manati
play

ManaTI Web Assistance for the Threat Analyst, supported by Domain - PowerPoint PPT Presentation

Aug 14, 2023 •398 likes •757 views

ManaTI Web Assistance for the Threat Analyst, supported by Domain Similarity SEBASTIN GARCA RAL BENTEZ NETTO sebastian.garcia@agents.fel.cvut.cz raulbeni@gmail.com @eldracote @Piuliss Czech Technical University in Prague

  1. ManaTI Web Assistance for the Threat Analyst, supported by Domain Similarity SEBASTIÁN GARCÍA RAÚL BENÍTEZ NETTO sebastian.garcia@agents.fel.cvut.cz raulbeni@gmail.com @eldracote @Piuliss Czech Technical University in Prague https://github.com/stratosphereips/Manati

  2. Stratosphere Project a free software Intrusion Prevention System Security and Machine Free protection for NGOs. Learning Stratosphere Data Analysis Project https://stratosphereips.org/ @stratosphereips @StratosphereIPS

  3. What and why? ManaTI is a web-based system to analyze, store and organize weblogs faster in a threat analysis team.

  4. ManaTI Purpose ManaTI assists threat analysis team to make their work faster and more e ff ective

  5. Raúl Benítez Netto Master Student in CTU Member of Stratosphere Project Web/App developer focus cyber- security environment Photographer a fi cionado raulbeni@gmail.com @Piuliss

  6. Sebastian García Founder of Stratosphere Project Creator of Stratosphere IPS Researcher on cybersecurity using Machine Learning eldraco@gmail.com @eldracote

  7. Basic knowledge Weblogs WHOIS information IoCs (Indicators of Compromise)

  8. Analysis of Malware Behavior in the Network The art of understanding the traces of the malware in the network logs.

  9. Malware Traces Records of connections that malware perform to connect with their C&C

  10. Threat Analyst work fi ltering and searching Open Labels IoCs weblogs Incident Consult DB of Report Reputations indicators Identify Identifying Malware patterns

  11. Tools used by Threat Analysts Terminal/Console Logs Viewer VIM/VI Log Parser WC (Word Count) Apache Log Viewer AWK LogExpert GREP Big Data analysis splunk.com

  12. Problems in Threat Analysis Huge amount of Data Labeling Data Much Knowledge Repetitive tasks lost over time It is di ffi cult and tiresome

  13. ManaTI principles Fast! Storage Work in teams GUI - Web Provide Assistance Machine Learning API - Class Interface Algorithm https://github.com/stratosphereips/Manati

  14. ManaTI Work fl ow

  15. ManaTI basic features and usability

  16. Analysis Sessions and Multi-users

  17. Basic GUI to vizualise weblogs fi les. Basic table to paginate, fi lter Interface and search weblog data

  18. Demo Basic Dynamic Table

  19. Weblogs It is the basic and more important action for a malware behavior Labelling analyst. Detect malicious IoCs

  20. Demo - Weblog labeling

  21. Exporting Dynamic Table

  22. Comments

  23. History of changes

  24. Third-party The threat analysts often use several external services to know about the intelligence IoCs tools

  25. Statistics and See in real time the perfomance progress of the Metrics user

  26. External Modules ManaTI allows analysts to create their own scripts and modules to increase the number of labels or weblogs analyzed in a period of time

  27. Sync with Database - Merging Labels Weblog Merging Labels

  28. WHOIS Similarity How similar are two domains ? Distance Algorithm WHOIS fi elds Domain A Domain B Distance registrar’s name MARKMONITOR INC. MARKMONITOR IN 0.0 contact’s name. DNS Admin Domain 13.0 Administrator org.’s name Google Inc. Facebook, Inc. 8.0 contacts emails dns- [domain@fb.com] 11.0 admin@google.com zip code 94043 94025 2.0 domain’s name google.com facebook.com 8.0 duration in days 8401 10229 0.82 servers’ name [ns1.google.com,...] [a.ns.facebook.com ​ 11.0 ...]

