automatic intrusion recovery with system wide history
play

Automatic intrusion recovery with system-wide history Taesoo Kim - PowerPoint PPT Presentation

Jan 26, 2023 •597 likes •1.76k views

Automatic intrusion recovery with system-wide history Taesoo Kim MIT CSAIL Current focus of system security: preventing attacks System hardening tools/techniques (e.g.,) Firewall, AntiVirus 2 My work on preventing attacks

  1. Step 3: replay non-attack inputs Time Inputs Outputs Attack input X Virtual machine 48

  2. Problems with VM replay ● VM replay is expensive – Repairing a week-old attack needs a week for replay ● Past inputs are meaningless to new system – Non-determinism: new SSH crypto keys ... – Deterministic replay won't work 49

  3. Retro's approach: Action history graph ● Represent fjne-grained history – Includes kernel objects, system calls, function calls, … – Assume tamper-proof kernel, storage 50

  4. Retro's approach: Action history graph ● Represent fjne-grained history – Includes kernel objects, system calls, function calls, … – Assume tamper-proof kernel, storage ● Rollback objects directly afected by attack – Avoid the false positives of Taint tracking ● Selectively re-execute indirectly afected actions – Avoid the expensive VM replay 51

  5. Action history graph: Objects represent fjles, processes adduser Attacker's password Admin's Time Alice process fjle shell 52

  6. Action history graph: Actions represent execution (syscall) adduser Attacker's password Admin's Time Alice process fjle shell 53

  7. Action history graph: Actions have dependencies adduser Attacker's password Admin's Time Alice process fjle shell w r i t e ( o f s e t , d a t a ) 54

  8. Action history graph: Actions have dependencies adduser Attacker's password Admin's Time Alice process fjle shell w r i t e exec ( o f s e t , d (prog, args, ..) a t a ) 55

  9. Action history graph: Actions have dependencies adduser Attacker's password Admin's Time Alice process fjle shell w r i t e exec ( o f s e t , d (prog, args, ..) a t a ) read (ofset, data) e t i r w ) a t a d , t e s f o ( e x i t ( s t a t u s ) 56

  10. Action history graph: Objects have checkpoints adduser Attacker's password Admin's Time Alice process fjle shell w r i t e exec ( o f s e t , d (prog, args, ..) a t a ) read (ofset, data) e t i r w ) a t a d , t e s f o ( e x i t ( s t a t u s ) 57

  11. Step 1: fjnd attack action adduser Attacker's password Admin's Time Alice process fjle shell w r i t e exec ( o f s e t , d (prog, args, ..) a t a ) read (ofset, data) e t i r w ) a t a d , t e s f o ( e x i t ( s t a t u s ) 58

  12. Step 2: rollback afgected objects adduser Attacker's password Admin's Time Alice process fjle shell w r i t e exec ( o f s e t , d (prog, args, ..) a t a ) read (ofset, data) e t i r w ) a t a d , t e s f o ( e x i t ( s t a t u s ) 59

  13. Step 3: skip attack action adduser Attacker's password Admin's Time Alice process fjle shell w r i t e X ( o exec f s e t , d a t a (prog, args, ..) ) read (ofset, data) e t i r w ) a t a d , t e s f o ( e x i t ( s t a t u s ) 60

  14. Step 4: redo non-attack actions adduser Attacker's password Admin's Time Alice process fjle shell w r i t e X ( o exec f s e t , d a t a (prog, args, ..) ) read (ofset, data) e t i r w ) a t a d , t e s f o ( e x i t ( s t a t u s ) 61

  15. Repeat step 2: rollback objects adduser Attacker's password Admin's Time Alice process fjle shell w r i t e X ( o exec f s e t , d a t a (prog, args, ..) ) read (ofset, data) e t i r w ) a t a d , t e s f o ( e x i t ( s t a t u s ) 62

  16. Repeat step 3: redo actions adduser Attacker's password Admin's Time Alice process fjle shell w r i t e X ( o exec f s e t , d a t a (prog, args, ..) ) read (ofset, data) Key advantage over e t i r w ) a t a d VM replay: , t e s f o ( Re-run only adduser, e x i t not entire VM. ( s t a t u s ) 63

