measurement research to the web calamity s rescue
play

Measurement Research to the Web Calamity's Rescue Gregory BLANC - PowerPoint PPT Presentation

Dec 07, 2022 •159 likes •417 views

Measurement Research to the Web Calamity's Rescue Gregory BLANC Internet Engineering Laboratory Nara Institute of Science Technology WIDE member 3rd CAIDA-WIDE-CASFI Measurement Workshop April 24-25, 2010, Osaka Sunday, April 25, 2010 What

  1. Measurement Research to the Web Calamity's Rescue Gregory BLANC Internet Engineering Laboratory Nara Institute of Science Technology WIDE member 3rd CAIDA-WIDE-CASFI Measurement Workshop April 24-25, 2010, Osaka Sunday, April 25, 2010

  2. What measurement does? • CAIDA: malicious activity analysis, traffic classification, data sharing • CASFI: performance measurement, traffic analysis, data sharing • WIDE-mawi: DNS behavior analysis, traffic measurement, data sharing • overall, deploying probes at the network layer and measuring traffic characteristics 2 Sunday, April 25, 2010

  3. What measurement does? (from the leaders) • Kenjiro CHO ~ “AJAX generates a lot of traffic” • Brad HUFFAKER ~ “HTTP is king” • Sue MOON ~ “The Web admin left” 3 Sunday, April 25, 2010

  4. What measurement can do? • distinguishing application won’t help • we need to look deeper in the application layer • draw statistics of what is actually flowing • collect samples of what interests us 4 Sunday, April 25, 2010

  5. Common Issues in Web Security Research • we often encounter issues when evaluating proposals (systems): • lack of datasets: nothing to play with • homogeneous datasets: too much of the same thing • outdated datasets: remember the KDD Cup 1999? • unbalanced datasets: might not be representing the reality 5 Sunday, April 25, 2010

  6. Existing methods to collect JS samples (1): crawling • merits • JS may represent a small percentage • automated • solution: targeting blacklisted websites • can collect loads of data • user contribution • demerits • do not understand • Example: AJAX • can not mimic • crawler.archive.org accurately the user • target site should be wisely chosen 6 Sunday, April 25, 2010

  7. Existing methods to collect JS samples (2): analysis website • merits • solution: to encourage sharing • only malicious JS • but it will be limited to what users would • often deobfuscated want to contribute • available online • demerits • Example • size depends on user • wepawet.cs.ucsb.edu contribution • jsunpack.jeek.org • dataset is not enough varied • data is not always available 7 Sunday, April 25, 2010

  8. No solution in the wild (1) • we do not capture malicious JS because it is volatile in nature: • volatileness • obfuscation • transience • duplication • redirection • application layer • silent bidirectional communication 8 Sunday, April 25, 2010

  9. No solution in the wild (2) • no efficient crawlers • no attractive sharing platforms • small user contribution • new ways to get samples in the wild: • network probes with deep packet inspection -> overhead • browser monitoring -> privacy • logs 9 Sunday, April 25, 2010

  10. JS measurement • what to measure? is it measurable? • degree of obfuscation of benign Web 2.0 traffic: obfuscation does not indicate maliciousness • spread of JS malware: Samy was fast but noisy • JS malware code collection: overall lack of reliable datasets 10 Sunday, April 25, 2010

  11. Web 2.0 • not only a buzzword • paradigm shift: • shift in the development • shift in the usage 11 Sunday, April 25, 2010

  12. Development Shift • Rich Internet Applications (desktop) • Asynchronous Communication • Cross-domain Interaction • Web Services 12 Sunday, April 25, 2010

  13. Usage Shift • Software Consumption • Collaboration/Participation • Content Sharing • Syndication/Aggregation • Social Networking 13 Sunday, April 25, 2010

  14. Browser Model Shift • To cope with the Web 2.0 offer, the browser model has also changed: • plugins (Flash) • APIs (Ajax, custom, etc.) • interconnection (ActiveX, JavaVM) 14 Sunday, April 25, 2010

  15. 15 Sunday, April 25, 2010

  16. User is the new victim This new browser model provides a better user experience but provides the attacker with a wider attack space • server side: too many websites with too many inputs to validate or control • client side: the user is left defenseless even against deemed benign popular sites Attackers prefer to concentrate on the most vulnerable, the end-user: phishing, drive-by attacks,etc. 16 Sunday, April 25, 2010

  17. JS malware (1) • JS is a dynamic prototype-oriented event-drivent scripting language • a good tool to program automated elaborated script that can do massive harm • JS malwre: observed and defined by some security researchers (Brian Hoffman, Jeremiah Grossman, Martin Johns, etc.) 17 Sunday, April 25, 2010

