t
play

T Fingerprinting and Classifying Participants F A NMRG Workshop, - PowerPoint PPT Presentation

Aug 02, 2023 •216 likes •387 views

Automaton Models for Netflow Analysis T Fingerprinting and Classifying Participants F A NMRG Workshop, Prague, Czech Republic Friday, July 24th 2015 R Christian A Hammerschmidt, christian.hammerschmidt@uni.lu D Interdisciplinary Centre for

  1. Automaton Models for Netflow Analysis T Fingerprinting and Classifying Participants F A NMRG Workshop, Prague, Czech Republic Friday, July 24th 2015 R Christian A Hammerschmidt, christian.hammerschmidt@uni.lu D Interdisciplinary Centre for Security, Reliability and Trust University of Luxembourg

  2. Automaton Models Short Overview T F A R D C. Hammerschmidt (SnT) Automaton Models for NetFlows SnT 2015-07-24 1 / 13

  3. Fingerprinting with Automatons Prediction, Classification, and Visualization (I) Prediction Classification T F A I predicting next states I classifying flows R I detecting outliers and I identifying type of activity or anomalies infection D unsupervised (semi-) supervised C. Hammerschmidt (SnT) Automaton Models for NetFlows SnT 2015-07-24 2 / 13

  4. Fingerprinting with Automatons Prediction, Classification, and Visualization (I) Prediction Classification T F A I predicting next states I classifying flows R I detecting outliers and I identifying type of activity or anomalies infection D unsupervised (semi-) supervised C. Hammerschmidt (SnT) Automaton Models for NetFlows SnT 2015-07-24 2 / 13

  5. Fingerprinting with Automatons Prediction, Classification, and Visualization (II) T F A animation of automaton R D C. Hammerschmidt (SnT) Automaton Models for NetFlows SnT 2015-07-24 3 / 13

  6. Challenges NetFlow Data as a (Regular) Language T F A R D 1 1 http://www.cisco.com/c/dam/en/us/td/docs/ios/ipv6/configuration/ guide/ip6-netflow_v9.fm/_jcr_content/renditions/ip6-netflow_v9-1.jpg C. Hammerschmidt (SnT) Automaton Models for NetFlows SnT 2015-07-24 4 / 13

  7. Challenges NetFlow Data as a (Regular) Language From regression of numeric values to classification: T I via clustering to obtain few representatives F or through discretization A I via binning to obtain a discrete state space R D What to choose? C. Hammerschmidt (SnT) Automaton Models for NetFlows SnT 2015-07-24 5 / 13

  8. Method Learning State Structure from Data T F A R D 2 2 Taken from [2] C. Hammerschmidt (SnT) Automaton Models for NetFlows SnT 2015-07-24 6 / 13

  9. Evaluation Data Set T F Experiments (on time-aggregated flow data): A 1. predicting statistics for next flows 2. classifying flows on unlabeled data R 3. classifying flows on labeled data 3 D 3 Using a botnet traffic data set[1] C. Hammerschmidt (SnT) Automaton Models for NetFlows SnT 2015-07-24 7 / 13

  10. Evaluation Generated Automatons T F A R D C. Hammerschmidt (SnT) Automaton Models for NetFlows SnT 2015-07-24 8 / 13

  11. Evaluation Excerpt T F Data Set Experiment Error / F 1 / FPR A R D C. Hammerschmidt (SnT) Automaton Models for NetFlows SnT 2015-07-24 9 / 13

  12. Conclusion Conclusion and Future Work Results T I structure learning on netflow data is feasible I initial results look very promising F I this is still work-in-progress and offers a number of ways to A improve R D Further Research I compare performance to other fingerprinting solutions I apply a more expressive automaton model C. Hammerschmidt (SnT) Automaton Models for NetFlows SnT 2015-07-24 10 / 13

  13. Conclusion Conclusion and Future Work Results T I structure learning on netflow data is feasible I initial results look very promising F I this is still work-in-progress and offers a number of ways to A improve R D Further Research I compare performance to other fingerprinting solutions I apply a more expressive automaton model C. Hammerschmidt (SnT) Automaton Models for NetFlows SnT 2015-07-24 10 / 13

