protecting internet threat monitors a statistical
play

Protecting Internet Threat Monitors: A Statistical Filtering - PowerPoint PPT Presentation

Oct 20, 2022 •253 likes •353 views

Protecting Internet Threat Monitors: A Statistical Filtering Approach Yoichi Shinoda JAIST Mapping Internet Monitors Two papers were presented/published at the 14th USENIX Security Symposium (Aug. 2005). Mapping Internet Sensors with

  1. Protecting Internet Threat Monitors: A Statistical Filtering Approach Yoichi Shinoda JAIST

  2. Mapping Internet Monitors � Two papers were presented/published at the 14th USENIX Security Symposium (Aug. 2005). � Mapping Internet Sensors with Probe Response Attacks John Bethencourt, Jason Franklin, and Mary Vernon, University of Wisconsin, Madison � Vulnerabilities of Passive Internet Threat Monitors Yoichi Shinoda, Japan Advanced Institute of Science and Technology; Ko Ikai, National Police Agency of Japan; Motomu Itoh, Japan Computer Emergency Response Team Coordination Center (JPCERT/CC)

  3. Mapping example: ISDAS marking & feedback � Marking design � Range: Address blocks assigned to 3 IXes. � Marker: UDP/137 � Was in the top-5. � Low dynamic range. � Algorithm: Time-series � Velocity: Each /24 block in an hour � Intensity: Each address were marked with 90 markers (to make 3 unit high spike in the graph of One /24 block avg. count per sensor, where hosting one sensor there are 30 sensors). was identified

  4. SD Filtering � Omit counts from sensors reporting “unusual counts”: � if (count > m + ρ×σ ) then drop; where � m = avg of all sensor counts � σ = stddev of all sensor counts � ρ = magic multiplier � The magic value is in the range 5.0 – 6.0 (and sometimes up to 7.0) for several different distributed architecture monitors.

  5. SD filtering @ 6.5 σ UDP137 Scan Count Scan Average Value corrected by standard deviation 4.0 3.5 3.0 Scan Count/hour 2.5 2.0 1.5 1.0 0.5 0.0 0 6 12 18 0 6 12 18 0 6 12 18 0 6 12 18 0 6 12 18 0 6 12 18 0 6 12 18 TIME

  6. SD Filtering @ 6.2 σ UDP137 Scan Count Scan Average Value corrected by standard deviation 4.0 3.5 3.0 Scan Count/hour 2.5 2.0 1.5 1.0 0.5 0.0 0 6 12 18 0 6 12 18 0 6 12 18 0 6 12 18 0 6 12 18 0 6 12 18 0 6 12 18 TIME

  7. SD Filtering @ 4.5 σ UDP137 Scan Count Scan Average Value corrected by standard deviation 4.0 3.5 3.0 Scan Count/hour 2.5 2.0 1.5 1.0 0.5 0.0 0 6 12 18 0 6 12 18 0 6 12 18 0 6 12 18 0 6 12 18 0 6 12 18 0 6 12 18 TIME

  8. Quartile Filtering

  9. Some Results low hits / address high Simulated Marking Result Quartile (cutoff = 1) Filtered SD ( ρ =6.0) Filtered Quartile (cutoff = 1) then SD ( ρ =6.0) Filtered

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential however

Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential however

Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential however it creates a threat Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled

699 views • 34 slides
The Threat Of Our Virtual Reality: October 7, 2020 Protecting your organization against the wave

The Threat Of Our Virtual Reality: October 7, 2020 Protecting your organization against the wave

Blake, Cassels & Graydon LLP | blakes.com The Threat Of Our Virtual Reality: October 7, 2020 Protecting your organization against the wave of cyber attacks ACC Ontario Chapter www.acc.com ROBERT TREMBLAY Presenters Legal Counsel,

574 views • 30 slides
Protecting children on the internet Aly Harakeh Spokesperson Business Software Alliance Eastern

Protecting children on the internet Aly Harakeh Spokesperson Business Software Alliance Eastern

Protecting children on the internet Aly Harakeh Spokesperson Business Software Alliance Eastern Mediterranean Committee alyh@microsoft.com Is the internet as dangerous as people think? (Or what is the internet?) The internet is public

340 views • 19 slides
Protecting Data in Untrusted Locations An exercise in Real World threat modeling. Jan

Protecting Data in Untrusted Locations An exercise in Real World threat modeling. Jan

Protecting Data in Untrusted Locations An exercise in Real World threat modeling. Jan Schaumann 99CE 1DC7 770A C5A8 09A6 @jschauma 0DCD 66CE 4FE9 6F6B D3D7 Me. Errday. Obligatory James Mickens This World of Ours reference.

