necst
play

NECST laboratory BOTNETS FUNDING ETC. . @syssecproject SysSec - PowerPoint PPT Presentation

Aug 21, 2022 •210 likes •1.28k views

PHOENIX & CERBERUS We haz botnets! #Honeynet2014 Stefano Schiavoni, Edoardo Colombo Federico Maggi Lorenzo Cavallaro Stefano Zanero Politecnico Di Milano & Royal Hollway, University of London NECST laboratory BOTNETS FUNDING ETC.

  1. 21 CERBERUS > FILTERING DNS Stream Filtering Filtering Detection Classifier Suspicious Domains Time Detective Bootstrap Malicious Domains Phoenix Clusters

  2. CERBERUS > FILTERING Insight a malicious domain automatically generated will not become popular. Alexa Top 1M Whitelist We whitelist the domains that appear in the Alexa Top 1M. 22

  3. CERBERUS > FILTERING Insight a malicious domain automatically generated will not belong to a CDN r4---sn-a5m7lnes.example.com . CDN Whitelist We whitelist the domains that belong to the most popular CDN networks (e.g., YouTube, Google, etc.) and advertisement services. 23

  4. CERBERUS > FILTERING Insight an attacker will register a domain with a TLD that does not require clearance. TLD Whitelist We whitelist the domains featuring a Top Level Domain that requires authorization by a third party authority before registration (e.g. .gov , .edu , .mil ). 24

  5. CERBERUS > FILTERING Insight How fast is fast? Why? To save money :-) See BH-US 2013 talk 4 . TTL We filter out all those domains featuring a Time To Live outside these bounds. 4 https://media.blackhat.com/us-13/ US-13-Xu-New-Trends-in-FastFlux-Networks-Slides.pdf 25 � 2-3 years ago: TTL < 100. � Nowadays: 80 < TTL < 300 seconds.

  6. CERBERUS > FILTERING Insight we are looking for DGA-generated domains. Phoenix's DGA Filter We filter out domains likely to be generated by humans. 26

  7. CERBERUS > FILTERING Insight the attacker will register the domain just a few days before the communication will take place. Whois We query the Whois server and discard the domains 27 that were registered more than ∆ days before the DNS query.

  8. RECAP ON FILTERING Starting with 50,000 domains: 20,000 TTL > 300 seconds; 19,000 not in the Alexa Top 1M list; 15,000 not in the most popular CDNs ; 800 likely to be DGA generated ; 700 no previous authorization ; 28 300 younger than ∆ days ← − suspicious.

  9. 29 CERBERUS > FILTERING DNS Stream Filtering Filtering Detection Classifier Suspicious Domains Time Detective Bootstrap Malicious Domains Phoenix Clusters

  10. CLASSIFIER > CLASSIFICATION … Assign 576.wap517.net to B . Train the Classifier on A, B . 69.43.161.180 576.wap517.net . . Cluster C Cluster A 340.wap517.net 251.wap517.net 391.wap517.net 69.43.161.180 Cluster B 285.ns4000wip.com 418.ns4000wip.com 379.ns4000wip.com 69.43.161.180 30

  11. CLASSIFIER > CLASSIFICATION … Assign 576.wap517.net to B . Train the Classifier on A, B . . 69.43.161.180 576.wap517.net . . Cluster C Cluster A 340.wap517.net 251.wap517.net 391.wap517.net 69.43.161.180 Cluster B 285.ns4000wip.com 418.ns4000wip.com 379.ns4000wip.com 69.43.161.180 30

  12. CLASSIFIER > CLASSIFICATION … Assign 576.wap517.net to B . Train the Classifier on A, B . . 69.43.161.180 576.wap517.net . . Cluster C Cluster A 340.wap517.net 251.wap517.net 391.wap517.net 69.43.161.180 Cluster B 285.ns4000wip.com 418.ns4000wip.com 379.ns4000wip.com 69.43.161.180 30