  29. WHOIS Similarity Distance Algorithm

  30. WHOIS Similarity Distance Algorithm How to determine is two domains are related? Machine Learning ? https://github.com/stratosphereips/whois-similarity-distance

  31. ManaTI Contributions All-in-one with Web interface A scalable and extensible backend server A novel WHOIS distance measure Veri fi cation of performance improvements

  32. Future of ManaTI Improving WHOIS Similarity Distance IOCs labeling Import/Export labelled IOCs Integration with Stratosphere IPS Add more types of fi les Malware Detection Active learning Community Ideas

  33. Conclusion ManaTI : is a novel tool to facilitate the work is high functional scalable user-friendly can increase the weblogs labelling speed x3.4 OpenSource !

  34. ManaTI Project Thank you! SEBASTIÁN GARCÍA sebastian.garcia@agents.fel.cvut.cz @eldracote RAÚL BENÍTEZ NETTO benitrau@ fi t.cvut.cz raulbeni@gmail.com @Piuliss https://github.com/stratosphereips/Manati

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Opinion Extraction Task Opinion Mining Reviews A popular topic in opinion analysis is

Opinion Extraction Task Opinion Mining Reviews A popular topic in opinion analysis is

Opinion Extraction Task Opinion Mining Reviews A popular topic in opinion analysis is extracting sentiments [Kobayashi et al., 2007] take the approach that most evaluative related to products, entertainment, and service industries. opinions

576 views • 5 slides
Discover the Power in YOUR story with AT and Creative Media Presented by: Brooke Brown Founder

Discover the Power in YOUR story with AT and Creative Media Presented by: Brooke Brown Founder

Discover the Power in YOUR story with AT and Creative Media Presented by: Brooke Brown Founder and Story Editor Brooke's Butterfly Touch: Creative Storytelling Services Brookes Credentials I am the author of The Little Butterfly Girl ,

565 views • 17 slides
Communicating with Databases String based queries are prevalent: u JPA, Hibernate, TopLink

Communicating with Databases String based queries are prevalent: u JPA, Hibernate, TopLink

Communicating with Databases String based queries are prevalent: u JPA, Hibernate, TopLink Strings JAVA DB 1 Example: Using JPA to query DB Query in JPA Query Language: SELECT w FROM Weblog w WHERE w.id = ?1 AND w.link.id = ?2 Java

1.09k views • 64 slides
The Evolution of Web Content and Search Engines Ricardo Baeza Baeza- -Yates Yates Ricardo

The Evolution of Web Content and Search Engines Ricardo Baeza Baeza- -Yates Yates Ricardo

The Evolution of Web Content and Search Engines Ricardo Baeza Baeza- -Yates Yates Ricardo Yahoo! Research, DCC/UChile, UPF/Spain lvaro lvaro Pereira Pereira Jr Jr DCC/UFMG/Brazil Nivio Ziviani Ziviani Nivio DCC/UFMG/Brazil

269 views • 15 slides
Linearization Error Polina Zheglova DNOISE Seminar, October 16, 2013 1/7 Linearization Error

Linearization Error Polina Zheglova DNOISE Seminar, October 16, 2013 1/7 Linearization Error

Linearization Error Polina Zheglova DNOISE Seminar, October 16, 2013 1/7 Linearization Error Velocity Model c = v + v v = vr v = v ( z ) is smooth r = r ( z ) is oscillatory random Standard deviation of r is 5% 2/7 Linearization Error

363 views • 7 slides
Weblogging: is it journalism? Speaker: Emilis Dambauskas Journalists and the Internet: Who

Weblogging: is it journalism? Speaker: Emilis Dambauskas Journalists and the Internet: Who

Weblogging: is it journalism? Speaker: Emilis Dambauskas Journalists and the Internet: Who controls who? 2003 October 10-11, Kaunas 1 Definitions journalism: the collection, preparation and distribution of news and re- lated commentary and

486 views • 25 slides
Identifying Personality and Psychological States in Words Cindy K. Chung, Ph.D. Senior Research

Identifying Personality and Psychological States in Words Cindy K. Chung, Ph.D. Senior Research

Identifying Personality and Psychological States in Words Cindy K. Chung, Ph.D. Senior Research Scientist Intel Labs In Collaboration With: James W. Pennebaker, The University of Texas at Austin Yla R. Tausczik, Carnegie Mellon University

304 views • 12 slides
Recast European Insolvency Regulation An Introductory Analysis Prof. Dr. Bob Wessels Em. Prof.