  14. Future Work and Extensions Currently Ongoing Research T F A R 4 D 4 Taken from [2] C. Hammerschmidt (SnT) Automaton Models for NetFlows SnT 2015-07-24 11 / 13

  15. Thank You! T F A R D Time for questions. C. Hammerschmidt (SnT) Automaton Models for NetFlows SnT 2015-07-24 12 / 13

  16. References I García, S. and Grill, M. and Stiborek, J. and Zunino, A. T An empirical comparison of botnet detection methods F Computers & Security, 2014. A S. E. Verwer, C. Witteveen, M. M. De Weerdt. R Efficient identification of timed automata: Theory and practice, March 2010. Heule, M.J.H., Verwer, S., D Software model synthesis using satisfiability solvers. Empirical Software Engineering 18, 825–856., 2013 C. Hammerschmidt (SnT) Automaton Models for NetFlows SnT 2015-07-24 13 / 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

04/02/2018 Established in 2013 in A*STAR (BII-p53) The Psychological effect of - Started three

04/02/2018 Established in 2013 in A*STAR (BII-p53) The Psychological effect of - Started three

04/02/2018 Established in 2013 in A*STAR (BII-p53) The Psychological effect of - Started three new fields of research - Scientific Mobile Apps (Journal, Products, Music on Anxiety and Studying International news coverage) - Psycho-biology

404 views • 5 slides
M Motivation i i Mark Meckler, University of Portland Motivation The amount of effort that an

M Motivation i i Mark Meckler, University of Portland Motivation The amount of effort that an

M Motivation i i Mark Meckler, University of Portland Motivation The amount of effort that an The amount of effort that an individual puts into doing something something Mark Meckler, University of Portland Content Theories Content

828 views • 45 slides
Tutorial for Assignment 2.0 Florian Klien & Christian Krner IMPORTANT The presented

Tutorial for Assignment 2.0 Florian Klien & Christian Krner IMPORTANT The presented

5/17/10 Tutorial for Assignment 2.0 Florian Klien & Christian Krner IMPORTANT The presented information has been tested on the following operating systems Mac OS X 10.6 Ubuntu Linux The installation on Windows machines

243 views • 13 slides
Medicaid Childrens Oral Health September 26, 2013 Todays Presentation Discuss the value

Medicaid Childrens Oral Health September 26, 2013 Todays Presentation Discuss the value

Think Teeth: New Developments in Medicaid Childrens Oral Health September 26, 2013 Todays Presentation Discuss the value of Medicaid and CHIP and their role in oral health outcomes Learn about new oral health research Highlight

527 views • 37 slides
The Bro Monitoring Platform Adam Slagell National Center for Supercomputing Applications Borrowed

The Bro Monitoring Platform Adam Slagell National Center for Supercomputing Applications Borrowed

The Bro Monitoring Platform Adam Slagell National Center for Supercomputing Applications Borrowed from Robin Sommer International Computer Science Institute The Bro Monitoring Platform What Is Bro? Packet Capture Traffic Inspection

523 views • 36 slides
CLTS Contributions to Results of a WASHPaLS Desk Review December 13, 2017 Ending Open

CLTS Contributions to Results of a WASHPaLS Desk Review December 13, 2017 Ending Open

CLTS Contributions to Results of a WASHPaLS Desk Review December 13, 2017 Ending Open Presenters Jeff Albert Caroline Delaire Valentina Zuin (WASHPaLS team) Defecation Jesse Shapiro (USAID) What is WASHPaLS? Water, Sanitation, &

483 views • 24 slides
Clinical Assessment of Patients with Acute Coronary Syndrome Managed with Percutaneous Coronary

Clinical Assessment of Patients with Acute Coronary Syndrome Managed with Percutaneous Coronary

Clinical Assessment of Patients with Acute Coronary Syndrome Managed with Percutaneous Coronary Intervention and Treated with Prasugrel or Clopidogrel using Academic Center Databases - The PROMETHEUS Study- Study Organization Data