  13. CLASSIFIER > CLASSIFICATION … Assign 576.wap517.net to B . Train the Classifier on A, B . . 69.43.161.180 576.wap517.net . . Cluster C Cluster A 340.wap517.net 251.wap517.net 391.wap517.net 69.43.161.180 Cluster B 285.ns4000wip.com 418.ns4000wip.com 379.ns4000wip.com 69.43.161.180 30

  14. CLASSIFIER > CLASSIFICATION … Assign 576.wap517.net to B . Train the Classifier on A, B . . 69.43.161.180 576.wap517.net . . Cluster C Cluster A 340.wap517.net 251.wap517.net 391.wap517.net 69.43.161.180 Cluster B 285.ns4000wip.com 418.ns4000wip.com 379.ns4000wip.com 69.43.161.180 30

  15. CLASSIFIER > CLASSIFICATION … Assign 576.wap517.net to B . Train the Classifier on A, B . . 69.43.161.180 576.wap517.net . . Cluster C Cluster A 340.wap517.net 251.wap517.net 391.wap517.net 69.43.161.180 Cluster B 285.ns4000wip.com 418.ns4000wip.com 379.ns4000wip.com 69.43.161.180 30

  16. CLASSIFIER > SUBSEQUENCE STRING KERNEL 0 0 0 Developed at Royal Holloway in 2002, by Lodhi et al. 0 31 c-a a-r c-r a-t c-t λ 2 λ 3 λ 2 φ ( cat ) λ 2 λ 3 λ 2 φ ( car ) How many substrings of size k = 2 ? ker ( car, cat ) = λ 4 ker ( car, car ) = ker ( cat, cat ) = 2 λ 4 + λ 6 λ 4 1 ker n ( car, cat ) = (2 λ 4 + λ 6 ) = (2 + λ 2 ) ∈ [0 , 1]

  17. CLASSIFIER > SUPPORT VECTOR MACHINES SVM: find one hyperplane or a set of them that has the largest distance to the nearest training data point of any class 32

  18. RESULTS > EXPERIMENTS RESULTS on passive DNS data from https://farsightsecurity.com/Services/SIE/ 33

  19. RESULTS > CLASSIFIER . 400 . 500 . 600 . 700 800 300 . 900 . 1000 . Accuracy . Points . . . 0.91 . . 0.88 . 0.89 . 0.9 . . 200 0.92 . 0.93 . 0.94 . 0.95 . 34

  20. CLASSIFICATION > RESULTS b 3 0 6 91 a caaa89e...d4ca925b3e2.co.cc f1e01ac...51b64079d86.co.cc kdnvfyc.biz 0 wapzzwvpwq.info c jhhfghf7.tk faukiijjj25.tk d cvq.com epu.org d 98 Training 1000, Testing 100 0 a b c d a 100 0 0 0 b 1 92 6 1 c 2 35 Overall Accuracy ≃ 0.95

  21. CLASSIFICATION > PAIRWISE DISTANCES . Distance . 5,000 . 0.8 . 0.6 . 0.6 . 0.4 . 0.2 . . . 15,000 . 10,000 . 5,000 . . 36 0 . 0 .

  22. The Time Detective discovers new botnets.

  23. TIME DETECTIVE > PASSIVE DNS TRAFFIC . . . Botmaster 131.175.65.1 . Bot . spq.org 131.175.65.1 : { evq.org , akh.org , spq.org } 38 Every ∆ the bots contact the C&C Server, on a new domain .

  24. TIME DETECTIVE > PASSIVE DNS TRAFFIC . } , akh.org , spq.org 131.175.65.1 : { evq.org spq.org . evq.org Bot . 131.175.65.1 Botmaster . . . 38 Every ∆ the bots contact the C&C Server, on a new domain .

  25. TIME DETECTIVE > PASSIVE DNS TRAFFIC . } , spq.org 131.175.65.1 : { evq.org , akh.org spq.org . akh.org Bot . 131.175.65.1 Botmaster . . . 38 Every ∆ the bots contact the C&C Server, on a new domain .

