large scale attacks on the internet lessons learned from
play

Large Scale Attacks on the Internet Lessons learned from the LOBSTER - PowerPoint PPT Presentation

Apr 24, 2023 •100 likes •335 views

The LOBSTER project An IST Project http://www.ist-lobster.org/ Large Scale Attacks on the Internet Lessons learned from the LOBSTER project Evangelos Markatos Institute of Computer Science (ICS) Foundation for Research and Technology

  1. The LOBSTER project An IST Project http://www.ist-lobster.org/ Large Scale Attacks on the Internet Lessons learned from the LOBSTER project Evangelos Markatos Institute of Computer Science (ICS) Foundation for Research and Technology – Hellas (FORTH) Crete, Greece Learning from Large Scale Attacks on the Internet markatos@ics.forth.gr Policy Implications

  2. Agenda An IST Project http://www.ist-lobster.org/ • Motivation • The LOBSTER Infrastructure – Number of sensors - deployment – Attacks captured • Lessons Learned • Policy Implications Learning from Large Scale Attacks on the Internet markatos@ics.forth.gr Policy Implications

  3. Agenda An IST Project http://www.ist-lobster.org/ • Motivation • The LOBSTER Infrastructure – Number of sensors - deployment – Attacks captured • Lessons Learned • Policy Implications Learning from Large Scale Attacks on the Internet markatos@ics.forth.gr Policy Implications

  4. Computer Security is getting increasingly important An IST Project http://www.ist-lobster.org/ • 1988 – The Morris worm compromised 6,000 UNIX computers • 2001 – The Code Red worm compromised 300,000 computers Source: CAIDA/UCSD Learning from Large Scale Attacks on the Internet markatos@ics.forth.gr Policy Implications

  5. Computer Security is Critical An IST Project http://www.ist-lobster.org/ • 2007: Vint Cerf (the father of the Internet and VP of Google) says: – 25% of all computers online are compromised • 100-150 million computers are compromised… Learning from Large Scale Attacks on the Internet markatos@ics.forth.gr Policy Implications

  6. Vulnerabilities An IST Project http://www.ist-lobster.org/ Vulnerabilities found 5000 4000 3000 2000 1000 0 2004 2005 2006 • Total Vulnerabilities documented by Symantec Corporation (source: Internet Security Threat Report) Learning from Large Scale Attacks on the Internet markatos@ics.forth.gr Policy Implications

  7. Black Market Trading An IST Project http://www.ist-lobster.org/ Learning from Large Scale Attacks on the Internet markatos@ics.forth.gr Policy Implications

  8. So? An IST Project http://www.ist-lobster.org/ • One out of four computers is compromised • Hackers penetrate all different kinds of computers • Vulnerabilities are increasing every year • They are being sold in the black market • We need to react: – Monitor large scale attacks – Understand mechanisms and motives of attackers Learning from Large Scale Attacks on the Internet markatos@ics.forth.gr Policy Implications

  9. Agenda An IST Project http://www.ist-lobster.org/ • Motivation • The LOBSTER Infrastructure – Number of sensors - deployment – Attacks captured • Lessons Learned • Policy Implications Learning from Large Scale Attacks on the Internet markatos@ics.forth.gr Policy Implications

  10. The LOBSTER project An IST Project http://www.ist-lobster.org/ • Research Networking Test-Bed project – 2005-2007 Funded by IST • Installed a monitoring infrastructure – To study performance and security issues in European Research and Educational networks – Deployed • more than 40 sensors • in 10 countries – Monitors incoming traffic to see if it contains network attacks from hackers Funded by the European Commission Learning from Large Scale Attacks on the Internet markatos@ics.forth.gr Policy Implications

  11. LOBSTER Deployment An IST Project http://www.ist-lobster.org/ Learning from Large Scale Attacks on the Internet markatos@ics.forth.gr Policy Implications

  12. Attacks Captured: focus on polymorphic attacks An IST Project http://www.ist-lobster.org/ • Close to one million attacks captured • One attack every 30 seconds! • One attack every two seconds (peak rate)! Learning from Large Scale Attacks on the Internet markatos@ics.forth.gr Policy Implications

  13. Where do attackers come from? An IST Project http://www.ist-lobster.org/ All over the world Learning from Large Scale Attacks on the Internet markatos@ics.forth.gr Policy Implications

  14. Where do attackers come from? An IST Project http://www.ist-lobster.org/ • 70% of the attacks to an organization originate from “inside” hosts – Maybe compromised computers which attack the local network Attacks Launched from internal hosts from external hosts Learning from Large Scale Attacks on the Internet markatos@ics.forth.gr Policy Implications

  15. Agenda An IST Project http://www.ist-lobster.org/ • Motivation • The LOBSTER Infrastructure – Number of sensors - deployment – Attacks captured • Lessons Learned • Policy Implications Learning from Large Scale Attacks on the Internet markatos@ics.forth.gr Policy Implications