335 views • 22 slides
The Quest-V Separation Kernel Richard West richwest@cs.bu.edu Computer Science Goals

The Quest-V Separation Kernel Richard West richwest@cs.bu.edu Computer Science Goals

The Quest-V Separation Kernel Richard West richwest@cs.bu.edu Computer Science Goals Develop system for high-confidence (embedded) systems Mixed criticalities (timeliness and safety) Predictable real-time support

547 views • 41 slides
Organization of DSLE part Tooling Domain Specific Language Domain Specific Language

Organization of DSLE part Tooling Domain Specific Language Domain Specific Language

Organization of DSLE part Tooling Domain Specific Language Domain Specific Language Eclipse plus EMF Engineering Xtext, Xtend, Xpand, QVTo and ATL Topics: Prof.dr. Mark van den Brand Model driven software engineering Model

268 views • 13 slides
If I Only Knew Then What I Know Now 5 Lessons Learned from my experiences leading agile

If I Only Knew Then What I Know Now 5 Lessons Learned from my experiences leading agile

If I Only Knew Then What I Know Now 5 Lessons Learned from my experiences leading agile transformations Larry Gorman , Chief Technology Evangelist, SkyTouch Technology Larry Gorman Chief Technology Evangelist SkyTouch Technology o: 602-337-2865

484 views • 21 slides
Descriptive Methods 707.031: Evaluation Methodology Winter 2015/16 Eduardo Veas what we do with

Descriptive Methods 707.031: Evaluation Methodology Winter 2015/16 Eduardo Veas what we do with

Descriptive Methods 707.031: Evaluation Methodology Winter 2015/16 Eduardo Veas what we do with the data depends on the scales 2 Measurement Scales 3 The complexity of measurements Nominal Crude Ordinal Interval Ratio

847 views • 69 slides
Web Application Stress Testing with Blaise Internet with Blaise Internet Jim OReilly Jim O

Web Application Stress Testing with Blaise Internet with Blaise Internet Jim OReilly Jim O

Web Application Stress Testing with Blaise Internet with Blaise Internet Jim OReilly Jim O Reilly Westat International Blaise Users Conference Annapolis Maryland, USA September 28, 2007 Septe be 8, 00 Introduction F Focus: web

460 views • 20 slides
Iteratively Improving Spark Application Performance William C. Benton Red Hat, Inc. Forecast

Iteratively Improving Spark Application Performance William C. Benton Red Hat, Inc. Forecast

Iteratively Improving Spark Application Performance William C. Benton Red Hat, Inc. Forecast Background: Spark, RDDs, and Sparks execution model Case study overview Improving our prototype Background Apache Spark Introduced

1.5k views • 128 slides
RRDtool Tips & Tricks Tobias Oetiker <tobi@oetiker.ch> OETIKER+PARTNER AG Tobi Oetiker

RRDtool Tips & Tricks Tobias Oetiker <tobi@oetiker.ch> OETIKER+PARTNER AG Tobi Oetiker

OETIKER+PARTNER AG RRDtool Tips & Tricks Tobias Oetiker <tobi@oetiker.ch> OETIKER+PARTNER AG Tobi Oetiker <tobi@oetiker.ch> OETIKER+PARTNER AG Recipe for Success Resolve the problems before anyone else finds them. Tobi

707 views • 48 slides
Picture of Tvlle in wet season Frogs love this Rick loves disease investigation, so when the Bohle

Picture of Tvlle in wet season Frogs love this Rick loves disease investigation, so when the Bohle

EHNV and BIV in Australia Ellen Ariel and Rick Speare James Cook University Townsville, Australia Ricks back yard in Bohle wet season Picture of Tvlle in wet season Frogs love this Rick loves disease investigation, so when the Bohle

385 views • 13 slides
EDAA40 EDAA40 Discrete Structures in Computer Science Discrete Structures in Computer Science

EDAA40 EDAA40 Discrete Structures in Computer Science Discrete Structures in Computer Science