  26. TIME DETECTIVE > PASSIVE DNS TRAFFIC . . . Botmaster 131.175.65.1 . Bot . spq.org 131.175.65.1 : { evq.org , akh.org , spq.org } 38 Every ∆ the bots contact the C&C Server, on a new domain .

  27. TIME DETECTIVE > STEPS . Passive DNS traffic . Grouping by AS . Clustering . Merging . Clusters 39

  28. TIME DETECTIVE > GROUPING We assume a lazy attacker behavior: If (s)he finds an obliging AS, (s)he will buy a few IPs in there. We group together the domains that point to IPs within the same AS . 40 Z Z Z

  29. TIME DETECTIVE > STEPS . Passive DNS traffic . Grouping by AS . Clustering . Merging . Clusters 41

  30. TIME DETECTIVE > CLUSTERING DBSCAN automatic tuning: SSK as the distance . noise . . . . . . . . . B A . . . . . . . . . . . . 42 � minPts domains per cluster, ε � ε distance threshold.

  31. CLUSTERING > TUNING MINPTS Observation period in days. Rationale: the bots will contact the C&C server at least once a day . 43 minPts = 7 domains per cluster

  32. CLUSTERING > THRESHOLD intra-cluster distances 44 inter-cluster distances → 0 (minimize)

  33. TIME DETECTIVE > MERGING What if a new cluster is actually a known botnet that migrated the C&C server somewhere else? 45

  34. TIME DETECTIVE > MERGING apq.org Migration . . Arrr! . What t' h3ck! . … paq.org . . … paq.org apq.org . . . 134.54.12.2 . 134.54.12.1 . 46

  35. TIME DETECTIVE > MERGING apq.org Migration . . Arrr! . What t' h3ck! . … paq.org . . … paq.org apq.org . . . 134.54.12.2 . 134.54.12.1 . 46

  36. TIME DETECTIVE > MERGING apq.org Migration . . Arrr! . What t' h3ck! . … paq.org . . … paq.org apq.org . . 134.54.12.2 . 134.54.12.1 . 46

  37. TIME DETECTIVE > MERGING apq.org Migration . . Arrr! . What t' h3ck! . … paq.org . . … paq.org apq.org . . 134.54.12.2 . 134.54.12.1 . 46

  38. TIME DETECTIVE > MERGING apq.org Migration . . Arrr! . What t' h3ck! . … paq.org . . … paq.org apq.org . . 134.54.12.2 . 134.54.12.1 . 46

  39. TIME DETECTIVE > MERGING apq.org Migration . . Arrr! . What t' h3ck! . … paq.org . . … paq.org apq.org . . . 134.54.12.2 . 134.54.12.1 . 46

  40. TIME DETECTIVE > MERGING apq.org Migration . . Arrr! . What t' h3ck! . … paq.org . . … paq.org apq.org . . . 134.54.12.2 . 134.54.12.1 . 46

  41. TIME DETECTIVE > MERGING apq.org Migration . . Arrr! . What t' h3ck! . … paq.org . . … paq.org apq.org . . . 134.54.12.2 . 134.54.12.1 . 46

  42. TIME DETECTIVE > STEPS . Passive DNS traffic . Grouping by AS . Clustering . Merging . Clusters 47

  43. TIME DETECTIVE > MERGING . . . . . . . . . . . ... . . . . ... Suppose you have cluster A and B. ... . . . . . . . . . . . . . . . 48

  44. TIME DETECTIVE > MERGING . . . . . . . ... . . . . . . . . . . . . ... . . . Suppose you have cluster A and B. 48 . . . . . . . . ... dom 1 dom m · · · d 1 , 1 d 1 ,m dom 1   · · · dom 2 d 2 , 1 d 2 ,m · · ·   A =       d m, 1 d m,m dom m · · ·

  45. TIME DETECTIVE > MERGING . . . . . . . ... . . . . . . . . . . . . ... . . . Suppose you have cluster A and B. 48 . ... . . . . . . . dom 1 dom m dom 1 dom n · · · · · · d 1 , 1 d 1 ,m d 1 , 1 d 1 ,n dom 1   dom 1   · · · · · · dom 2 d 2 , 1 d 2 ,m dom 2 d 2 , 1 d 2 ,n · · · · · ·     A = B =             d m, 1 d m,m d n, 1 d n,n dom m dom n · · · · · ·