714 views • 40 slides
Personal CyberSecurity Protecting Yourself from the Evils of the Internet Steve McEvoy March 6 th

Personal CyberSecurity Protecting Yourself from the Evils of the Internet Steve McEvoy March 6 th

Personal CyberSecurity Protecting Yourself from the Evils of the Internet Steve McEvoy March 6 th , 2020 Austin, TX The Internet has some scary s**t going on This is a self defense course Goals What is the #1 Security Risk to your

786 views • 60 slides
CryptDB Protecting Confidentiality with Encrypted Query Processing Katarzyna Baranowska

CryptDB Protecting Confidentiality with Encrypted Query Processing Katarzyna Baranowska

CryptDB Protecting Confidentiality with Encrypted Query Processing Katarzyna Baranowska University of Warsaw January 21, 2012 Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Why secure data? Medical data Contact data Payment

1.27k views • 78 slides
Protecting Free and Open Communications on the Internet Against Man-in-the-Middle Attacks on

Protecting Free and Open Communications on the Internet Against Man-in-the-Middle Attacks on

Protecting Free and Open Communications on the Internet Against Man-in-the-Middle Attacks on Third-Party Software Jeffrey Knockel, Jedidiah Crandall Computer Science Department University of New Mexico Recent News Iran: forged SSL

569 views • 27 slides
Monitors & Condition Synchronisation controller DM519 Concurrent Programming 1 Monitors

Monitors & Condition Synchronisation controller DM519 Concurrent Programming 1 Monitors

Chapter 5 Monitors & Condition Synchronisation controller DM519 Concurrent Programming 1 Monitors & Condition Synchronisation Concepts : monitors (and controllers): encapsulated data + access procedures + mutual exclusion + condition

1.02k views • 45 slides
Assessment What is Threat Assessment Threat assessment is the process of gathering

Assessment What is Threat Assessment Threat assessment is the process of gathering

Threat Assessment What is Threat Assessment Threat assessment is the process of gathering information to understand the threat of violence posed by a person. Threat management is the process of developing and executing plans to mitigate

332 views • 15 slides
Protecting against Statistical Ineffective Fault Attacks Joan Daemen, Christoph Dobraunig, Maria

Protecting against Statistical Ineffective Fault Attacks Joan Daemen, Christoph Dobraunig, Maria

Protecting against Statistical Ineffective Fault Attacks Joan Daemen, Christoph Dobraunig, Maria Eichlseder, Hannes Gross, Florian Mendel and Robert Primas CHES 2020 Motivation www.tugraz.at Using crypto in the wild requires:

964 views • 64 slides
Basics of Cryptography and Cybersecurity Protecting Against Harm That May Come via Network

Basics of Cryptography and Cybersecurity Protecting Against Harm That May Come via Network

Basics of Cryptography and Cybersecurity Protecting Against Harm That May Come via Network Access Security Goal: Confidentiality q Suppose you are a customer using a credit card to order an item from a website q Threat: - An adversary may

305 views • 27 slides
e- -NeXSh: OS Fortification NeXSh: OS Fortification e Protecting Software from Internet Malware

e- -NeXSh: OS Fortification NeXSh: OS Fortification e Protecting Software from Internet Malware

e- -NeXSh: OS Fortification NeXSh: OS Fortification e Protecting Software from Internet Malware Protecting Software from Internet Malware Gaurav S. Kc Kc, , Angelos Angelos D. D. Keromytis Keromytis Gaurav S. Columbia University

581 views • 28 slides
Real Real- -Time Systems Time Systems Monitors Monitors Monitors: (Burns & Wellings,

Real Real- -Time Systems Time Systems Monitors Monitors Monitors: (Burns & Wellings,

EDA222/DIT160 Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #7 Updated 2009-02-03 Real Real- -Time Systems Time Systems Monitors Monitors Monitors: (Burns & Wellings, Chapter 8.6) Monitors: (Burns & Wellings, Chapter 8.6)

290 views • 6 slides
The Piracy Threat Problem 1 : Unauthorized over production of IC $$ Lost revenue

The Piracy Threat Problem 1 : Unauthorized over production of IC $$ Lost revenue

The Piracy Threat Problem 1 : Unauthorized over production of IC $$ Lost revenue opportunities Synthesis, Verification & Test for Secure ICs Undesired exposure of proprietary technology Protecting Integrated Circuits Problem