EDAA40 EDAA40 Discrete Structures in Computer Science Discrete Structures in Computer Science 1: Sets 1: Sets Jrn W. Janneck, Dept. of Computer Science, Lund University axiomatic vs nave set theory Zermelo-Fraenkel Set Theory w/Choice

374 views • 8 slides
Time Agenda Item 8:00-8:30am Breakfast 8:30-9:00am Introductions and Recap from Last Night

Time Agenda Item 8:00-8:30am Breakfast 8:30-9:00am Introductions and Recap from Last Night

Collective Impact Funder Community of Practice: In-Person Meeting | September 29, 2016 PREPARED FOR: COLLECTIVE IMPACT FUNDER COMMUNITY OF PRACTICE PARTICIPANTS An Initiative of FSG and Aspen Institute Forum for Community Solutions Agenda for

962 views • 65 slides
The Responsibility of Business Schools In a Changing Asia FRANCIS G. ESTRADA President, AIM 2 nd

The Responsibility of Business Schools In a Changing Asia FRANCIS G. ESTRADA President, AIM 2 nd

The Responsibility of Business Schools In a Changing Asia FRANCIS G. ESTRADA President, AIM 2 nd International Business School Shanghai Conference 4 November 2008 MANAGEMENT SCHOOLS have a role to play in developing leaders, entrepreneurs,

114 views • 8 slides
Adrenal Incidentaloma: Work up and Management No Conflicts to Declare Quan-Yang Duh Professor

Adrenal Incidentaloma: Work up and Management No Conflicts to Declare Quan-Yang Duh Professor

Adrenal Incidentaloma: Work up and Management No Conflicts to Declare Quan-Yang Duh Professor of Surgery University of California, San Francisco UCSF Postgraduate Course in Endocrine & Breast Surgery March 6, 2015 Surgical Approach to

534 views • 8 slides
Pituitary and Adrenal Cases Chienying Liu MD J Blake Tyrrell

Pituitary and Adrenal Cases Chienying Liu MD J Blake Tyrrell

5/1/15 Pituitary and Adrenal Cases Chienying Liu MD J Blake Tyrrell MD UCSF Case 1 7/2000 26 yo woman with a constellaDon of signs and

468 views • 34 slides
Course description and bulletin Genome sequencing, the technology used to translate DNA into data,

Course description and bulletin Genome sequencing, the technology used to translate DNA into data,

Version 1 2019/11/23 EEEB GU4055 Principles and applications of modern DNA sequencing Term taught: Spring 2020 Class times: Mondays and Wednesdays, 1:10pm-2:25pm. Classroom location: TBD Course format: Lectures, discussions,

267 views • 9 slides
1-855-337-6227 www.marylandMACS.org Opioid Tapering: Practical Tips on the When, Why, and How

1-855-337-6227 www.marylandMACS.org Opioid Tapering: Practical Tips on the When, Why, and How

1-855-337-6227 www.marylandMACS.org Opioid Tapering: Practical Tips on the When, Why, and How Yngvild Olsen, MD, MPH Medical Consultant Behavioral Health Administration Maryland Addiction Consultation Service (MACS) Maryland Addiction

320 views • 29 slides
An overview of Recognize opioid use disorder (OUD) Medication Assisted Discuss the

An overview of Recognize opioid use disorder (OUD) Medication Assisted Discuss the

10/4/18 Goals of Discussion An overview of Recognize opioid use disorder (OUD) Medication Assisted Discuss the pharmacology of medication Treatment (MAT) assisted treatments (MAT) for OUD and acute pain Describe principles acute

482 views • 7 slides
Pharmaceutical Misuse OMED 2018 October 8, 2018 San Diego, CA Stephen A. Wyatt, DO Medical

Pharmaceutical Misuse OMED 2018 October 8, 2018 San Diego, CA Stephen A. Wyatt, DO Medical

Pharmaceutical Misuse OMED 2018 October 8, 2018 San Diego, CA Stephen A. Wyatt, DO Medical Director, Addiction Medicine Behavioral Health Service Atrium Heath/Carolinas HealthCare System No Disclosures Objectives Background of

585 views • 29 slides

More recommend