  46. TIME DETECTIVE > MERGING . . . . . Suppose you have cluster A and B. . ... . . . . . . . . . . . . ... . . . . . . . ... . . . . . 48 dom 1 dom m dom 1 dom n · · · · · · d 1 , 1 d 1 ,m d 1 , 1 d 1 ,n dom 1   dom 1   · · · · · · dom 2 d 2 , 1 d 2 ,m dom 2 d 2 , 1 d 2 ,n · · · · · ·     A = B =             d m, 1 d m,m d n, 1 d n,n dom m dom n · · · · · · dom 1 dom 2 dom n · · · d 1 , 1 d 1 , 2 d 1 ,n dom 1   · · · d 2 , 1 d 2 , 2 d 2 ,n dom 2 · · ·   A ∼ B =       d m, 1 d m, 2 d m,n dom m · · ·

  47. TIME DETECTIVE > WELCH TEST . distributions? have different intra-cluster distance and Welch test: do . . . ... . . . . . Stats to the rescue! . . . . . . ... . . . . . . 49

  48. TIME DETECTIVE > WELCH TEST . . . Stats to the rescue! . . . . . . . ... . ... . . . Welch test: do and have different intra-cluster distance distributions? . 49 . . . . . . dom 1 dom m dom 1 dom 2 dom n · · · · · · d 1 , 1 d 1 ,m d 1 , 1 d 1 , 2 d 1 ,n dom 1   dom 1   · · · · · · d 2 , 1 d 2 ,m d 2 , 1 d 2 , 2 d 2 ,n dom 2 dom 2 · · · · · ·     A = A ∼ B =             d m, 1 d m,m d m, 1 d m, 2 d m,n dom m dom m · · · · · ·

  49. TIME DETECTIVE > WELCH TEST . ... . . . Stats to the rescue! . . . . . . . . . ... . . . distributions? . 49 . . . . dom 1 dom m dom 1 dom 2 dom n · · · · · · d 1 , 1 d 1 ,m d 1 , 1 d 1 , 2 d 1 ,n dom 1   dom 1   · · · · · · d 2 , 1 d 2 ,m d 2 , 1 d 2 , 2 d 2 ,n dom 2 dom 2 · · · · · ·     A = A ∼ B =             d m, 1 d m,m d m, 1 d m, 2 d m,n dom m dom m · · · · · · Welch test: do A and A ∼ B have different intra-cluster distance

  50. TIME DETECTIVE > EXAMPLE Day 1 50 388.ns768.com 382.ns4000wip.com 391.wap517.net 383.ns4000wip.com

  51. TIME DETECTIVE > EXAMPLE Day 2 50 388.ns768.com 389.ns768.com 390.ns768.com 382.ns4000wip.com 379.ns4000wip.com 391.wap517.net 383.ns4000wip.com 391.wap517.net 384.ns4000wip.com

  52. TIME DETECTIVE > EXAMPLE Day 7 50 388.ns768.com 389.ns768.com 390.ns768.com 391.ns768.com 392.ns768.com 382.ns4000wip.com 379.ns4000wip.com 380.ns4000wip.com 381.ns4000wip.com 391.wap517.net 383.ns4000wip.com 391.wap517.net 384.ns4000wip.com 391.wap517.net 385.ns4000wip.com 386.ns4000wip.com

  53. TIME DETECTIVE > EXAMPLE AS 22489 50 Day 388.ns768.com 389.ns768.com 390.ns768.com 391.ns768.com 392.ns768.com 382.ns4000wip.com 379.ns4000wip.com 380.ns4000wip.com 381.ns4000wip.com 391.wap517.net 383.ns4000wip.com 391.wap517.net 384.ns4000wip.com 391.wap517.net 385.ns4000wip.com 386.ns4000wip.com