Recast European Insolvency Regulation An Introductory Analysis Prof. Dr. Bob Wessels Em. Prof.

Recast European Insolvency Regulation Prof. Dr. Bob Wessels Recast European Insolvency Regulation An Introductory Analysis Prof. Dr. Bob Wessels Em. Prof. University of Leiden / The Netherlands info@bobwessels.nl [February 2015]

292 views • 17 slides
and Combinations of Key-Phrases and Visual Features Yaakov HaCohen-Kerner 1 , Asaf Sabag 1,

and Combinations of Key-Phrases and Visual Features Yaakov HaCohen-Kerner 1 , Asaf Sabag 1,

Classification Using Various Machine Learning Methods and Combinations of Key-Phrases and Visual Features Yaakov HaCohen-Kerner 1 , Asaf Sabag 1, Dimitris Liparas 2 , Anastasia Moumtzidou 2 , Stefanos Vrochidis 2 , Ioannis Kompatsiaris 2 1 Dept. of

433 views • 19 slides
Open-access datasets for time series causality discovery validation I. Guyon, C. Aliferis, G.

Open-access datasets for time series causality discovery validation I. Guyon, C. Aliferis, G.

Open-access datasets for time series causality discovery validation I. Guyon, C. Aliferis, G. Cooper, A. Elisseff, O. Guyon, J.-P. Pellet, A. Statnikov, P. Spirtes http://clopinet.com/causality/ causality@clopinet.com The challenges of

507 views • 16 slides
A Big Data Architecture for the Detection of Anomalies within Database Connection Logs Swapneel

A Big Data Architecture for the Detection of Anomalies within Database Connection Logs Swapneel

A Big Data Architecture for the Detection of Anomalies within Database Connection Logs Swapneel Mehta, Prasanth Kothuri, Daniel Lanza Garcia European Organisation for Nuclear Research Meyrin, Geneva {swapneel.sundeep.mehta, prasanth.kothuri,

253 views • 6 slides
Your web server has been hacked now what? Archzilon Eshun-Davies (@laudarch)_ CISO/CEO Tactical

Your web server has been hacked now what? Archzilon Eshun-Davies (@laudarch)_ CISO/CEO Tactical

Your web server has been hacked now what? Archzilon Eshun-Davies (@laudarch)_ CISO/CEO Tactical Intelligence Security OWASP Ghana 2019 Who is this talk for? - Individuals, developers and sys admins. Are you sure youve been hacked? Q1:

247 views • 11 slides
Catch Your Own Bugs: Including all Engineers in the Automation Cycle Laura Bright McAfee, Inc .

Catch Your Own Bugs: Including all Engineers in the Automation Cycle Laura Bright McAfee, Inc .

Catch Your Own Bugs: Including all Engineers in the Automation Cycle Laura Bright McAfee, Inc . Laura_Bright@mcafee.com October 9, 2012 Introduction End-to-end automation frameworks provide many benefits Continual monitoring of product

423 views • 23 slides
Hardening PHP - Some basic security measures. Antonio Bonifati

Hardening PHP - Some basic security measures. Antonio Bonifati

Hardening PHP - Some basic security measures. Antonio Bonifati <http://ninuzzo.freehostia.com> ABSTRACT A summary of the most important PHP settings aimed at improving security of PHP web servers. Whenever you have to harden a PHP

615 views • 5 slides
Forensic analysis of a Linux web server 1 www.nbs-system.com Agenda Who are we ? Performing

Forensic analysis of a Linux web server 1 www.nbs-system.com Agenda Who are we ? Performing

Mathieu Deous Julien Reveret Forensic analysis of a Linux web server 1 www.nbs-system.com Agenda Who are we ? Performing forensic analysis on a compromised web server What to search, where, how ? Logs but also dynamic analysis What

603 views • 28 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Introduction Introduction Welcome to the course! Instructor: Dr. Charles J. Antonelli