  16. Lessons Learned An IST Project http://www.ist-lobster.org/ • Attackers launch attacks from all over the world • Several attacks originate from “internal” hosts – Probably compromised computers of the organization • Isolated viewpoints provided a “narrow point of view” of the attack plane, i.e. – One sensor reported heavy attack while – Another sensor reported very little attacks SENSOR 1 SENSOR 2 Learning from Large Scale Attacks on the Internet markatos@ics.forth.gr Policy Implications

  17. Agenda An IST Project http://www.ist-lobster.org/ • Motivation • The LOBSTER Infrastructure – Number of sensors - deployment – Attacks captured • Lessons Learned • Policy Implications Learning from Large Scale Attacks on the Internet markatos@ics.forth.gr Policy Implications

  18. What needs to be done? An IST Project http://www.ist-lobster.org/ • The knowledge of large scale attacks may be fragmented today – Individual organizations know their status but do not know the status of other organizations/networks • Very few people/organizations have a global view of the attack landscape • Even fewer publish this information on the public domain • We need to work towards a “broad viewpoint” by sharing of data • Large-scale attack monitoring needs “broadened points of view” Learning from Large Scale Attacks on the Internet markatos@ics.forth.gr Policy Implications

  19. What has been done An IST Project http://www.ist-lobster.org/ • ENISA has started work in this area: – Examining the feasibility of a data collection framework • Unit A3 of ICT promotes the “Learning from Large-Scale Attacks on the Internet” • Individual projects/organizations in Europe provide some form of data/information (NoAH, WOMBAT, Arakis, Leurre.com, etc.) • BUT • We need to share more information/data Learning from Large Scale Attacks on the Internet markatos@ics.forth.gr Policy Implications

  20. What needs to be done? An IST Project http://www.ist-lobster.org/ • Facilitate sharing of knowledge – facilitate sharing of data – Encourage Organizations to share attack-related data • Universities are usually willing to provide information but – they may need technical and legal advice before doing so – Help organizations exchange attack-related data • Create repositories for all data provided by individual organizations • Provide a legal framework for data sharing – Who can access the data, when and for which purposes Learning from Large Scale Attacks on the Internet markatos@ics.forth.gr Policy Implications

  21. Summary An IST Project http://www.ist-lobster.org/ • Lots of attacks out there • Vulnerabilities are increasing – They are being traded in the black market • One out of four computers is compromised • Existing projects/initiatives/organizations provide attack- related information-data but – Most of them provide narrow viewpoints • We need to find a formula to broaden our point of view – And to share data and information • Large-scale attacks need large-scale viewpoints Learning from Large Scale Attacks on the Internet markatos@ics.forth.gr Policy Implications

  22. The LOBSTER project An IST Project http://www.ist-lobster.org/ Large Scale Attacks on the Internet Lessons learned from the LOBSTER project Evangelos Markatos Institute of Computer Science (ICS) Foundation for Research and Technology – Hellas (FORTH) Crete, Greece Learning from Large Scale Attacks on the Internet markatos@ics.forth.gr Policy Implications

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lessons Learned from a Large-Scale Telco OSP+SDN Deployment Guil Barros, Sr. Pr. Product Manager

Lessons Learned from a Large-Scale Telco OSP+SDN Deployment Guil Barros, Sr. Pr. Product Manager

Lessons Learned from a Large-Scale Telco OSP+SDN Deployment Guil Barros, Sr. Pr. Product Manager OpenStack, Red Hat Vicken Krissian, Sr. Technical Project Manager, Red Hat Cyril Lopez, Sr. OpenStack Consultant, Red Hat Agenda Who we are

631 views • 20 slides
CoDef: Collaborative Defense against Large-Scale Link-Flooding Attacks Soo Bum Lee * , Min Suk

CoDef: Collaborative Defense against Large-Scale Link-Flooding Attacks Soo Bum Lee * , Min Suk

CoDef: Collaborative Defense against Large-Scale Link-Flooding Attacks Soo Bum Lee * , Min Suk Kang , Virgil D. Gligor CyLab, Carnegie Mellon University * Qualcomm Dec. 12, 2013 Large Scale Link-Flooding Attacks Massive DDoS attacks against

487 views • 27 slides
Workshop D Energy Savings Champions: Lessons Learned from Large-Scale School Lighting Upgrade

Workshop D Energy Savings Champions: Lessons Learned from Large-Scale School Lighting Upgrade

Workshop D Energy Savings Champions: Lessons Learned from Large-Scale School Lighting Upgrade Tuesday, February 18, 2020 10:45 a.m. to Noon Biographical Information Jeffrey A. Roe, Energy Manager & Environmental Health and Safety Manager