  54. TIME DETECTIVE > EXAMPLE Merge 50 Day 388.ns768.com 389.ns768.com 390.ns768.com 391.ns768.com 392.ns768.com 382.ns4000wip.com 379.ns4000wip.com 380.ns4000wip.com 381.ns4000wip.com 391.wap517.net 383.ns4000wip.com 391.wap517.net 384.ns4000wip.com 391.wap517.net 385.ns4000wip.com 386.ns4000wip.com

  55. TIME DETECTIVE > EXAMPLE Cluster 50 Day 388.ns768.com 382.ns4000wip.com 391.wap517.net 379.ns4000wip.com 391.wap517.net 389.ns768.com 380.ns4000wip.com 391.wap517.net 390.ns768.com 381.ns4000wip.com 391.ns768.com 392.ns768.com 383.ns4000wip.com 384.ns4000wip.com 385.ns4000wip.com 386.ns4000wip.com

  56. TIME DETECTIVE > EXAMPLE New clusters 50 Day produced Cluster 1 Cluster 2 Cluster 3 388.ns768.com 382.ns4000wip.com 391.wap517.net 379.ns4000wip.com 391.wap517.net 389.ns768.com 380.ns4000wip.com 391.wap517.net 390.ns768.com 381.ns4000wip.com 391.ns768.com 392.ns768.com 383.ns4000wip.com 384.ns4000wip.com 385.ns4000wip.com 386.ns4000wip.com

  57. RESULTS > EXPERIMENTS RESULTS on passive DNS data from https://farsightsecurity.com/Services/SIE/ 51

  58. TIME DETECTIVE > LABELING (1 WEEK) 187 domains classified as malicious and labeled . Labeled 07e21 Botnet: Conficker Domains: hhdboqazof.biz poxqmrfj.biz hcsddszzzc.ws tnoucgrje.biz gwizoxej.biz jnmuoiki.biz 52

  59. TIME DETECTIVE > CLUSTERING 3,576 domains were considered suspicious by Cerberus and stored , together with their IP address. Then we ran the clustering routine to discover new botnets . 53

  60. TIME DETECTIVE > CLUSTERING Jusabli 22489 69.43.161.167 24 Palevo 47846 82.98.86.171 82.98.86.176 82.98.86.175 142 30069 47 69.58.188.49 73 Generic Trojan 12306 82.98.86.169 82.98.86.162 82.98.86.178 82.98.86.163 57 Hiloti 69.43.161.167 Botnet 199.59.243.118 AS IPs Size Sality 15456 62.116.181.25 26 Palevo 53665 40 22489 Jadtre* 22489 69.43.161.180 69.43.161.174 173 Jadtre** 22489 69.43.161.180 37 Jadtre*** 54

  61. TIME DETECTIVE > CLUSTERING 69.43.161.180 296.ns768.com 353.ns768.com 388.ns768.com 69.43.161.167 Jadtre*** 340.wap517.net 251.wap517.net 391.wap517.net Jadtre** Cluster 285.ns4000wip.com 418.ns4000wip.com 379.ns4000wip.com 69.43.161.174 69.43.161.180 Jadtre* Sample Domains IP 55

  62. TIME DETECTIVE > MERGING 82.98.86.176 Both belonging to the Palevo botnet . ydt.info nhy.org rrg.info knw.info Domains 82.98.86.165 82.98.86.168 82.98.86.167 82.98.86.175 82.98.86.171 Cluster a (Old) IPs: Cluster b (New) lxx.net bwn.org epu.org cvq.com Domains 208.87.35.107 176.74.76.175 IPs: 56

  63. TIME DETECTIVE > MERGING 82.98.86.176 Both belonging to the Palevo botnet . ydt.info nhy.org rrg.info knw.info Domains 82.98.86.165 82.98.86.168 82.98.86.167 82.98.86.175 82.98.86.171 Cluster a (Old) IPs: Cluster b (New) lxx.net bwn.org epu.org cvq.com Domains 208.87.35.107 176.74.76.175 IPs: 56