  18. JS malware (2) • propagates like conventional malware • wide category regrouping JS-based malicious code • PoC: XSS tunnel/proxy/botnet • in-the-wild examples: BeEF, BrowserRider, XSS-proxy, Samy worm, Yamanner 18 Sunday, April 25, 2010

  19. Strengths of JS Malware • 1) stealth: property of going unnoticed by the user and the server • use of the XHR object • 2) polymorphism: ability of changing its form dynamically to evade signature • use of prototype hijacking • 3) obfuscation 19 Sunday, April 25, 2010

  20. JavaScript Analysis • dynamic execution [Moshchuk’07] • static/dynamic tainting [Vogt’07] • control flow graph [Guha’09] • semantics [Hou’08] • machine-learning based [Choi’09, Hou’10, Likarish’09] 20 Sunday, April 25, 2010

  21. JavaScript Deobfuscation • manual deobfuscation • semi-automated (Malzilla) • anti-analysis tricks: • recursive obfuscation • anti-crawling traps • argument.callee 21 Sunday, April 25, 2010

  22. Conclusion • Our research area suffers a great lack of reliable and representative data • We have the methods and tools to carry out analysis but no data • Measurement research has made progress not only on collection but also on efficiency • It is time to cooperate! 22 Sunday, April 25, 2010

  23. Overture • JavaScript is not the only matter of concern • VBScript, ActionScript (Flash) • new media of propagation (SNS) • distribution websites structure 23 Sunday, April 25, 2010

  24. Questions / Discussion • Thank you for your attention • Let’s start a cooperation: gregory@is.naist.jp 24 Sunday, April 25, 2010

  25. References • [Moshchuk’07]: SpyProxy: Execution-based Detection of Malicious Web Content, USENIX Security’07 • [Vogt’07]: Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis, NDSS’07 • [Hou’08]: Malicious Webpage Detection by Semantics-Aware Reasoning, ISDA’08 • [Choi’09]: Automatic Detection for JavaScript Attacks in Web Pages through String Pattern Analysis, FGIT’09 • [Guha’09]: Using Static Analysis for Ajax Intrusion Detection, WWW’09 • [Likarish’09]: Malicious Javascript Detection Using Classification Techniques, MALWARE’09 • [Hou’10]: Malicious Web Content Detection by Machine Learning, Expert Systems with Applications #37 25 Sunday, April 25, 2010

Recommend

How Calamity Days Affect Summer Retirements 1 50 343c, 6/16/1 Calamity days During

How Calamity Days Affect Summer Retirements 1 50 343c, 6/16/1 Calamity days During

STATE TEACHERS RETIREMENT SYSTEM OF OHIO How Calamity Days Affect Summer Retirements On Demand Version How Calamity Days Affect Summer Retirements 1 50 343c, 6/16/1 Calamity days During todays webinar, I will: Explain how

538 views • 9 slides
(FWE-RRK 3:1/FWE-RRK 5:1) R-ALF RESCUE KIT 3:1 / 5:1 Australia The Ferno R-ALF Rescue Kit is a

(FWE-RRK 3:1/FWE-RRK 5:1) R-ALF RESCUE KIT 3:1 / 5:1 Australia The Ferno R-ALF Rescue Kit is a

Doc ID: 00332-V1_R-ALF-RESCUE-KIT_Instructions USER INSTRUCTIONS (FWE-RRK 3:1/FWE-RRK 5:1) R-ALF RESCUE KIT 3:1 / 5:1 Australia The Ferno R-ALF Rescue Kit is a 3:1 or 5:1 ratio mechanical advantage lift system for work positioning, rescue or

195 views • 4 slides
ONTARIO MINE RESCUE ONTARIO MINE RESCUE PROGRAM PROGRAM 3 rd International Mines Rescue

ONTARIO MINE RESCUE ONTARIO MINE RESCUE PROGRAM PROGRAM 3 rd International Mines Rescue

ONTARIO MINE RESCUE ONTARIO MINE RESCUE PROGRAM PROGRAM 3 rd International Mines Rescue Conference Nashville Tennessee August 26 to September 1, 2007 1 EMERGENCY PREPAREDNESS IN THE 21 ST CENTURY 2 2 PREVENTABLE INCIDENTS! 3

445 views • 28 slides
Some Thoughts on the Financial Crisis THE LONG AND THE SHORT (TERM) OF IT The calamity in the

Some Thoughts on the Financial Crisis THE LONG AND THE SHORT (TERM) OF IT The calamity in the

Some Thoughts on the Financial Crisis THE LONG AND THE SHORT (TERM) OF IT The calamity in the mortgage market spread to other financial markets and across the world and despite the narrowing of spreads and the machinations of central banks and

337 views • 8 slides
The Measurement Manager Modular End-to-End Measurement Services Ph.D. Research Proposal

The Measurement Manager Modular End-to-End Measurement Services Ph.D. Research Proposal

The Measurement Manager Modular End-to-End Measurement Services Ph.D. Research Proposal Department of Electrical and Computer Engineering University of Maryland, College Park, MD Pavlos Papageorgiou pavlos@eng.umd.edu May 21, 2007 Ph.D.

