detecting distributed attacks using distributed
play

Detecting distributed attacks using distributed processing - PowerPoint PPT Presentation

Aug 22, 2023 •153 likes •549 views

Detecting distributed attacks using distributed processing frameworks RP2 #59 Sudesh Jethoe Overview Introduction Problem Description Research Questions Method Results Conclusion Introduction

  1. Detecting distributed attacks using distributed processing frameworks RP2 #59 Sudesh Jethoe

  2. Overview ● Introduction ● Problem Description ● Research Questions ● Method ● Results ● Conclusion

  3. Introduction http://www.eweek.com/security/slideshows/verisign-sees-sharp-climb-in-ddos-attack-volume-in-q2.html/

  4. Overview ● Introduction ● Problem Description ● Research Questions ● Method ● Results ● Conclusion

  5. Problem Description ● Analysis of large volumes of network traffic data takes time ● A lot of time ● Can we make it faster?

  6. Solution?

  7. Overview ● Introduction ● Problem Description ● Research Questions ● Method ● Results ● Conclusion

  8. Research Questions Main research question: ● How can a distributed processing framework be utilized to identify network anomalies in historical netflow data? Sub questions: ● Which processing framework is best suited for identifying DDOS attacks? ● How can we distinguish anomalies in netflow data? ● Which algorithms for detecting network anomalies exist and how can they be applied in a distributed processing environment?

  9. Overview ● Introduction ● Problem Description ● Research Questions ● Method ● Results ● Conclusion

  10. Method 1)Review distributed processing frameworks 2)Create application for distributed processing framework 3)Implement DDOS-algorithm in application

  11. Distributed processing frameworks

  12. Distributed processing frameworks

  13. Distributed processing frameworks ● Hive – Limited to querying datasets ● Pig – Extend queries with scripting and ML ● Spark – Extract data, transform, query, extendable python

  14. Method 1)Review distributed processing frameworks 2)Create application for distributed processing framework 3)Implement DDOS-algorithm in application

  15. Implementing Spark ● Cluster ● Dataset – 26 nodes Route Dataset Size r – 2x2TB disks 1 83,4 MiB 2 126,7 MiB – AMD Opteron 3vCPU 3 1,1 GiB – 1GB/s ethernet 4 3,1 GiB 5 10 GiB 6 41,5 GiB 7 88,2 GiB 8 99,3 GiB 9 296,4 GiB 10 444,4 GiB

  16. Implementing Spark ● 3 methods – Traditional – Parallelised – Single MapReduce

  17. Implementing Spark ● Traditional 1) retrieve unique intervals 2) partition the data by interval 3) for each interval create counts of packets for each found socket ● Result > 1,5 hour / 84,4 MiB

  18. Implementing Spark ● Parallelised 1) retrieve unique intervals 2) partition the data by interval 3) Parallel: for each interval create counts of packets for each found socket ● Result ~ 10 mins / 126,7 MiB

  19. Implementing Spark ● Single MapReduce 1) Initialize cluster 2) Read network traffic data from HDFS 3) Apply map/reduce to get flow counts for “dest IP:port:protocol:hour” 4) Filter out all counts < #threshold 5) Group results by “port:protocol” 6) Filter out all combinations < #min results 7) Normalize results by “port:protocol 8) Plot all hits for remaining “port:protocol” combinations

  20. Implementing Spark ● Results Dataset Size (GiB) Execution Time (seconds) Rate (MiB/seconds) 0,128 28 4,57 1,1 45,6 4,07 99,3 430,4 231 444,4 / /

  21. Results (126,7 MiB)

  22. Results (126,7 MiB)

  23. Results (88,2 GiB)

  24. Results (10,0 GiB)

  25. Method 1)Review distributed processing frameworks 2)Create application for distributed processing framework 3)Implement DDOS-algorithm in application

  26. Implement DDOS-algorithm in application ● Weighted Moving Average x ( i + 1 ) = yx i +( 1 − y ) ^ ^ x i x i : current valueof x ^ x : estimationx y : smoothing factor

  27. Implement DDOS-algorithm in application ● Adaptive threshold – Uses weighted average – Threshold: Multiple of expected value of the average alert if x i > threshold ∗ ^ x i

  28. Implement DDOS-algorithm in application ● Exponential Weighted Moving Average (EWMA) ● Threshold Gap = 0, avg = X0, Max_Gap = # If Xi < AVG: update(AVG, Xi) If Xi > AVG: Alert() If Gap >= Max_Gap: Gap = 0 update(AVG, Xi) Gap +=1