  64. TIME DETECTIVE > RECAP 3,576 suspicious domains collected 47 clusters of DGA-generated domains discovered 319 new domains detected in the next 24 hours 57 � 187 malicious domains detected and labeled

  65. TIME DETECTIVE > RECAP 47 clusters of DGA-generated domains discovered 319 new domains detected in the next 24 hours 57 � 187 malicious domains detected and labeled � 3,576 suspicious domains collected

  66. TIME DETECTIVE > RECAP 319 new domains detected in the next 24 hours 57 � 187 malicious domains detected and labeled � 3,576 suspicious domains collected � 47 clusters of DGA-generated domains discovered

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Presentation December 2018 About ENGIE A global organisation close to the customers &amp;

Presentation December 2018 About ENGIE A global organisation close to the customers &amp;

Presentation December 2018 About ENGIE A global organisation close to the customers &amp; territories 23 Business Units, of which: 5 Mtiers UK Mtier B2B BENELUX Mtier B2C France (8 BUs) 19 Geographical BUs Mtier B2T NECST GRDF

653 views • 18 slides
Virtual Data Language: A Typed Workflow Notation for Diversely Structured Scientific Data Yong

Virtual Data Language: A Typed Workflow Notation for Diversely Structured Scientific Data Yong

Virtual Data Language: A Typed Workflow Notation for Diversely Structured Scientific Data Yong Zhao 1 , Michael Wilde 23 , Ian Foster 123 1 Department of Computer Science, University of Chicago 2 Computational Institute, University of Chicago 3

317 views • 20 slides
Phoenix: DGA-based Botnet Tracking and Intelligence DIMVA 2014 July 11, 2014 Royal Holloway,

Phoenix: DGA-based Botnet Tracking and Intelligence DIMVA 2014 July 11, 2014 Royal Holloway,

Phoenix: DGA-based Botnet Tracking and Intelligence DIMVA 2014 July 11, 2014 Royal Holloway, University of London, UK Stefano Schiavoni Politecnico di Milano, Italy and Google, UK @sschiav, sschiavoni@google.com Federico Maggi ,

1.39k views • 60 slides
Non-commutative association schemes of rank 6 M. Muzychuk (joint work with A. Herman and B. Xu),

Non-commutative association schemes of rank 6 M. Muzychuk (joint work with A. Herman and B. Xu),

Non-commutative association schemes of rank 6 M. Muzychuk (joint work with A. Herman and B. Xu), Netanya Academic College, Israel , October, 2016, Pilsen, Czech Republick Non-commutative association schemes of rank 6 1. Y. Asaba and A.

950 views • 78 slides
rt tt ts t strs

rt tt ts t strs

rt tt ts t strs tr trt s t r r s

728 views • 44 slides
Is the Helmholtz equation really sign-indefinite? Andrea Moiola D EPARTMENT OF M ATHEMATICS AND S

Is the Helmholtz equation really sign-indefinite? Andrea Moiola D EPARTMENT OF M ATHEMATICS AND S

B RITISH C OMPUTATIONAL PDE S C OLLOQUIUM : N EW T RENDS ICMS E DINBURGH , 2324 J ANUARY 2014 Is the Helmholtz equation really sign-indefinite? Andrea Moiola D EPARTMENT OF M ATHEMATICS AND S TATISTICS , U NIVERSITY OF R EADING Joint work

581 views • 37 slides
Margit Sutrop University of Tartu, Estonia y Hong Kong, 4-5 January 2010 Change in ethical

Margit Sutrop University of Tartu, Estonia y Hong Kong, 4-5 January 2010 Change in ethical

Margit Sutrop University of Tartu, Estonia y Hong Kong, 4-5 January 2010 Change in ethical frameworks Change in ethical frameworks Comparison of biometric and human genetic databases databases Lack of public debate as a problem

368 views • 17 slides
Approximate identities and BSE norms for Banach function algebras H. G. Dales, Lancaster Work

Approximate identities and BSE norms for Banach function algebras H. G. Dales, Lancaster Work

