a rendezvous based paradigm a rendezvous based paradigm
play

A Rendezvous-based Paradigm A Rendezvous-based Paradigm for - PowerPoint PPT Presentation

Feb 14, 2024 •180 likes •490 views

A Rendezvous-based Paradigm A Rendezvous-based Paradigm for Analysis of Solicited and for Analysis of Solicited and Unsolicited Traffic Unsolicited Traffic DUST 2012 May 15, 2012 David Plonka & Paul Barford {plonka,pb}@cs.wisc.edu

  1. A Rendezvous-based Paradigm A Rendezvous-based Paradigm for Analysis of Solicited and for Analysis of Solicited and Unsolicited Traffic Unsolicited Traffic DUST 2012 May 15, 2012 David Plonka & Paul Barford {plonka,pb}@cs.wisc.edu

  2. Outline ● Rendezvous-based Traffic Analysis – What is it? Why use it? – a DNS rendezvous case study involving office and residential “solicited” traffic ● Darkspace Rendezvous Mechanisms – unsolicited and passively solicited traffic ● TreeTop – a DNS rendezvous-based analysis tool [Plonka & Barford, IMC 2009, SATIN 2011, work in progress] – flow export with rendezvous annotations – IPv6 performance by service names

  3. Rendezvous-based Traffic Analysis? ● Traffic classification and analysis has focussed on target traffic features (IP headers, DPI, etc.) ● However, Internet hosts learn IP addresses by some rendezvous mechanism, e.g.: – By static configuration (IP addrs in config files) – The Doman Name System (DNS) – Application-specific mechanisms (URLs, p2p) ● Inform traffic analysis by considering, “How does this host know this IP address?” rather than simply, “With what IP address did this host interact?”

  4. Why Focus on Rendezvous? rendezvous, meaning hosts and services “present themselves” ● For standard protocols, rendezvous information is not private and is of low-volume – Separate and separable from private payloads – Can be monitored in situations where target traffic is high-volume, sampled, or encrypted ● Rendezvous info can indicate when other analysis or classification techniques are effective and not – e.g., port-based classification [Kim, et al., 2008] [Plonka & Barford, 2011]

  5. Rendezvous-based Traffic Classification rendezvous, meaning “present yourselves” ● Hypothesis : We can inform and improve traffic classification by considering, “How does this host know that peer IP address?” ● DNS : Internet hosts regularly use the DNS to find remote IP addresses of the hosts with which they might interact. – It is an easily separable standard, “clear text” protocol.

  6. DNS Rendezvous: (1) Query DNS Overview

  7. DNS Rendezvous: (2) Response DNS Overview

  8. DNS Rendezvous: (3) Outbound DNS Overview

  9. DNS Rendezvous: (4) Inbound DNS Overview

  10. Traffic Observation Points DNS Overview

  11. Traffic Observation Points DNS Overview

  12. Traffic Observation Points DNS Overview

  13. Traffic Observation Points DNS Overview

  14. Characteristics of Data Sets

  15. Target Traffic Classification: Port-based method

  16. Residential: Domain Popularity

  17. Office Target Traffic Classification: “named” and “unnamed”

  18. Residential Target Traffic Classification: “named” and “unnamed”

  19. Residential Target Traffic Classification: “named” by popular domains

  20. Host Profiling and Reputation based on Rendezvous Information

  21. Residential Hosts Classification by P2P Host Profile (1 day)

  22. “unnamed” Target Traffic by P2P Profile

  23. Results Summary: Traffic Classified (% bytes)

  24. Rendezvous in Darkspace/Grayspace? ● Darkspace and Unsolicited : a host uses some technique to choose remote/peer IP addresses – Algorithm , e.g., scanning a contiguous set of IP addresses in series, choosing IP addresses at random – Bug , e.g. D-link products connect to 45.52.84.48, the 7-bit string “-4T0”, believed to be a stray value left in an uninitialized 32-bit integer meant to store an SMTP server's IP address [Yegneswaran, Barford, Plonka, 2004] – Misconfiguration or stale configuration, e.g., SNMP traps to various 45/8 addresses from Interop events – IP prefixes become encumbered by legacy roles

  25. TreeTop: Rendezvous-annotated Flow Export

  27. TreeTop: radix tries and domain trees

  28. [3 private slides redacted]

  29. Discussion ● In what circumstances can we trust rendezvous information for traffic classification or host profiling/reputation? ● Tap rendezvous methods other than the DNS; e.g., application-specific methods (WWW, P2P); are they discoverable, separable and clear? ● Should we alter or invent rendezvous protocols to better inform classification and packet treatment? ● Is rendezvous a useful unifying analysis concept?