864 views • 57 slides
Microservices at Netflix Scale First Principles, Tradeoffs, Lessons Learned Ruslan Meshenberg

Microservices at Netflix Scale First Principles, Tradeoffs, Lessons Learned Ruslan Meshenberg

Microservices at Netflix Scale First Principles, Tradeoffs, Lessons Learned Ruslan Meshenberg @rusmeshenberg Microservices: all benefits, no costs? Netflix is the worlds leading Internet television network with over 81 million members in

1.01k views • 62 slides
Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From

Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From

Protg 2006, July 26th, Stanford I R I S A C 1 R E C Saint-Cyr Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From Ontology Ontology Design Design Ontology Ontology Design Design Jean Andr B

371 views • 12 slides
1 <Insert Picture Here> C++, Java and .NET: Lessons learned from the Internet Age, and

1 <Insert Picture Here> C++, Java and .NET: Lessons learned from the Internet Age, and

1 <Insert Picture Here> C++, Java and .NET: Lessons learned from the Internet Age, and What it Means for the Cloud and Emerging Languages Cameron Purdy Vice President, Development Overview <Insert Picture Here> A retrospective of

656 views • 41 slides
Internet-scale Experimentation The challenges of large-scale networked system experimentation and

Internet-scale Experimentation The challenges of large-scale networked system experimentation and

Internet-scale Experimentation The challenges of large-scale networked system experimentation and measurements MIT Tech Review on The Loon Project The state of affairs An ever growing Internet ~3 billion people 15 billion devices

1.21k views • 107 slides
Migration From DB2 in a Large Public Setting: Lessons Learned Bal azs B ar any and

Migration From DB2 in a Large Public Setting: Lessons Learned Bal azs B ar any and

Migration From DB2 in a Large Public Setting: Lessons Learned Bal azs B ar any and Michael Banck PGConf.EU 2017 Introduction Federate state ministry in Germany Hosting by states central IT service centre Michael worked as

685 views • 21 slides
Scale-Up, Spread, and Sustainment of Tele-Collaborative Care: Lessons Learned from a

Scale-Up, Spread, and Sustainment of Tele-Collaborative Care: Lessons Learned from a

Scale-Up, Spread, and Sustainment of Tele-Collaborative Care: Lessons Learned from a Model-Guided, Mixed Methods Analysis Mark S. Bauer, MD VA Center for Healthcare Organization & Implementation Research (CHOIR) & the VA QUERI for

422 views • 17 slides
Internet Topology Generation for Large Scale BGP Simulation Jean-Michel Fourneau - Houssame

Internet Topology Generation for Large Scale BGP Simulation Jean-Michel Fourneau - Houssame

Internet Topology Generation for Large Scale BGP Simulation Jean-Michel Fourneau - Houssame Yahiaoui Outlook BGP: Border Gateway Protocol Large Scale Simulation: motivations Large Scale BGP Simulation Model Realistic Topologies

550 views • 17 slides
7 Lessons Learned Leading Internet Era Communities Zachary Rosen TWITTER:@ZACK EMAIL:

7 Lessons Learned Leading Internet Era Communities Zachary Rosen TWITTER:@ZACK EMAIL:

7 Lessons Learned Leading Internet Era Communities Zachary Rosen TWITTER:@ZACK EMAIL: ZACK@GETPANTHEON.COM MY QUICK STORY The Professional Website Platform IM A MISSIONARY, NOT A MERCENARY OUR MISSION Democratize the web. 7 LESSONS

573 views • 21 slides
C++, Java and .NET: Lessons learned from the Internet Age, and What it Means for the Cloud and

C++, Java and .NET: Lessons learned from the Internet Age, and What it Means for the Cloud and

<Insert Picture Here> C++, Java and .NET: Lessons learned from the Internet Age, and What it Means for the Cloud and Emerging Languages Cameron Purdy Vice President, Development Overview <Insert Picture Here> A retrospective of

532 views • 40 slides
INTERNET SERVICES 2110414 Large Scale Computing Systems Natawut Nupairoj, Ph.D. Outline 2

INTERNET SERVICES 2110414 Large Scale Computing Systems Natawut Nupairoj, Ph.D. Outline 2

2110414 - Large Scale Computing Systems 1 LARGE SCALE INTERNET SERVICES 2110414 Large Scale Computing Systems Natawut Nupairoj, Ph.D. Outline 2 Overview Background Knowledge Architectural Case Studies Real-World Case Study

609 views • 35 slides
Lessons Learned from Implementing a Web-Based Tool for Brief Alcohol Interventions in a Large

Lessons Learned from Implementing a Web-Based Tool for Brief Alcohol Interventions in a Large

Lessons Learned from Implementing a Web-Based Tool for Brief Alcohol Interventions in a Large Integrated Health Care System Ken Weingardt, Ph.D., Michael A. Cucciare, PhD Paula Wilbourne, PhD, John S. Baer, PhD Veterans Health Administration