Approximate identities and BSE norms for Banach function algebras H. G. Dales, Lancaster Work with Ali Ulger, Istanbul Fields Institute, Toronto 14 April 2014 Dedicated to Dona Strauss on the day of her 80th anniversary 1 Function

393 views • 38 slides
Why we want no more Oil &amp; Gas prospecting, exploration and mining in Aotearoa focus on

Why we want no more Oil &amp; Gas prospecting, exploration and mining in Aotearoa focus on

Why we want no more Oil &amp; Gas prospecting, exploration and mining in Aotearoa focus on Taranaki Prepared for the Parliamentary Environment Select Committee Crown Minerals (Petroleum) Amendment Bill Hearing 17 October 2018 By Climate

437 views • 16 slides
Finitely-generated maximal left ideals in Banach algebras H. G. Dales, Lancaster Banach

Finitely-generated maximal left ideals in Banach algebras H. G. Dales, Lancaster Banach

Finitely-generated maximal left ideals in Banach algebras H. G. Dales, Lancaster Banach algebras, Gothenburg, 2013 29 July 2013 1 Finitely-generated left ideals Let A be a (complex, associative) algebra, always with an identity. A left ideal

351 views • 17 slides
Review of Resources, Help Desks, and Call Centers for Marketplace Agents and Brokers March 15,

Review of Resources, Help Desks, and Call Centers for Marketplace Agents and Brokers March 15,

Review of Resources, Help Desks, and Call Centers for Marketplace Agents and Brokers March 15, 2018 Centers for Medicare &amp; Medicaid Services (CMS) Center for Consumer Information &amp; Insurance Oversight (CCIIO) Disclaimer The

564 views • 39 slides
Overview of HHS D&amp;I Program Tuesday, April 3, 2018 10:10 a.m. 11:00 a.m. NIH Natcher

Overview of HHS D&amp;I Program Tuesday, April 3, 2018 10:10 a.m. 11:00 a.m. NIH Natcher

Overview of HHS D&amp;I Program Tuesday, April 3, 2018 10:10 a.m. 11:00 a.m. NIH Natcher Conference Center Bldg. 45 - Room D Presented by Bonita V. White, M.A., J.D. Director, Diversity &amp; Inclusion Division and HHS ERG Program

742 views • 11 slides
FNNR Household Survey Data &amp; Map Outputs (2014-2016) Household Surveys in FNNR, 2014- 2016

FNNR Household Survey Data &amp; Map Outputs (2014-2016) Household Surveys in FNNR, 2014- 2016

FNNR Household Survey Data &amp; Map Outputs (2014-2016) Household Surveys in FNNR, 2014- 2016 Participatory Mapping Surveys in FNNR, 2014-2016 List of Data 1. Household survey data a . 2014 household survey (605 hhs; general info, demo

426 views • 13 slides
Improving Health Literacy: An Overview of the National Action Plan &amp; the HHS Health Literacy

Improving Health Literacy: An Overview of the National Action Plan &amp; the HHS Health Literacy

Improving Health Literacy: An Overview of the National Action Plan &amp; the HHS Health Literacy Workgroup Courtney Schrock, MPH Health Communication &amp; eHealth Office of Disease Prevention &amp; Health Promotion Office of the Assistant

600 views • 49 slides
Qualis Health Wyoming Medicaid Home Health Services Program Prior Authorization and Provider

Qualis Health Wyoming Medicaid Home Health Services Program Prior Authorization and Provider

Qualis Health Wyoming Medicaid Home Health Services Program Prior Authorization and Provider Portal Training December 2015 One of the nations leading healthcare consulting organizations, partnering with our clients across the country to

752 views • 51 slides
Cost Allocation Services SWCAPS/LOCAPS, PACAPS,INDIRECT COST RATES &amp; UNIFORM COST PRINCIPLES

Cost Allocation Services SWCAPS/LOCAPS, PACAPS,INDIRECT COST RATES &amp; UNIFORM COST PRINCIPLES

Cost Allocation Services SWCAPS/LOCAPS, PACAPS,INDIRECT COST RATES &amp; UNIFORM COST PRINCIPLES August 5, 2015 Presentation Outline Cost Allocation Services (CAS) SWCAP/ LOCAPs / PACAPs / Indirect Cost Rates Cross Cutting Audit