  17. Repeat step 3: redo actions adduser Attacker's password Admin's Time Alice process fjle shell w r i t e X ( o exec f s e t , d a t a (prog, args, ..) ) read (ofset, data) e t i r w ) a t a d , t e s f o ( e x i t ( s t a t u s ) 64

  18. Repeat step 3: redo actions adduser Attacker's password Admin's Time Alice process fjle shell w r i t e X ( o exec f s e t , d a t a (prog, args, ..) ) read (ofset, data) Key advantage over e t i r w Taint tracking: ) a t a d , t e s f o ( Attacker removed, e x Alice account preserved i t ( s t a t u s ) 65

  19. Challenge: how to avoid re-executing everything? adduser Attacker's password Admin's Time Alice process fjle shell w r i t e Exit status afgects shell, X ( o exec f s e t , d a t a (prog, args, ..) ) which afgects sshd, and so on… read (ofset, data) Naïve process-level re-execution e still re-executes entire system! t i r w ) a t a d , t e s f o ( e x i t ( s t a t u s ) 66

  20. Observation: Admin's shell was not afgected ● “Adduser alice” succeed as before – This is what Admin wanted to do – If failed, need to re-execute Admin's shell 67

  21. Example 1: exit status to shell unchanged adduser Attacker's password Admin's Time Alice process fjle shell w r i t e X ( o exec f s e t , d a t a (prog, args, ..) ) read (ofset, data) e t i r w ) a t a d , t e s f o ( e x i t ( s t a t u s ) 68

  22. Predicates: avoid equivalent re-execution adduser Attacker's password Admin's Time Alice process fjle shell w r i t e X ( o exec f s e t , d a t a (prog, args, ..) ) Check if adduser read (ofset, data) succeed as before? Skip the re-run e t i r w ) a t a d , t of admin's shell e s f o ( e x i t ( s t a t u s ) 69

  23. Example 2: user's password unchanged Attacker's password Alice's Time process fjle SSHD w r i t e X ( o f s e t , d a t a ) r e a d ( o f s e t , d a t a ) 70

  24. Observation: Alice's SSHD was not afgected ● Alice's SSHD checked only Alice's account – This is what Alice's SSHD wanted to do – If Alice's account changed, need to re-execute SSHD 71

  25. Refjnement : exploits high-level semantics getpwnam() Attacker's password Alice's Time function process fjle SSHD w r i t e X ( o f s e t , d a t l l a a ) c ) ” e c i l a “ read ( m a n w p t e (ofset, data) g return (Alice's password) 72

  26. Refjnement : Get username, exploits high-level semantics return passwd entry getpwnam() Attacker's password Alice's Time function process fjle SSHD w r i t e X ( o f s e t , d a t l l a a ) c ) ” e c i l a “ read ( m a n w p t e (ofset, data) g return (Alice's password) 73

  27. Refjnement : exploits high-level semantics getpwnam() Attacker's password Alice's Time function process fjle SSHD w r i t e X ( o f s e t , d a t l l a a ) c ) ” e c i l a “ read ( m a n w p t e (ofset, data) g return (Alice's password) 74

  28. Refjnement : exploits high-level semantics getpwnam() Attacker's password Alice's Time function process fjle SSHD w r i t e X ( o f s e t , d a t l l a a ) c ) ” e c i l a “ read ( m a n w p t e (ofset, data) g return Rerun getpwnam() (Alice's password) instead of SSHD 75

  29. Refjnement : exploits high-level semantics getpwnam() Attacker's password Alice's Time function process fjle SSHD w r i t e X ( o f s e t , d a t l l a a ) c ) ” e c i l a “ read ( m a n w p t e (ofset, data) g return (Alice's password) Predicate: Check if return same Alice's passwd? Skip the re-run of Alice's SSHD 76

  30. Quick summary: Retro's approach ● Action history graph: represent history in detail ● Two techniques to minimize re-execution: – Predicates : skips equivalent computations – Refjnement : re-executes fjne-grained actions 77

  31. Challenge: external dependencies ● What if the attack was externally-visible? – Spam sent out ... – Hard in general case ask for user's decision → ● Help users to understand repaired state – (e.g.) notify user spam email was sent out ... 78