418 views • 27 slides
RabbitMQ at Scale, Lessons Learned OpenStack Summit Barcelona Matthew Popow, Weiguo Sun, Wei

RabbitMQ at Scale, Lessons Learned OpenStack Summit Barcelona Matthew Popow, Weiguo Sun, Wei

RabbitMQ at Scale, Lessons Learned OpenStack Summit Barcelona Matthew Popow, Weiguo Sun, Wei Tie, Scott Pham, Kerry Miles @mattpopow October 26, 2016 Environment Details Overcloud / Undercloud 800+ Nova Compute Nodes, 700 Routers,

431 views • 31 slides
Evaluation of Amplification attacks in large-scale networks to improve detection performance

Evaluation of Amplification attacks in large-scale networks to improve detection performance

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Evaluation of Amplification attacks in large-scale networks to improve detection performance Michael Kpferl Interdisciplinary Project Final

517 views • 49 slides
L bster The Enhanced So Solu lutio ion for r Fla lange Gasket In Insertio ion

L bster The Enhanced So Solu lutio ion for r Fla lange Gasket In Insertio ion

L bster The Enhanced So Solu lutio ion for r Fla lange Gasket In Insertio ion GP-L01/V1.7 Presentation Content Company Introduction Gasket Insertion Tools Current Solutions & Disadvantages The Unique Solution The

355 views • 18 slides
Sound Growth Strategy for the Quiet Achievers Matt Taylor WRL CEO Western Rock Lobster Council

Sound Growth Strategy for the Quiet Achievers Matt Taylor WRL CEO Western Rock Lobster Council

LOBSTER SUCCESS Sound Growth Strategy for the Quiet Achievers Matt Taylor WRL CEO Western Rock Lobster Council Who are we? Who are we? Peak industry body representing the interests of the western rock lobster fishery Strive to

455 views • 23 slides
Victoria Matheu Delgado 22 September 2017 Introduction to Paladar ar Wines es A True

Victoria Matheu Delgado 22 September 2017 Introduction to Paladar ar Wines es A True

Victoria Matheu Delgado 22 September 2017 Introduction to Paladar ar Wines es A True Value Proposition Target Segment Path to Purchase Competition Marketing Mix Questions Provenance Established Markets and Method

467 views • 19 slides
Alternative Investment Fund Managers Directive The Depositary -Lite Regime A Practical

Alternative Investment Fund Managers Directive The Depositary -Lite Regime A Practical

Alternative Investment Fund Managers Directive The Depositary -Lite Regime A Practical Perspective Bill Prew, CEO, INDOS Financial Limited 4 March 2014 Contents AIFMD Depositary Requirements Depositary-Lite Requirements

126 views • 12 slides
First Co Coast G Guard D District Joint V VMS/Enfor orcem emen ent Com ommittee and

First Co Coast G Guard D District Joint V VMS/Enfor orcem emen ent Com ommittee and

First Co Coast G Guard D District Joint V VMS/Enfor orcem emen ent Com ommittee and Advisory P y Panel ALWTRP RP Enforcemen ent APR-JUN2018: Sector Southeastern New England participated in OP OPEN CHANNEL to target the Great South

117 views • 11 slides
Steak and Lobster: Creating a Paradigm Shift February 16, 2018 Michael Armbruster, Ed.D. The

Steak and Lobster: Creating a Paradigm Shift February 16, 2018 Michael Armbruster, Ed.D. The

Orange County Public Schools Steak and Lobster: Creating a Paradigm Shift February 16, 2018 Michael Armbruster, Ed.D. The Tech Center Experience Orange County Public Schools Welcome Just a little background info The Tech Center

450 views • 44 slides
2019 National Sea Grant American Lobster Research Program Federal Funding Opportunity (FFO) What

2019 National Sea Grant American Lobster Research Program Federal Funding Opportunity (FFO) What

National Sea Grant Office February 14, 2019 Photo credit: Rebecca Irelan, NH Sea Grant 2019 National Sea Grant American Lobster Research Program Federal Funding Opportunity (FFO) What is Sea Grant? Based at universities across the country,

493 views • 16 slides
Eastern Shore Fisherman s Protective Association P.O. Box 55, Musquodoboit Harbour, NS, B0J

Eastern Shore Fisherman s Protective Association P.O. Box 55, Musquodoboit Harbour, NS, B0J

Eastern Shore Fisherman s Protective Association P.O. Box 55, Musquodoboit Harbour, NS, B0J 2L0 Office: 889-3185 Fax: 889-3403 Date: May 5 th , 2018 RE: Eastern Shore Islands Area of Interest TO: National Advisory Panel on MPA Standards

253 views • 4 slides

More recommend