1.63k views • 115 slides
MEETING MAY 9, 2018 MAY AGENDA Call to Order 12:00 Roll Call and Introductions, Approval of

MEETING MAY 9, 2018 MAY AGENDA Call to Order 12:00 Roll Call and Introductions, Approval of

EHEALTH COMMISSION MEETING MAY 9, 2018 MAY AGENDA Call to Order 12:00 Roll Call and Introductions, Approval of February and March minutes, and April Agenda and Objectives Announcements 12:05 OeHI Updates State Agency, Community Partner,

661 views • 19 slides
Health Plan Identifier ( HPID) Requirements By Larry Grudzien Attorney at Law 1 Agenda

Health Plan Identifier ( HPID) Requirements By Larry Grudzien Attorney at Law 1 Agenda

Health Plan Identifier ( HPID) Requirements By Larry Grudzien Attorney at Law 1 Agenda Introduction HIPAA Standard Transactions Rules Health Plan Identifier (HPID) Certification of Compliance with Standard Transactions

861 views • 46 slides
CLIA Discuss the CLIA regulations related to competency assessment Describe the 6

CLIA Discuss the CLIA regulations related to competency assessment Describe the 6

Ann E. Snyder, MT (ASCP) CMS/CCSQ/SCG Div. of Laboratory Services CLIA Discuss the CLIA regulations related to competency assessment Describe the 6 competency assessment requirements Provide some tips for meeting competency

709 views • 31 slides
Welcome! Org. Names Org. Names Org. Names Org. Names TFGH Dave Ross GHC3 Robert Aaron

Welcome! Org. Names Org. Names Org. Names Org. Names TFGH Dave Ross GHC3 Robert Aaron

Design Team Meeting Welcome! Org. Names Org. Names Org. Names Org. Names TFGH Dave Ross GHC3 Robert Aaron APHL Scott Becker CDC Anita Patel TFGH Patrick OCarroll HHS James Daniel CDC Jason Bonander CDCF Judy Monroe TFGH

436 views • 15 slides
Human Subjects Research If you dont know whether your research falls under human subjects

Human Subjects Research If you dont know whether your research falls under human subjects

Human Subjects Research If you dont know whether your research falls under human subjects research, ask your IRB Mark Shervey Data Engineer @ Institute for Next Generation Thanks for having me! Healthcare Icahn School of Medicine at

445 views • 21 slides
Top 10 Stories in HIV Medicine Diane Havlir, MD Professor of Medicine University of California,

Top 10 Stories in HIV Medicine Diane Havlir, MD Professor of Medicine University of California,

Top 10 Stories in HIV Medicine Diane Havlir, MD Professor of Medicine University of California, San Francisco 1 Disclosures n Receive funding for research from NIH n Gilead sciences provides antiretroviral therapy for NIH funded SEARCH

632 views • 33 slides
MACRA, MIPS, APMs &amp; CPC+: What to Expect from All These Acronyms?! Monthly National Briefing

MACRA, MIPS, APMs &amp; CPC+: What to Expect from All These Acronyms?! Monthly National Briefing

MACRA, MIPS, APMs &amp; CPC+: What to Expect from All These Acronyms?! Monthly National Briefing April 26, 2016 1 Shari Erickson, MPH Vice President, Governmental Affairs &amp; Medical Practice American College of Physicians 2 Laura

719 views • 20 slides
Probability: Terminology and Examples 18.05 Spring 2014 January 1, 2017 1 / 22 Board

Probability: Terminology and Examples 18.05 Spring 2014 January 1, 2017 1 / 22 Board

Probability: Terminology and Examples 18.05 Spring 2014 January 1, 2017 1 / 22 Board Question Deck of 52 cards 13 ranks : 2, 3, . . . , 9, 10, J, Q, K, A 4 suits : , , , , Poker hands Consists of 5 cards A one-pair hand

675 views • 22 slides

More recommend