  32. Compensating action: notify changes in terminal output ... [redo] cat ~/.ssh/authorized_keys ... ! --- old ! +++ new ! @@ -1,3 +1,2 @@ ! ssh-rsa AAAAB3NzaC1yc2EAAAABIw... vagrant ! -ssh-rsa AAAAB3NzaC1yc2EAAAADAQ... attacker ! ssh-rsa AAAAB3NzaC1yc2EAAAAAao... new pubkey ... You should not have seen this output! 79

  33. Retro implementation Processes Runtime: Record action history graph Action history graph Userspace Kernel Linux kernel Retro module File system (checkpts) 80

  34. Retro implementation Processes Repair Managers Repair (e.g., fs, terminal ..) Controller Action history graph Userspace Recovery: repair logic/mgr Kernel Linux kernel Retro module File system (checkpts) 81

  35. Application specifjc mgrs Retro implementation using well-defjned API Processes Repair Managers Repair (e.g., fs, terminal ..) Controller Action history graph Userspace Kernel Linux kernel Retro module File system (checkpts) 82

  36. Demo: recovering from inadvertently installed virus ● Backtracking tool ● Selective re-execution ● Compensating action 83

  37. Problem: detecting an entry point of attacks is hard ● How to fjnd one-month-old attack? ● Too much information – Manual analysis is time-consuming 84

  38. Observation: security patch renders attack harmless ● Escape URL arguments for fjrefox // slider.c - sprintf(cmd, “firefox %s”, evt->uri); + sprintf(cmd, “firefox %s”, escape(evt->uri)); slider sh slider sh fjrefox virus fjrefox virus x vs Unpatched Patched 85

  39. Approach: comparing both histories to detect past attacks ● How can we get history of patched execution? – Replay inputs after applying security patches – Diferent history potential threats → slider sh slider sh fjrefox virus fjrefox virus x vs Unpatched Patched 86

  40. Approach: comparing both histories to detect past attacks ● How can we get history of 'secure' execution? Turn manual efgort of auditing process – Replay one more after applying security patches into computational problem! – Diferent history potential threats → (patch-based auditing) slider sh slider sh fjrefox virus fjrefox virus x vs Unpatched Patched 87

  41. Challenge: performance ● Re-executing is costly for busy computer – Auditing requests re-executes all requests again → – Auditing one month takes another month! → 88

  42. Three techniques developed for partial re-execution ● Control fmow fjltering – Audit possibly afected executions ● Function-level auditing – Compare function-level executions ● Memoized re-execution – Avoid duplicated executions while replaying 89

  43. Putting all together: fjxing our past & future with patch Patch from upstream (fjxing a bug in SSHD) Aug. ?? Aug. 28 st Sept. 1 st Oct. 3 rd 2011 ... ... ? 1. Manual and time consuming 2. Lost changes 3. No guarantees (safe to rollback?) (a month!) 90

  44. Putting all together: fjxing our past & future with patch ● Automatic detection Patch from upstream (fjxing a bug in SSHD) x Aug. ?? Aug. 28 st Sept. 1 st Oct. 3 rd 2011 ... ... ? 1. Manual and time consuming 2. Lost changes 3. No guarantees (safe to rollback?) (a month!) 91

  45. Putting all together: fjxing our past & future with patch ● Automatic detection Patch from upstream ● Preserve changes (fjxing a bug in SSHD) x x Aug. ?? Aug. 28 st Sept. 1 st Oct. 3 rd 2011 ... ... ? 1. Manual and time consuming 2. Lost changes 3. No guarantees (safe to rollback?) (a month!) 92

  46. Putting all together: fjxing our past & future with patch ● Automatic detection Patch from upstream ● Preserve changes (fjxing a bug in SSHD) ● Strong guarantees x x x Aug. ?? Aug. 28 st Sept. 1 st Oct. 3 rd 2011 ... ... ? 1. Manual and time consuming 2. Lost changes 3. No guarantees (safe to rollback?) (a month!) 93

  47. Putting all together: fjxing our past & future with patch ● Automatic detection Patch from upstream ● Preserve changes (fjxing a bug in SSHD) ● Strong guarantees x x x Aug. ?? Aug. 28 st Sept. 1 st Oct. 3 rd 2011 Whenever new patches are released, ... ... ? not only prevent future attacks, 1. Manual and time consuming but also detect and repair past attacks for free ! 2. Lost changes 3. No guarantees (safe to rollback?) (a month!) 94