  30. A Rendezvous-based Paradigm A Rendezvous-based Paradigm for Analysis of Solicited and for Analysis of Solicited and Unsolicited Traffic Unsolicited Traffic FIN David Plonka & Paul Barford {plonka,pb}@cs.wisc.edu

Recommend

Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification,

Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification,

Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification, Measurement, and Analysis and Analysis ISC/CAIDA Data Collaboration Workshop October 22, 2012 David Plonka & Paul Barford

1.33k views • 26 slides
Design Aspects of HIP Design Aspects of HIP Rendezvous Mechanisms Rendezvous Mechanisms draft-

Design Aspects of HIP Design Aspects of HIP Rendezvous Mechanisms Rendezvous Mechanisms draft-

Design Aspects of HIP Design Aspects of HIP Rendezvous Mechanisms Rendezvous Mechanisms draft- -eggert eggert- -hip hip- -rendezvous rendezvous- -01 01 draft Lars Eggert and Marco Liebsch NEC IETF-60, San Diego, CA, USA August 6,

507 views • 11 slides
Implementing CRSM Rendezvous Communication for a Distributed Robotic System B. Election Reddy

Implementing CRSM Rendezvous Communication for a Distributed Robotic System B. Election Reddy

Concurrent Languages Fire Bird Platform CRP Rendezvous Rendezvous Implementation Network Problems Case Study: Treasure Hunt Summary Future Work Implementing CRSM Rendezvous Communication for a Distributed Robotic System B. Election Reddy

419 views • 39 slides
INF4140 - Models of concurrency RPC and Rendezvous INF4140 28 Oct. 2013 2 / 38 RPC and

INF4140 - Models of concurrency RPC and Rendezvous INF4140 28 Oct. 2013 2 / 38 RPC and

INF4140 - Models of concurrency RPC and Rendezvous INF4140 28 Oct. 2013 2 / 38 RPC and Rendezvous Outline More on asynchronous message passing interacting processes with different patterns of communication Summary Remote procedure calls

966 views • 38 slides
RPC and Rendezvous INF4140 01.11.12 Lecture 9 Outline More on asynchronous message passing

RPC and Rendezvous INF4140 01.11.12 Lecture 9 Outline More on asynchronous message passing

RPC and Rendezvous INF4140 01.11.12 Lecture 9 Outline More on asynchronous message passing Interacting processes with different patterns of communication Summary Remote procedure call (RPC) What is RPC Example: time server Rendezvous

476 views • 33 slides
Background ArDeZ - Overview Communication Sensor Networks period Low cost nodes

Background ArDeZ - Overview Communication Sensor Networks period Low cost nodes

Outline Background ArDeZ: An Asymmetric Rendezvous ArDeZ Based MAC for Sensor Networks Overview Channel Setup Kwan-Wu Chin and Raad Raad Generating Pseudo-random Rendezvous Periods Telecommunications and Information

325 views • 6 slides
XI International Rendezvous of the Forums of Psychoanalysis of the Lacanian Field "Treatments

XI International Rendezvous of the Forums of Psychoanalysis of the Lacanian Field "Treatments

XI International Rendezvous of the Forums of Psychoanalysis of the Lacanian Field "Treatments of the Body in our times and in psychoanalysis" A few words of Welcome In July 2020 we shall have a Rendezvous for the re-encounter of the

63 views • 3 slides
Multi-Target Rendezvous Search Malika Meghjani, Sandeep Manjanna and Gregory Dudek 2017. 05. 29

