefixtoplists.net.in.tum.de/ • Provides a new top list type • Ranks prefixes and ASes as important Internet resources • Assigns weights based on domain based top lists • Prefix Top Lists: Gaining Insights with Prefixes from Domain-based Top Lists on DNS Deploy- ment by J. Naab, P . Sattler, J. Jelten, O. Gasser, and G. Carle at IMC 2019 [1] Rank Prefix Weight # Domains # IP addr. 1 172.217.18.0/24, AS15169 – GOOGLE 0,0178 1039 35 2 172.217.16.0/24, AS15169 – GOOGLE 0,0175 1000 33 3 172.217.22.0/24, AS15169 – GOOGLE 0,0173 1041 42 4 216.58.206.0/23, AS15169 – GOOGLE 0,0165 973 35 5 172.217.23.0/24, AS15169 – GOOGLE 0,0164 775 23 6 140.205.64.0/18, AS37963 – CNNIC-ALIBABA 0,0160 6 4 7 216.58.208.0/24, AS15169 – GOOGLE 0,0154 443 14 8 111.160.0.0/13, AS4837 – CHINA169-BACKBONE 0,0134 3 4 BGP Prefix Ranking for August 1, 2019 based on Alexa List. Zirngibl, Sattler, Sosnowski, Carle — HEAP 8

  9. Joint Platform Enable Data Sharing and Joint Work • Ongoing project to build a platform that enables to share data and analysis tools • Provide VMs connected to a scientific data store • Allow collaboration on data • Easy reproduction of results • Work close to the data • We share data from HEAP and other work through this platform • If you are interested in access and collaborations contact us via → heap@net.in.tum.de → joint-platform@net.in.tum.de • We will be happy to collaborate! Zirngibl, Sattler, Sosnowski, Carle — HEAP 9

  10. Bibliography [1] J. Naab, P . Sattler, J. Jelten, O. Gasser, and G. Carle. Prefix top lists: Gaining insights with prefixes from domain-based top lists on dns deployment. In Proceedings of the Internet Measurement Conference , IMC ’19, page 351–357, New York, NY, USA, 2019. Association for Computing Machinery. [2] J. Schlamp, R. Holz, Q. Jacquemart, G. Carle, and E. W. Biersack. Heap: Reliable assessment of bgp hijacking attacks. IEEE Journal on Selected Areas in Communications , 34(6):1849–1861, June 2016. Zirngibl, Sattler, Sosnowski, Carle — HEAP 10

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

PROGRAM HEAP 2020-2021 WHAT IS HEAP? HEAP is a federally funded program that assists low

PROGRAM HEAP 2020-2021 WHAT IS HEAP? HEAP is a federally funded program that assists low

ERIE COUNTY DEPARTMENT OF SOCIAL SERVICES Program Overview PROGRAM HEAP 2020-2021 WHAT IS HEAP? HEAP is a federally funded program that assists low income households to reduce energy expense s. HEAP PROGRAMS Regular HEAP Available

531 views • 14 slides
Heapsort Build-Max-Heap Next we build a full heap from an unsorted sequence Build-Max-Heap(A)

Heapsort Build-Max-Heap Next we build a full heap from an unsorted sequence Build-Max-Heap(A)

Heapsort Build-Max-Heap Next we build a full heap from an unsorted sequence Build-Max-Heap(A) for i = floor( A.length/2 ) to 1 Max-Heapify(A, i) Build-Max-Heap Red part is already Heapified Build-Max-Heap Correctness: Base: Each alone

429 views • 23 slides
Windows 8 Heap Internals Windows 8 Heap Internals Windows 8 Heap Internals INTRODUCTION Windows 8

Windows 8 Heap Internals Windows 8 Heap Internals Windows 8 Heap Internals INTRODUCTION Windows 8

Windows 8 Heap Internals Windows 8 Heap Internals Windows 8 Heap Internals INTRODUCTION Windows 8 Heap Internals Who Chris Valasek (@nudehaberdasher) Sr. Research Scientist Coverity Tarjei Mandt (@kernelpool) Vulnerability

1.33k views • 91 slides
Chapter 19: Binomial Heaps We will study another heap structure called, the binomial heap. The

Chapter 19: Binomial Heaps We will study another heap structure called, the binomial heap. The

Chapter 19: Binomial Heaps We will study another heap structure called, the binomial heap. The binomial heap allows for efficient union, which can not be done efficiently in the binary heap. The extra cost paid is the minimum operation, which

560 views • 24 slides
When Testing in Production is a Good Idea Dan Robinson CTO, Heap whoami Joined as Heap's

When Testing in Production is a Good Idea Dan Robinson CTO, Heap whoami Joined as Heap's

When Testing in Production is a Good Idea Dan Robinson CTO, Heap whoami Joined as Heap's first hire in July, 2013. Previously an engineer at Palantir. Studied Math & CS at Stanford. What we'll talk about: 1. What is Heap? 2.