209 views • 10 slides
FLEET COMMANDER THE EFFICIENT WAY OF MANAGING THE DESKTOP PROFILES OF YOUR FLEET! FABIANO

FLEET COMMANDER THE EFFICIENT WAY OF MANAGING THE DESKTOP PROFILES OF YOUR FLEET! FABIANO

FLEET COMMANDER THE EFFICIENT WAY OF MANAGING THE DESKTOP PROFILES OF YOUR FLEET! FABIANO FIDNCIO OLIVER GUTIRREZ WHAT IS A DESKTOP PROFILE? A GROUP OF DESKTOP RELATED SETTINGS ASSOCIATED TO A USER, GROUP, HOST OR HOSTGROUP WHAT IS FLEET

816 views • 14 slides
A First Look at Traffic on Smartphones by Falaki et al. Andrew Zafft CS Department Agenda

A First Look at Traffic on Smartphones by Falaki et al. Andrew Zafft CS Department Agenda

A First Look at Traffic on Smartphones by Falaki et al. Andrew Zafft CS Department Agenda Objective Study Structure Outcomes & Observations Future Work / Citations Conclusions 2 Worcester Polytechnic Institute

581 views • 21 slides
LHC LOGGING Timeline of t he proj ect , resources Cont ext : where does logging f it in? Basic

LHC LOGGING Timeline of t he proj ect , resources Cont ext : where does logging f it in? Basic

Outline Launching of t he LHC Logging proj ect Mandat e, scope and obj ect ives LHC LOGGING Timeline of t he proj ect , resources Cont ext : where does logging f it in? Basic f unct ionalit ies Filt ering of dat a I nt erf acing t o ot

667 views • 3 slides
Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations Jelena Isacenkova Olivier

Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations Jelena Isacenkova Olivier

Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations Jelena Isacenkova Olivier Thonard Andrei Costin Aurelien Francillon Davide Balzarotti Nigerian Scam Trap 2 Nigerian Scam Trap 3 Spam vs. 419 Scam 419 SCAM SPAM

804 views • 36 slides
Adam Daniel Ruxcon 2014 Introduction Who Am I Stared working in Data Recovery and Data

Adam Daniel Ruxcon 2014 Introduction Who Am I Stared working in Data Recovery and Data

The Devil Is In The Detail Adam Daniel Ruxcon 2014 Introduction Who Am I Stared working in Data Recovery and Data Conversion in 1992 with Doctor Disk. Begun working in Computer Forensics in 1998 with Forensic Data Services.

378 views • 17 slides
HTML Email In Drupal The Easy Way! Dennis Jarecke Drupal Camp Ohio November 15, 2014

HTML Email In Drupal The Easy Way! Dennis Jarecke Drupal Camp Ohio November 15, 2014

HTML Email In Drupal The Easy Way! Dennis Jarecke Drupal Camp Ohio November 15, 2014 Demonstration Module hook_menu calls PHP function which populates parameters and calls drupal_mail() . This is a great way to test email in dev or even in

319 views • 12 slides
Learning to Detect Phishing Emails Ian Fette Norman Sadeh Anthony Tomasic (School of CS, CMU)

Learning to Detect Phishing Emails Ian Fette Norman Sadeh Anthony Tomasic (School of CS, CMU)

Learning to Detect Phishing Emails Ian Fette Norman Sadeh Anthony Tomasic (School of CS, CMU) Presented by: Ashique Mahmood Dept of Computer & Information Sciences University of Delaware CI SC 879 - Machine Learning for Solving Systems

1.22k views • 22 slides
CPSC 481 Tutorial 4 Intro to Visual Studio and C# Brennan Jones bdgjones@ucalgary.ca (based

CPSC 481 Tutorial 4 Intro to Visual Studio and C# Brennan Jones bdgjones@ucalgary.ca (based

CPSC 481 Tutorial 4 Intro to Visual Studio and C# Brennan Jones bdgjones@ucalgary.ca (based on previous tutorials by Alice Thudt, Fateme Rajabiyazdi, and David Ledo) Announcements I emailed you an example showing how the evolved

341 views • 31 slides

More recommend