Multi-Target Rendezvous Search Malika Meghjani, Sandeep Manjanna and Gregory Dudek 2017. 05. 29

[IROS 2016] Multi-Target Rendezvous Search Malika Meghjani, Sandeep Manjanna and Gregory Dudek 2017. 05. 29 Presented By Suzi Kim Background Rendezvous Problem How two players randomly placed in a known search region X can move at speed one

712 views • 28 slides
PARADIGM Erkin Otles CS 838 PARADIGM Approach We developed an approach called PARADIGM

PARADIGM Erkin Otles CS 838 PARADIGM Approach We developed an approach called PARADIGM

PARADIGM Erkin Otles CS 838 PARADIGM Approach We developed an approach called PARADIGM (PAthway Recognition Algorithm using Data Integration on Genomic Models) to infer the activities of genetic pathways from integrated patient data.

583 views • 30 slides
Akamatsus third flying geese paradigm Model for internal division of labor in East Asia based

Akamatsus third flying geese paradigm Model for internal division of labor in East Asia based

Akamatsus third flying geese paradigm Model for internal division of labor in East Asia based on dynamic comparative advantage Three subpatterns Imports Domestic production Exports Dunnings Eclectic Paradigm (OLI-Model) Ownership

229 views • 4 slides
The Mode Decision INST 154 Apollo at 50 Lunar Orbit Rendezvous Four Bad Ideas Direct Ascent

The Mode Decision INST 154 Apollo at 50 Lunar Orbit Rendezvous Four Bad Ideas Direct Ascent

The Mode Decision INST 154 Apollo at 50 Lunar Orbit Rendezvous Four Bad Ideas Direct Ascent Required an enormous rocket and made the landing much more difficult Earth Orbit Rendezvous, then Direct Ascent Required salvo launches

490 views • 13 slides
The Mode Decision INST 154 Apollo at 50 Lunar Orbit Rendezvous Four Bad Ideas Direct Ascent

The Mode Decision INST 154 Apollo at 50 Lunar Orbit Rendezvous Four Bad Ideas Direct Ascent

The Mode Decision INST 154 Apollo at 50 Lunar Orbit Rendezvous Four Bad Ideas Direct Ascent Required an enormous rocket and made the landing much more difficult Earth Orbit Rendezvous, then Direct Ascent Required salvo launches

131 views • 12 slides
NMR-Based Test Methods - How to Change the Paradigm of f NMR Exclusion The Perspective of a

NMR-Based Test Methods - How to Change the Paradigm of f NMR Exclusion The Perspective of a

The Practical Non-Existance of f Official NMR-Based Test Methods - How to Change the Paradigm of f NMR Exclusion The Perspective of a Small NMR Service Company John Edwards, Process NMR Associates Validation Workshop PANIC NMR Conference

528 views • 29 slides
A Study of Particle Physics based on based on e-Science Paradigm g Kihyeon Cho (On behalf of

A Study of Particle Physics based on based on e-Science Paradigm g Kihyeon Cho (On behalf of

March 9~ 12, 2010 ISGC 2010, Taipei, Taiwan A Study of Particle Physics based on based on e-Science Paradigm g Kihyeon Cho (On behalf of High Energy Physics Team @ KISTI) 1 Thank HEP Team at KISTI Members: Kih Kihyeon Cho Ch Junghyun

433 views • 28 slides
When We First Met: Visual-Inertial Person Localization for Co-Robot Rendezvous Xi Sun, Xinshuo

When We First Met: Visual-Inertial Person Localization for Co-Robot Rendezvous Xi Sun, Xinshuo

When We First Met: Visual-Inertial Person Localization for Co-Robot Rendezvous Xi Sun, Xinshuo Weng, Kris Kitani Robotics Institute, Carnegie Mellon University IROS 2020 Motivation Use case 1: Autonomous vehicle identifies and locates its user

450 views • 25 slides
Opportunity Based Thinking; Is this a Paradigm Shift for a Quality Professional? Angelo

Opportunity Based Thinking; Is this a Paradigm Shift for a Quality Professional? Angelo

Opportunity Based Thinking; Is this a Paradigm Shift for a Quality Professional? Angelo Scangas Quality Support Group, Inc. QSG Meeting 03.29.19 1 @ 2019 Agenda Risks & Opportunities - What we learned during ISO 9001:2015?