  29. Overview ● Introduction ● Problem Description ● Research Questions ● Method ● Results ● Conclusion

  30. Results (training 126,7MiB)

  31. Results (training 126,7MiB)

  32. Results (84,3MiB)

  33. Results (88,2 GiB)

  34. Results (88,2 GiB)

  35. Overview ● Introduction ● Problem Description ● Research Questions ● Method ● Results ● Conclusion

  36. Conclusion ● ~ 100 GiB < 10 minutes ● Traffic from different routers require different parameters ● Traffic patterns differ per router and service

  37. Future work ● Optimize framework to handle datasets > 100 GiB ● Test other algorithms on framework ● Apply tuned algorithms to live data ● Identify usage of irregular ports

  38. Questions ● ?

Recommend

ICANN 50 Detecting Distributed DNS Attacks Utilizing Levenshtein String Distances

ICANN 50 Detecting Distributed DNS Attacks Utilizing Levenshtein String Distances

ICANN 50 Detecting Distributed DNS Attacks Utilizing Levenshtein String Distances Nils Clausen, M.Sc. University Lecturer n.clausen@ium.edu.na Detecting Distributed DNS Attacks Utilizing Levenshtein String

328 views • 14 slides
A Machine Learning Approach for Detecting Distributed Denial of Service Attacks Tanaphon Roempluk

A Machine Learning Approach for Detecting Distributed Denial of Service Attacks Tanaphon Roempluk

A Machine Learning Approach for Detecting Distributed Denial of Service Attacks Tanaphon Roempluk Master's degree studying Majoring in Information technology Faculty of informatics, Mahasarakham University The 4th International Conference on

207 views • 17 slides
Detecting Distributed Denial of Service Attacks: A Neural Network Approach Gulay Oke

Detecting Distributed Denial of Service Attacks: A Neural Network Approach Gulay Oke

Detecting Distributed Denial of Service Attacks: A Neural Network Approach Gulay Oke (g.oke@imperial.ac.uk) Intelligent Systems and Networks Group Dept. of Electrical and Electronic Engineering Imperial College London Multi-Service

681 views • 21 slides
Using Network-Wide Flow Data Anukool Lakhina with Mark Crovella and Christophe Diot FloCon,

Using Network-Wide Flow Data Anukool Lakhina with Mark Crovella and Christophe Diot FloCon,

Detecting Distributed Attacks Using Network-Wide Flow Data Anukool Lakhina with Mark Crovella and Christophe Diot FloCon, September 21, 2005 The Problem of Distributed Attacks NYC Victim network LA ATLA Continue to become more

485 views • 33 slides
Distributed Coordination What makes a system distributed? Time in a distributed system

Distributed Coordination What makes a system distributed? Time in a distributed system

CPSC-410/611: Operating Systems Distr Coord Distributed Coordination What makes a system distributed? Time in a distributed system How do we determine the global state of a distributed system? Event ordering Mutual exclusion

405 views • 12 slides
DCatch: Automatically Detecting Distributed Concurrency Bugs in Cloud Systems Haopeng Liu ,

DCatch: Automatically Detecting Distributed Concurrency Bugs in Cloud Systems Haopeng Liu ,

1 DCatch: Automatically Detecting Distributed Concurrency Bugs in Cloud Systems Haopeng Liu , Guangpu Li, Jeffrey Lukman, Jiaxin Li, Shan Lu, Haryadi Gunawi, and Chen Tian* * 2 Cloud systems 3 Cloud systems 4 Distributed concurrency bugs

1.3k views • 93 slides
Security Psychology Topics Weve Covered Ethics Distributed Systems (and attacks

Security Psychology Topics Weve Covered Ethics Distributed Systems (and attacks

Security Psychology Topics Weve Covered Ethics Distributed Systems (and attacks thereof) XSS CSRF SQL injection Most of these attacks are enabled by social engineering. Todays Class Pretexting Phishing

587 views • 25 slides
Outline Distributed Denial of Service Introduction Attacks Characteristics of DDoS

Outline Distributed Denial of Service Introduction Attacks Characteristics of DDoS

Outline Distributed Denial of Service Introduction Attacks Characteristics of DDoS attacks CS 239 Some examples Security for Networks and Proposed prevention methods System Software May 15, 2002 Lecture 12 Lecture 12

421 views • 9 slides
Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a distributed Definitions implementation of a classical time-sharing model of a file Distributed system - A number of loosely coupled system. machines

997 views • 8 slides
Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges

Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges

5/19/2018 Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges scalability and performance apps require more resources than one computer has 13B. Distributed Systems: Communication grow

131 views • 9 slides
Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges

Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges

5/17/2017 Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges scalability and performance apps require more resources than one computer has 13B. Distributed Systems: Communication grow

572 views • 7 slides
Distributed Systems Just what is a Distributed System? Definitions &quot;A Distributed System

Distributed Systems Just what is a Distributed System? Definitions &quot;A Distributed System

Distributed Systems Just what is a Distributed System? Definitions &quot;A Distributed System is one in which components located at networked computers communicate and coordinate their actions only by passing messages&quot;. [Coulouris,