695 views • 47 slides
heaps and heapsort on n elements height of a heap is in (log n ) building a heap bottum-up in O (

heaps and heapsort on n elements height of a heap is in (log n ) building a heap bottum-up in O (

heaps and heapsort on n elements height of a heap is in (log n ) building a heap bottum-up in O ( n ) analysis via picture (learn) or using summations (know result) data structures and algorithms building a heap one-by-one in O ( n log n ) 2020

672 views • 7 slides
Initializing A Max Heap Initializing A Max Heap 1 1 3 3 2 2 4 5 6 7 4 5 6 7 8 9 7

Initializing A Max Heap Initializing A Max Heap 1 1 3 3 2 2 4 5 6 7 4 5 6 7 8 9 7

Initializing A Max Heap Initializing A Max Heap 1 1 3 3 2 2 4 5 6 7 4 5 6 7 8 9 7 7 11 8 8 9 7 7 11 8 10 10 input array = [-, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11] Start at rightmost array position that has a child.

522 views • 9 slides
Understanding the heap by breaking it A case study of the heap as a persistent data structure

Understanding the heap by breaking it A case study of the heap as a persistent data structure

Understanding the heap by breaking it A case study of the heap as a persistent data structure through non-traditional exploitation techniques Justin N. Ferguson // BH2007 The heap, what is it? Globally scoped data structure

906 views • 58 slides
In the Beginning was the Word Stephen Heap In the Beginning was the Word

In the Beginning was the Word Stephen Heap In the Beginning was the Word

In the Beginning was the Word Stephen Heap In the Beginning was the Word s.heap@uq.edu.au Stephen Heap s.heap@uq.edu.au Reading skill is based on three kinds of knowledge A fluent reader must have knowledge of: Language : word

480 views • 46 slides
A heap, a stack, a bottle and a rack The Stack Canary Birds The heap Answer: The first three

A heap, a stack, a bottle and a rack The Stack Canary Birds The heap Answer: The first three

A heap, a stack, a bottle and a rack The Stack Canary Birds The heap Answer: The first three segments are: code , read-only data and global data for the running process gurka. Then there is a segment for the heap . The segment marked with

399 views • 10 slides
Fibonacci Heap Group Paradox December 21, 2016 Contents 1. Introduction 2. Operations 3. Why

Fibonacci Heap Group Paradox December 21, 2016 Contents 1. Introduction 2. Operations 3. Why

Fibonacci Heap Group Paradox December 21, 2016 Contents 1. Introduction 2. Operations 3. Why it called Fibonacci (the proof) Priority Queue in Dijkstra Fibonacci Heap Operation Binary Heap Fibonacci Heap Find-Min O (1) O (1) Insert O (

465 views • 21 slides
6.006- Introduction to Priority Queue Algorithms A data structure implementing a set S of

6.006- Introduction to Priority Queue Algorithms A data structure implementing a set S of

Heap Menu Implementation of a priority queue Priority Queues An array, visualized as a nearly complete binary tree Max Heap Property: The key of a node is than the keys of Heaps its children (Min Heap defined

202 views • 7 slides
Priority Queue / Heap Stores ( key,data ) pairs (like dictionary) But, different set of

Priority Queue / Heap Stores ( key,data ) pairs (like dictionary) But, different set of

Priority Queue / Heap Stores ( key,data ) pairs (like dictionary) But, different set of operations: Initialize Heap : creates new empty heap Is Empty : returns true if heap is empty Insert ( key,data ): inserts ( key,data

956 views • 51 slides
Say Goodbye to Off-heap Caches! On-heap Caches Using Memory-Mapped I/O Iacovos G. Kolokasis 1 ,

Say Goodbye to Off-heap Caches! On-heap Caches Using Memory-Mapped I/O Iacovos G. Kolokasis 1 ,

Say Goodbye to Off-heap Caches! On-heap Caches Using Memory-Mapped I/O Iacovos G. Kolokasis 1 , Anastasios Papagiannis 1 , Foivos Zakkak 2 , Polyvios Pratikakis 1 , and Angelos Bilas 1 1 University of Crete & Foundation of Research and

457 views • 19 slides
CS 241 Data Organization Heapsort February 15, 2018 Heapsort algorithm Make heap While