380 views • 37 slides
Bury Old Ideas Get Ready for the New Paradigm Redefining Engineering Solutions Based on a Whole

Bury Old Ideas Get Ready for the New Paradigm Redefining Engineering Solutions Based on a Whole

Bury Old Ideas Get Ready for the New Paradigm Redefining Engineering Solutions Based on a Whole New Perspective The First e Source Portal Matches the Right Entities A Unique Community for Engineering Products, Services and Concerns that

1.22k views • 19 slides
Gemini: Rendezvous and Docking INST 154 Apollo at 50 Gemini Objectives To demonstrate

Gemini: Rendezvous and Docking INST 154 Apollo at 50 Gemini Objectives To demonstrate

Gemini: Rendezvous and Docking INST 154 Apollo at 50 Gemini Objectives To demonstrate endurance of humans and equipment in spaceflight for extended periods, at least eight days required for a Moon landing, to a maximum of two weeks

703 views • 25 slides
26/07/2019 DESIGN RESEARCH Design-based research Design research is an emerging paradigm which

26/07/2019 DESIGN RESEARCH Design-based research Design research is an emerging paradigm which

26/07/2019 DESIGN RESEARCH Design-based research Design research is an emerging paradigm which in education: Getting it aims to develop a sequence of activities and to published grasp an empirically grounded understanding of how learning

419 views • 15 slides
A New Interface Paradigm for Motion Capture Based Animation Systems Fernando Wagner da Silva

A New Interface Paradigm for Motion Capture Based Animation Systems Fernando Wagner da Silva

A New Interface Paradigm for Motion Capture Based Animation Systems Fernando Wagner da Silva Luiz Velho Jonas Gomes Paulo Roma Cavalcanti IMPA - Instituto de Matemtica Pura e Aplicada LCG - COPPE/SISTEMAS - UFRJ Rio de Janeiro - Brazil

631 views • 33 slides
The Evolution of Space Rendezvous and Proximity Operations and Implications for Space Security

The Evolution of Space Rendezvous and Proximity Operations and Implications for Space Security

Promoting Cooperative Solutions for Space Sustainability The Evolution of Space Rendezvous and Proximity Operations and Implications for Space Security Dr. Brian Weeden Director of Program Planning Secure World Foundation swfound.org United

229 views • 19 slides
On the Design of Code-Based Signatures Ayoub Otmani ayoub.otmani@unicaen.fr Outline 1.

On the Design of Code-Based Signatures Ayoub Otmani ayoub.otmani@unicaen.fr Outline 1.

Code-Based Cryptography Workshop 2012 9 11 May 2012, Lyngby, Denmark On the Design of Code-Based Signatures Ayoub Otmani ayoub.otmani@unicaen.fr Outline 1. Fiat-Shamir paradigm 2. Hash-and-Sign paradigm 3. Lossy Source Coding

664 views • 50 slides
THE RELIABLE COMPUTING BASE A Paradigm for Software-Based Reliability Michael Engel (TU

THE RELIABLE COMPUTING BASE A Paradigm for Software-Based Reliability Michael Engel (TU

THE RELIABLE COMPUTING BASE A Paradigm for Software-Based Reliability Michael Engel (TU Dortmund), Bj orn D obel (TU Dresden) Braunschweig, 19.09.2012 Motivation Increasing hardware error rate Hardening all hardware is too

634 views • 24 slides
Logic Programming Programming paradigm based on symbolic logic First order predicate calculus

Logic Programming Programming paradigm based on symbolic logic First order predicate calculus

Atkins Logic Programming Programming paradigm based on symbolic logic First order predicate calculus using constants, predicates, functions, variables, connectives, quantifiers, punctuation Start with axioms Prove theorems

196 views • 5 slides

More recommend