  48. Summary of our approach: building real systems ● Existing systems are not designed for history – Implicit dependencies and time-line ● Attacks can be anywhere in the history – Attacks are often detected days or weeks later ● History can not be changed in some cases – External dependencies: spam sent out 95

  49. Summary of our approach: building real systems ● Existing systems are not designed for history – Implicit dependencies and time-line → Action history graph & re-execution techniques ● Attacks can be anywhere in the history – Attacks are often detected days or weeks later ● History can not be changed in some cases – External dependencies: spam sent out 96

  50. Summary of our approach: building real systems ● Existing systems are not designed for history – Implicit dependencies and time-line → Action history graph & re-execution techniques ● Attacks can be anywhere in the history – Attacks are often detected days or weeks later → Patch-based auditing ● History can not be changed in some cases – External dependencies: spam sent out 97

  51. Summary of our approach: building real systems ● Existing systems are not designed for history – Implicit dependencies and time-line → Action history graph & re-execution techniques ● Attacks can be anywhere in the history – Attacks are often detected days or weeks later → Patch-based auditing ● History can not be changed in some cases – External dependencies: spam sent out → (Not solved) compensating actions in some cases (see our recent work, Aire [SOSP'13] in this direction of research) 98

  52. Evaluation questions ● Automatic intrusion recovery – How much better than manual repair? – How much runtime overhead? ● Patch-based auditing – What attacks can be detected? – How fast is re-execution? 99

  53. Experimental setup for Retro (automatic recovery) ● 2.8 GHz Intel Core i7, 8 GB RAM ● 64-bit Linux 2.6.35 ● Tested with – 2 real-world attacks from Honeypot – 8 synthetic attacks 100

Recommend

Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion

Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion

Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion Detection Systems Tripwire Snort 2 IDS (Definition) Intrusion Detection is the process of monitoring the events occurring in a computer

571 views • 30 slides
Intrusion Recovery using Selective Re-execution Taesoo Kim, Xi Wang, Nickolai Zeldovich , M.

Intrusion Recovery using Selective Re-execution Taesoo Kim, Xi Wang, Nickolai Zeldovich , M.

Intrusion Recovery using Selective Re-execution Taesoo Kim, Xi Wang, Nickolai Zeldovich , M. Frans Kaashoek MIT CSAIL Attackers routinely compromise system integrity Attackers routinely compromise system integrity Attackers routinely

1.23k views • 74 slides
Reversal, Referral, Recovery Health System-wide Sustainable Peer Program Best Practice November

Reversal, Referral, Recovery Health System-wide Sustainable Peer Program Best Practice November

Opioid Overdose Response: Reversal, Referral, Recovery Health System-wide Sustainable Peer Program Best Practice November 9, 2016 EPIDEMIOLOGICAL TOOLS SAMHSA SUPPORTS SERVICES ON THE FRONT LINES 4 SAMHSA LOCATORS FOR SERVICE PROVIDERS

396 views • 15 slides
Detecting and Surviving Intrusions Exploring New Host-Based Intrusion Detection, Recovery, and

Detecting and Surviving Intrusions Exploring New Host-Based Intrusion Detection, Recovery, and

Detecting and Surviving Intrusions Exploring New Host-Based Intrusion Detection, Recovery, and Response Approaches Ph.D. Thesis Defense December 17th, 2019 1 HP Labs (ronny.chevalier@hp.com) 2 CIDRE Team, CentraleSuplec/Inria/CNRS/IRISA

1.66k views • 140 slides
Best Practices for Recovery Houses Fred Way Pennsylvania Alliance of Recovery Residences

Best Practices for Recovery Houses Fred Way Pennsylvania Alliance of Recovery Residences

Best Practices for Recovery Houses Fred Way Pennsylvania Alliance of Recovery Residences National Alliance for Recovery Residences s HISTORY OF OAS RECOVERY HOUSE SYSTEM AND STANDARDS In Fisc scal al Year 1995 the Philad adelphia