CS 241 Data Organization Heapsort February 15, 2018 Heapsort algorithm Make heap While

CS 241 Data Organization Heapsort February 15, 2018 Heapsort algorithm Make heap While heap is not empty Remove largest item Restore heap property What is a heap? Complete Binary Tree Binary Tree: Each node has at most 2

142 views • 12 slides
Week 14 - Monday What did we talk about last time? Heap implementation Heap sort

Week 14 - Monday What did we talk about last time? Heap implementation Heap sort

Week 14 - Monday What did we talk about last time? Heap implementation Heap sort Lab hours Wednesdays at 5 p.m. in The Point 113 Saturdays at noon in The Point 113 (Cancelled this Saturday for Thanksgiving!) CS Club

451 views • 24 slides
A Multiversion Programming Inspired Approach to Detecting Audio Adversarial Examples Qiang Zeng ,

A Multiversion Programming Inspired Approach to Detecting Audio Adversarial Examples Qiang Zeng ,

A Multiversion Programming Inspired Approach to Detecting Audio Adversarial Examples Qiang Zeng , Jianhai Su, Chenglong Fu, Golam Kayas, Lannan Luo, Xiaojiang Du, Chiu C. Tan, and Jie Wu DSN 2019 2 3 Audio AE generation Open the front

353 views • 20 slides
AccessMiner: Using System-Centric Models for Malware Protection Andrea Lanzi 1 Davide Balzarotti 1

AccessMiner: Using System-Centric Models for Malware Protection Andrea Lanzi 1 Davide Balzarotti 1

AccessMiner: Using System-Centric Models for Malware Protection Andrea Lanzi 1 Davide Balzarotti 1 Christopher Kruegel 2 Mihai Christodorescu 3 Engin Kirda 1 1 Institute Eurecom 2 UC Santa Barbara 3 IBM T.J. Watson Research 17th ACM Conference on

545 views • 43 slides
Attacking the stack Thanks to SysSec and Secure Systems Labs at Vienna University of Technology

Attacking the stack Thanks to SysSec and Secure Systems Labs at Vienna University of Technology

Attacking the stack Thanks to SysSec and Secure Systems Labs at Vienna University of Technology for some of these slides Attacking the stack We have seen how the stack works. Now: lets see how we can abuse this. We have already seen how code

671 views • 47 slides
# of true positives true positive rate = # of known positives (Proportion of actual positives

# of true positives true positive rate = # of known positives (Proportion of actual positives

True positive rate (Sensitivity) # of true positives true positive rate = # of known positives (Proportion of actual positives that are correctly identified) True negative rate (Specificity) # of true negatives true negative rate = # of known

475 views • 24 slides
Forensic Markers of Elder Abuse Laura Mosqueda, M.D. Chair and Professor of Family Medicine and

Forensic Markers of Elder Abuse Laura Mosqueda, M.D. Chair and Professor of Family Medicine and

Forensic Markers of Elder Abuse Laura Mosqueda, M.D. Chair and Professor of Family Medicine and Geriatrics Keck School of Medicine of USC University of Southern California The Game Plan Introductory comments Age-related changes and how

417 views • 27 slides
Possible & Impossible Infinities Michael Huemer owl232@earthlink.net Problem When is an

Possible & Impossible Infinities Michael Huemer owl232@earthlink.net Problem When is an

Possible & Impossible Infinities Michael Huemer owl232@earthlink.net Problem When is an infinite series impossible? 6 Infinite 3 False A Better Series Theories Theory Six Infinities The Truth Regress Series: P. Its true that P.

464 views • 30 slides
Chris Hopkins, PhD, MBA and CSO patient variant drug p.R292H pathogenicity Is this variant in

Chris Hopkins, PhD, MBA and CSO patient variant drug p.R292H pathogenicity Is this variant in

Chris Hopkins, PhD, MBA and CSO patient variant drug p.R292H pathogenicity Is this variant in my patient pathogenic or benign? "The Doctor" by Sir Luke Fildes (1891) Drop in genome price drives increase in patient variant

500 views • 22 slides
Overview of Indeterminate Cytology Scott Boerner MD FRCPC Head Cytopathology, University Health

Overview of Indeterminate Cytology Scott Boerner MD FRCPC Head Cytopathology, University Health

83 rd Annual Meeting American Thyroid Association Overview of Indeterminate Cytology Scott Boerner MD FRCPC Head Cytopathology, University Health Network University of Toronto PRESENTATION FROM THE 83rd ANNUAL MEETING OF THE AMERICAN THYROID

662 views • 26 slides

More recommend