94 views • 8 slides
Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to

Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to

Honeymoon Threat Restoration Rescue Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to normal living. A disaster has not yet oc- curred, but there is a sense of impending doom. Individual

604 views • 6 slides
What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape

What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape

DDoS & Modern Threat Motives Dan Holden Director, ASERT What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape Geo-poli:cal More defenses ? App/Content t a

1.13k views • 44 slides
Cybersecurity and Africa Benot MOREL Carnegie Mellon University Afrinic Cyberization of

Cybersecurity and Africa Benot MOREL Carnegie Mellon University Afrinic Cyberization of

Cybersecurity and Africa Benot MOREL Carnegie Mellon University Afrinic Cyberization of Africa The new big development in the cyberworld 6.8% penetration population today but the growth is phenomenal Changes the digital

462 views • 8 slides
Security in SESAR 2020 Ruben Flohr ATM Expert, SESAR JU GAMMA final event 15 November 2017

Security in SESAR 2020 Ruben Flohr ATM Expert, SESAR JU GAMMA final event 15 November 2017

Security in SESAR 2020 Ruben Flohr ATM Expert, SESAR JU GAMMA final event 15 November 2017 Pieces of the puzzle EC NIS directive, EASA L aunch of ECSP, ECCSA, CERT-EU EU Computer Emergency Response Team SESAR Framework study,

340 views • 12 slides
Chapter 5: Cluster ering ing Jilles Vreeken IRDM 15/16 10 Nov 2015 Qu Question o of f

Chapter 5: Cluster ering ing Jilles Vreeken IRDM 15/16 10 Nov 2015 Qu Question o of f

Chapter 5: Cluster ering ing Jilles Vreeken IRDM 15/16 10 Nov 2015 Qu Question o of f th the w week How can we discover groups s of objec ects that are highly similar to each other? 10 Nov 2015 V-1: 2 Clustering, where?

574 views • 46 slides
FAQs Quiz #3 Scores will be available by 3/6 Programming Assignment #2 March 10

FAQs Quiz #3 Scores will be available by 3/6 Programming Assignment #2 March 10

CS535 Big Data 03/02/2020 Week 7-A Sangmi Lee Pallickara CS535 BIG DATA PART B. GEAR SESSIONS SESSION 2: MACHINE LEARNING FOR BIG DATA Sangmi Lee Pallickara Computer Science, Colorado State University http://www.cs.colostate.edu/~cs535

517 views • 20 slides
Erik Whynot, Esq Founding Partner 300 N. Maitland Ave. Maitland, Florida ewhynot@mygwlaw.com

Erik Whynot, Esq Founding Partner 300 N. Maitland Ave. Maitland, Florida ewhynot@mygwlaw.com

Erik Whynot, Esq Founding Partner 300 N. Maitland Ave. Maitland, Florida ewhynot@mygwlaw.com OFFICES Maitland/Orlando | *Ft. Lauderdale T) 407-539-3900 * By appointment only F) 407-386-8485 HU HURRICA CANE NE PREPAREDNE NESS Do Don

234 views • 21 slides
Phishing: New Internet Financial Fraud Trend by Yuejin Du CNCERT/CC Feb. 24 th . 2005 APRICOT

Phishing: New Internet Financial Fraud Trend by Yuejin Du CNCERT/CC Feb. 24 th . 2005 APRICOT

Phishing: New Internet Financial Fraud Trend by Yuejin Du CNCERT/CC Feb. 24 th . 2005 APRICOT www.cert.org.cn Attendee Investigation National Computer network Emergency Response technical Team/Coordination Center of China Contents

374 views • 21 slides
Introduction to cybersecurity for Generalists James Davenport University of Bath 16 May 2019

Introduction to cybersecurity for Generalists James Davenport University of Bath 16 May 2019

Introduction to cybersecurity for Generalists James Davenport University of Bath 16 May 2019 James Davenport Introduction to cybersecurity for Generalists 1 / 16 CM50209: Security and Integrity Course is 6 ECTS (12 CATS) credits, in Semester

394 views • 16 slides
Security Standards Information Security Prof Hans Georg Schaathun Hgskolen i lesund Autumn

Security Standards Information Security Prof Hans Georg Schaathun Hgskolen i lesund Autumn

Security Standards Information Security Prof Hans Georg Schaathun Hgskolen i lesund Autumn 2011 Week 4 Prof Hans Georg Schaathun Security Standards Autumn 2011 Week 4 1 / 1 Evolution of Standards Outline Prof Hans Georg

521 views • 36 slides

More recommend