925 views • 60 slides
St. Johns County Fire Rescue Master Plan February 2019 Fire Rescue Department Overview 911

St. Johns County Fire Rescue Master Plan February 2019 Fire Rescue Department Overview 911

St. Johns County Fire Rescue Master Plan February 2019 Fire Rescue Department Overview 911 Communications 17 Fire Rescue Stations Training 346 Full Time FTEs Public Education 70 Seasonal Marine Rescue Fire

791 views • 28 slides
CTIF Rescue and Fire Services CTIF Rescue and Fire Services on Airports on Airports CTIFs

CTIF Rescue and Fire Services CTIF Rescue and Fire Services on Airports on Airports CTIFs

CTIF Rescue and Fire Services CTIF Rescue and Fire Services on Airports on Airports CTIFs Delegates Assembly July 23rd 2009 Ostrava Czech Republic 22.5.2006 Salzburg CTIF Rescue and Fire Services on Airports CTIF Rescue and Fire

616 views • 26 slides
Measurement There are two main systems of measurement: - The English system

Measurement There are two main systems of measurement: - The English system

4 - 1 Introduction Measurement is finding a number that shows the size or amount of something. Measurement is done using measuring tools. Measurement There are two main systems of measurement: - The

438 views • 4 slides
JACKSONVILLE FIRE & RESCUE DEPARTMENT David Castleman, Chief of Rescue Fentany

JACKSONVILLE FIRE & RESCUE DEPARTMENT David Castleman, Chief of Rescue Fentany

Revised March 21, 2018 JACKSONVILLE FIRE & RESCUE DEPARTMENT David Castleman, Chief of Rescue Fentany anyl Code dein ine Oxycodo codone Heroin oin Methadon hadone Morph rphin ine

641 views • 38 slides
THE REACH AND RESCUE ADVANTAGE Longest and most successful rescue pole system in the world

THE REACH AND RESCUE ADVANTAGE Longest and most successful rescue pole system in the world

THE REACH AND RESCUE ADVANTAGE Longest and most successful rescue pole system in the world Safer for the operator Quickly and accurately deployed Low skilled technique Fast retrieval of victim Adaptable to many

148 views • 12 slides
2. Adjustable Litter Handle Litter Handle for Search and Rescue 3,453 wilderness rescue

2. Adjustable Litter Handle Litter Handle for Search and Rescue 3,453 wilderness rescue

2. Adjustable Litter Handle Litter Handle for Search and Rescue 3,453 wilderness rescue operations in the US in 2017 Manual Carries More comfortable cooperation between rescuers of different heights Product Goals More ergonomic

456 views • 11 slides
Strategies to Combat Arsenic Calamity in West Bengal, India as Madhum umita Roy , Sut Sutapa Muk

Strategies to Combat Arsenic Calamity in West Bengal, India as Madhum umita Roy , Sut Sutapa Muk

Strategies to Combat Arsenic Calamity in West Bengal, India as Madhum umita Roy , Sut Sutapa Muk ukherjee, Jaydip Jaydip Bisw Biswas Ch Chittaranj njan n Nationa nal Ca Canc ncer Ins nstitut ute, Kolkata, INDIA. Cancer caused by

373 views • 3 slides
Climate calamity Psycho-spiritual implications Sensei Kritee (Kanko), Ph.D. Interface, Feb 2016

Climate calamity Psycho-spiritual implications Sensei Kritee (Kanko), Ph.D. Interface, Feb 2016

Climate calamity Psycho-spiritual implications Sensei Kritee (Kanko), Ph.D. Interface, Feb 2016 Psycho-spiritual basis for a path forward (Neglecting any one of this tripods legs is not wholesome) Personal resilience & empowerment

647 views • 20 slides
CAPTAIN RESCUE Sponsored by: Phantom Rescue The real dangers of over-sharing online. #TMI We

CAPTAIN RESCUE Sponsored by: Phantom Rescue The real dangers of over-sharing online. #TMI We