1.15k views • 35 slides
System Health and Intrusion Monitoring System Health and Intrusion Monitoring Using a Hierarchy

System Health and Intrusion Monitoring System Health and Intrusion Monitoring Using a Hierarchy

Advanced Security Research System Health and Intrusion Monitoring System Health and Intrusion Monitoring Using a Hierarchy of Constraints Using a Hierarchy of Constraints Calvin Ko Calvin Ko , Network Associates, Inc. NAI Labs , Network

462 views • 27 slides
Survivor: A Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems

Survivor: A Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems

Survivor: A Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems ACSAC, December 13th, 2019 1 HP Labs, United Kingdom (ronny.chevalier@hp.com, david.plaquin@hp.com, cid@hp.com) 2 CIDRE Team,

820 views • 56 slides
Asynchronous intrusion recovery for interconnected web services Ramesh Chandra, Taesoo Kim ,

Asynchronous intrusion recovery for interconnected web services Ramesh Chandra, Taesoo Kim ,

Asynchronous intrusion recovery for interconnected web services Ramesh Chandra, Taesoo Kim , Nickolai Zeldovich MIT CSAIL Today's web services are highly interconnected Many web services provide APIs to other sites Many websites

1.17k views • 82 slides
SHAC PRESENTATION SEPTEMBER 2011 Members: Maura ORahilly - SAC system wide Kathy Carney

SHAC PRESENTATION SEPTEMBER 2011 Members: Maura ORahilly - SAC system wide Kathy Carney

SHAC PRESENTATION SEPTEMBER 2011 Members: Maura ORahilly - SAC system wide Kathy Carney Nurse Leader system wide Mark Talbot Administrator system wide Anne Ward School Committee rep Friend Weiler- SRO system wide Shannon Jones

501 views • 17 slides
Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection

Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection

Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection solution is impossible Good behavior on one system is bad behavior on another Behaviors change and new vulnerabilities are discovered

700 views • 23 slides
DGLab Question Answering System & Automatic Evaluation Method at NTCIR-13 QA Lab-3 for

DGLab Question Answering System & Automatic Evaluation Method at NTCIR-13 QA Lab-3 for

DGLab Question Answering System & Automatic Evaluation Method at NTCIR-13 QA Lab-3 for University Entrance Exam on World History Essay Mike Tian-Jian Jiang DG Lab, Digital Garage, Inc., Japan 2017-12-07 1/14 Outline Motif:

507 views • 14 slides
Chapter 15: Recovery System Failure Classification Storage Structure Recovery and

Chapter 15: Recovery System Failure Classification Storage Structure Recovery and

' $ Chapter 15: Recovery System Failure Classification Storage Structure Recovery and Atomicity Log-Based Recovery Shadow Paging Recovery With Concurrent Transactions Buffer Management Failure with Loss of

375 views • 21 slides
optiMize Plant Wide Automatic Process & Production Diagnostics Hot Cold Foil Levelling

optiMize Plant Wide Automatic Process & Production Diagnostics Hot Cold Foil Levelling

optiMize Plant Wide Automatic Process & Production Diagnostics Hot Cold Foil Levelling Slitting Coating Casting Heating Testing Casting Automatic tracking of material and machine performance through the whole process Finishing

868 views • 43 slides
Program Evaluation: Math Recovery Spring 2018 Math Recovery Goals & History Goal : Provide

Program Evaluation: Math Recovery Spring 2018 Math Recovery Goals & History Goal : Provide

Program Evaluation: Math Recovery Spring 2018 Math Recovery Goals & History Goal : Provide a research based, data driven approach to support numeracy for students Partnership with Math Recovery Council started in 2012 Trainings

303 views • 8 slides
Building a provenance-based intrusion detection system Thomas Pasquier, University of Bristol

Building a provenance-based intrusion detection system Thomas Pasquier, University of Bristol

Building a provenance-based intrusion detection system Thomas Pasquier, University of Bristol Toshiba, 26/11/2020 1 Talk loosely based on following publications Han et al. UNICORN: Revisiting Host-Based Intrusion Detection in the Age of

783 views • 55 slides
SURFnet IDS / OS3 UvA Project Extension of the SURFnet Intrusion Detection System Sensors to

SURFnet IDS / OS3 UvA Project Extension of the SURFnet Intrusion Detection System Sensors to

SURFnet IDS / OS3 UvA Project Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Michael Rave Coen Steenbeek 7 February 2007 Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP

203 views • 18 slides
Recovery College: Influencing Recovery-Related Outcomes, Culture and System Transformation Dr.