800 views • 42 slides
Distributed Databases 1 19.1 Distributed Database System A distributed database system

Distributed Databases 1 19.1 Distributed Database System A distributed database system

Distributed Databases 1 19.1 Distributed Database System A distributed database system consists of loosely coupled sites that share no physical component Database systems that run on each site are independent of each other

761 views • 42 slides
Overview Distributed Services for Distributed VPNs Objectives for Robust Time

Overview Distributed Services for Distributed VPNs Objectives for Robust Time

Michael Rossberg, Rene Golembewski, Guenter Schaefer Ilmenau University of Technology, Germany ICCCN 2012 Attack-Resistant Distributed Time Synchronization for Virtual Private Networks Overview Distributed Services for Distributed VPNs

212 views • 9 slides
Distributed Denial of Service Attacks &amp; Defenses Guest Lecture by: Vamsi Kambhampati Fall

Distributed Denial of Service Attacks &amp; Defenses Guest Lecture by: Vamsi Kambhampati Fall

Distributed Denial of Service Attacks &amp; Defenses Guest Lecture by: Vamsi Kambhampati Fall 2011 Distributed Denial of Service (DDoS) Exhaust resources of a target, or the resources it depends on Resources: CPU, Memory, Bandwidth

427 views • 23 slides
Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp;

Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp;

Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp; Design , George Coulouris, et al. and Engineering Distributed Objects , Wolfgang Emmerich Outline What is a Distributed System? Examples of

961 views • 36 slides
Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp;

Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp;

Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp; Design , George Coulouris, et al. and Engineering Distributed Objects , Wolfgang Emmerich Outline What is a Distributed System? Examples of

565 views • 18 slides
CyberWarfare Defense against Penetration T esting and distributed Denial-of-Service Attacks The

CyberWarfare Defense against Penetration T esting and distributed Denial-of-Service Attacks The

CyberWarfare Defense against Penetration T esting and distributed Denial-of-Service Attacks The Foundation of Network Security Stand-alone (ISP/Carrier Server Farm) modular TIPS for Perimeter Defense We brought a prototype for you!

263 views • 24 slides
Distributed Systems (ICE 601) Distributed Transactions Dongman Lee ICU Class Overview

Distributed Systems (ICE 601) Distributed Transactions Dongman Lee ICU Class Overview

Distributed Systems (ICE 601) Distributed Transactions Dongman Lee ICU Class Overview Distributed Transactions Atomic Commit Protocol Distributed Deadlock Distributed Systems - Distributed Transactions 1 Distributed

1.12k views • 10 slides
Distributed Systems of distributed systems Types of Distributed Describe various

Distributed Systems of distributed systems Types of Distributed Describe various

Objectives/Outline (selected topics from chapter 16 &amp; 18) Objectives Outline Provide a high-level overview Introduction Distributed Systems of distributed systems Types of Distributed Describe various methods for

436 views • 9 slides
Distributed, Egocentric Representations of Graphs for Detecting Critical Structures Ruo-Chun Tzeng

Distributed, Egocentric Representations of Graphs for Detecting Critical Structures Ruo-Chun Tzeng

Distributed, Egocentric Representations of Graphs for Detecting Critical Structures Ruo-Chun Tzeng 1 Shan-Hung Wu 2 1 Microsoft Inc, Taiwan 2 National Tsing Hua University, Taiwan International Conference on Machine Learning, 2019 Ruo-Chun Tzeng

496 views • 15 slides
Distributed, Egocentric Representations of Graphs for Detecting Critical Structures Ruo-Chun Tzeng

Distributed, Egocentric Representations of Graphs for Detecting Critical Structures Ruo-Chun Tzeng

Distributed, Egocentric Representations of Graphs for Detecting Critical Structures Ruo-Chun Tzeng 1 Shan-Hung Wu 2 1 Microsoft Inc, Taiwan 2 National Tsing Hua University, Taiwan 36th International Conference on Machine Learning Ruo-Chun Tzeng,

299 views • 10 slides
Course introduction Defining distributed system s A distributed system is one in which

Course introduction Defining distributed system s A distributed system is one in which

Distributed System s Fall 2 0 0 8 Course introduction Defining distributed system s A distributed system is one in which components located at networked computers communicate and coordinate their actions by passing messages. (Coulouris,

579 views • 42 slides
Research Interests Distributed algorithms Distributed shared memory systems Distributed

Research Interests Distributed algorithms Distributed shared memory systems Distributed

Privacy &amp; Security in Machine Learning / Optimization Nitin Vaidya University of Illinois at Urbana-Champaign disc.ece.illinois.edu Research Interests Distributed algorithms Distributed shared memory systems Distributed

1.2k views • 70 slides

More recommend