Personal Safety & Awareness CAPTAIN RESCUE Sponsored by: Phantom Rescue The real dangers of over-sharing online. #TMI We use social media to share moments in our lives, but its important to understand the consequences of sharing

352 views • 13 slides
AND RESCUE (AMSAR) - TANZANIA Search and Rescue Organization TANZANIA SAR ORGANIZATIONAL

AND RESCUE (AMSAR) - TANZANIA Search and Rescue Organization TANZANIA SAR ORGANIZATIONAL

AERONAUTICAL AND MARITIME SEARCH AND RESCUE (AMSAR) - TANZANIA Search and Rescue Organization TANZANIA SAR ORGANIZATIONAL STRUCTURE THE PRIME MINISTERS OFFICE Disaster Management Department MINISTRY OF FINANCE AND ECONOMIC AFFAIRS MINISTRY OF

861 views • 18 slides
SARNet : Search and Rescue Network Integrated robotics systems for enhanced search-and-rescue

SARNet : Search and Rescue Network Integrated robotics systems for enhanced search-and-rescue

SARNet : Search and Rescue Network Integrated robotics systems for enhanced search-and-rescue Janna Lowensohn Timothy McDonald Alex Gray Lenora Dieyi Jose Rico Evan Inglett Abby Syndes Qian Wang Micah Corcoran Frederick Grimm

512 views • 13 slides
Traffic Measurement Activities of the WIDE project Kenjiro Cho IIJ Research Lab traffic

Traffic Measurement Activities of the WIDE project Kenjiro Cho IIJ Research Lab traffic

Traffic Measurement Activities of the WIDE project Kenjiro Cho IIJ Research Lab traffic measurement and analysis in WIDE measurement activities across research groups broad perspectives - tracking long-term trends - analysis (with wide

415 views • 12 slides
POLAND Polish mine rescue system Tasks, Structures of Polish mine rescue system The Act

POLAND Polish mine rescue system Tasks, Structures of Polish mine rescue system The Act

POLAND Polish mine rescue system Tasks, Structures of Polish mine rescue system The Act Geological and Mining Law issued in 1994, novelised in 2001 and following the Act - executing rules in mining rescue area issued in 2002 (State Decree)

491 views • 25 slides
Research Report - Winter 2015 BYU COMMS 318 PR Research and Measurement Preview Background

Research Report - Winter 2015 BYU COMMS 318 PR Research and Measurement Preview Background

Research Report - Winter 2015 BYU COMMS 318 PR Research and Measurement Preview Background Research Social Media Analysis Focus Groups Survey Summary Background Research Helping People Live the Healthiest Lives Possible

569 views • 56 slides
Mountain Rescue Service of Serbia Mountain Rescue Service of Serbia (MRS Serbia) is voluntary

Mountain Rescue Service of Serbia Mountain Rescue Service of Serbia (MRS Serbia) is voluntary

Mountain Rescue Service of Serbia Mountain Rescue Service of Serbia (MRS Serbia) is voluntary and non-for-profit organization driven primarily by the cause of helping and rescuing endangered or injured people in rough alpine terrains and

367 views • 10 slides
Confined Space Rescue Thats Where We Come In! Working in confined spaces is risky business

Confined Space Rescue Thats Where We Come In! Working in confined spaces is risky business

Confined Space Rescue Thats Where We Come In! Working in confined spaces is risky business that requires organizations to have a rescue plan. START Group provides confined space standby and rescue services designed to keep personnel safe while

125 views • 10 slides
The Development of HKFSDs High Angle Rescue Team Experience and Insight Sharing Swiss Army

The Development of HKFSDs High Angle Rescue Team Experience and Insight Sharing Swiss Army

The Development of HKFSDs High Angle Rescue Team Experience and Insight Sharing Swiss Army Knife vs Multitool Traditional High Angle Rescue Use techniques and equipment derived from Mountain Rescue High Angle Rescue in Modern City

577 views • 54 slides
CITYkeys Performance measurement of smart cities Miimu Airaksinen Research Professor VTT

CITYkeys Performance measurement of smart cities Miimu Airaksinen Research Professor VTT

CITYkeys Performance measurement of smart cities Miimu Airaksinen Research Professor VTT Technical Research Centre of Finland The goal of CITYKEYS is to provide a validated, holistic performance measurement framework for monitoring and

504 views • 32 slides
Measurement 4 - 1 Introduction Measurement is finding a number

Measurement 4 - 1 Introduction Measurement is finding a number

Measurement 4 - 1 Introduction Measurement is finding a number that shows the size or amount of something. Measurement is done using measuring tools. There are two main systems of measurement: - The

308 views • 8 slides

More recommend