Recovery College: Influencing Recovery-Related Outcomes, Culture and System Transformation Dr.

Recovery College: Influencing Recovery-Related Outcomes, Culture and System Transformation Dr. Simone Arbour, Allison Stevens and James Gasparini Objectives 1. Outline the defining features of a Recovery College. 2. Provide an overview of

585 views • 25 slides
Expansion of the SURFnet Intrusion Detection System R. Buijs P. Siekerman System and Network

Expansion of the SURFnet Intrusion Detection System R. Buijs P. Siekerman System and Network

Expansion of the SURFnet Intrusion Detection System R. Buijs P. Siekerman System and Network Engineering 7-2-2007 R. Buijs P. Siekerman (SNE) Expansion of SURFnet IDS 7-2-2007 1 / 18 Contents Assignment 1 Intrusion Detection Systems 2

454 views • 18 slides
Intrusion Recovery for Database-backed Web Applications Ramesh Chandra , Taesoo Kim, Meelap Shah,

Intrusion Recovery for Database-backed Web Applications Ramesh Chandra , Taesoo Kim, Meelap Shah,

Intrusion Recovery for Database-backed Web Applications Ramesh Chandra , Taesoo Kim, Meelap Shah, Neha Narula, Nickolai Zeldovich MIT CSAIL Web applications routinely compromised Web applications routinely compromised Web applications

1.44k views • 75 slides
Introduction to Automatic Packet Reporting System ( APRS) Michael Deaver KG5JBJ-9 Nov 2016

Introduction to Automatic Packet Reporting System ( APRS) Michael Deaver KG5JBJ-9 Nov 2016

Katy Amateur Radio Society Introduction to Automatic Packet Reporting System ( APRS) Michael Deaver KG5JBJ-9 Nov 2016 KARS APRS History In 1982, Bob Bruninga (WB4APR), a senior research engineer at the United States Naval Academy,

278 views • 27 slides
Model-based Intrusion Detec3on System (IDS) for Smart Meters

Model-based Intrusion Detec3on System (IDS) for Smart Meters

Model-based Intrusion Detec3on System (IDS) for Smart Meters Karthik Pa*abiraman and Farid Tabrizi Dependable Systems Lab University of Bri3sh Columbia

626 views • 40 slides
Automatic and Coordinated Job Recovery for High Performance Computing Wei Tang 1 , Zhiling Lan 1 ,

Automatic and Coordinated Job Recovery for High Performance Computing Wei Tang 1 , Zhiling Lan 1 ,

Automatic and Coordinated Job Recovery for High Performance Computing Wei Tang 1 , Zhiling Lan 1 , Narayan Desai 2 , and Daniel Buettner 2 1 Illinois Insistute of Technology and 2 Argonne National Laboratory Nov 15, 2010 Wei Tang, Zhiling Lan,

346 views • 24 slides
MCG-ICT-CAS TRECVID 2008 Automatic Video 2008 Automatic Video Retrieval System Retrieval System

MCG-ICT-CAS TRECVID 2008 Automatic Video 2008 Automatic Video Retrieval System Retrieval System

MCG-ICT-CAS TRECVID 2008 Automatic Video 2008 Automatic Video Retrieval System Retrieval System Juan Cao, Yong-dong Zhang, , g g g, Bai-lan Feng, Xiu-feng Hua, Lei Bao, Xu Zhang INSTITUT INS TE O E OF CO Multimedia Computing Group

525 views • 24 slides
Intrusion Detection and Prevention System (IPS) Technology, Applications, and Trend Dr.

Intrusion Detection and Prevention System (IPS) Technology, Applications, and Trend Dr.

Intrusion Detection and Prevention System (IPS) Technology, Applications, and Trend Dr. Nen-Fu (Fred) Huang Professor, Department of Computer Science, National Tsing Hua University, Taiwan President, Broadweb Corp, Taiwan E-mail:

846 views • 41 slides

More recommend