protecting internet threat monitors a statistical
play

Protecting Internet Threat Monitors: A Statistical Filtering - PowerPoint PPT Presentation

Oct 20, 2022 •253 likes •353 views

Protecting Internet Threat Monitors: A Statistical Filtering Approach Yoichi Shinoda JAIST Mapping Internet Monitors Two papers were presented/published at the 14th USENIX Security Symposium (Aug. 2005). Mapping Internet Sensors with

  1. Protecting Internet Threat Monitors: A Statistical Filtering Approach Yoichi Shinoda JAIST

  2. Mapping Internet Monitors � Two papers were presented/published at the 14th USENIX Security Symposium (Aug. 2005). � Mapping Internet Sensors with Probe Response Attacks John Bethencourt, Jason Franklin, and Mary Vernon, University of Wisconsin, Madison � Vulnerabilities of Passive Internet Threat Monitors Yoichi Shinoda, Japan Advanced Institute of Science and Technology; Ko Ikai, National Police Agency of Japan; Motomu Itoh, Japan Computer Emergency Response Team Coordination Center (JPCERT/CC)

  3. Mapping example: ISDAS marking & feedback � Marking design � Range: Address blocks assigned to 3 IXes. � Marker: UDP/137 � Was in the top-5. � Low dynamic range. � Algorithm: Time-series � Velocity: Each /24 block in an hour � Intensity: Each address were marked with 90 markers (to make 3 unit high spike in the graph of One /24 block avg. count per sensor, where hosting one sensor there are 30 sensors). was identified

  4. SD Filtering � Omit counts from sensors reporting “unusual counts”: � if (count > m + ρ×σ ) then drop; where � m = avg of all sensor counts � σ = stddev of all sensor counts � ρ = magic multiplier � The magic value is in the range 5.0 – 6.0 (and sometimes up to 7.0) for several different distributed architecture monitors.

  5. SD filtering @ 6.5 σ UDP137 Scan Count Scan Average Value corrected by standard deviation 4.0 3.5 3.0 Scan Count/hour 2.5 2.0 1.5 1.0 0.5 0.0 0 6 12 18 0 6 12 18 0 6 12 18 0 6 12 18 0 6 12 18 0 6 12 18 0 6 12 18 TIME

  6. SD Filtering @ 6.2 σ UDP137 Scan Count Scan Average Value corrected by standard deviation 4.0 3.5 3.0 Scan Count/hour 2.5 2.0 1.5 1.0 0.5 0.0 0 6 12 18 0 6 12 18 0 6 12 18 0 6 12 18 0 6 12 18 0 6 12 18 0 6 12 18 TIME

  7. SD Filtering @ 4.5 σ UDP137 Scan Count Scan Average Value corrected by standard deviation 4.0 3.5 3.0 Scan Count/hour 2.5 2.0 1.5 1.0 0.5 0.0 0 6 12 18 0 6 12 18 0 6 12 18 0 6 12 18 0 6 12 18 0 6 12 18 0 6 12 18 TIME

  8. Quartile Filtering

  9. Some Results low hits / address high Simulated Marking Result Quartile (cutoff = 1) Filtered SD ( ρ =6.0) Filtered Quartile (cutoff = 1) then SD ( ρ =6.0) Filtered

Recommend

Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential however

Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential however

Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential however it creates a threat Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled

699 views • 34 slides
The Threat Of Our Virtual Reality: October 7, 2020 Protecting your organization against the wave

The Threat Of Our Virtual Reality: October 7, 2020 Protecting your organization against the wave

Blake, Cassels & Graydon LLP | blakes.com The Threat Of Our Virtual Reality: October 7, 2020 Protecting your organization against the wave of cyber attacks ACC Ontario Chapter www.acc.com ROBERT TREMBLAY Presenters Legal Counsel,

574 views • 30 slides
Protecting children on the internet Aly Harakeh Spokesperson Business Software Alliance Eastern

Protecting children on the internet Aly Harakeh Spokesperson Business Software Alliance Eastern

Protecting children on the internet Aly Harakeh Spokesperson Business Software Alliance Eastern Mediterranean Committee alyh@microsoft.com Is the internet as dangerous as people think? (Or what is the internet?) The internet is public

340 views • 19 slides
Protecting Data in Untrusted Locations An exercise in Real World threat modeling. Jan

Protecting Data in Untrusted Locations An exercise in Real World threat modeling. Jan

Protecting Data in Untrusted Locations An exercise in Real World threat modeling. Jan Schaumann 99CE 1DC7 770A C5A8 09A6 @jschauma 0DCD 66CE 4FE9 6F6B D3D7 Me. Errday. Obligatory James Mickens This World of Ours reference.

714 views • 40 slides
Personal CyberSecurity Protecting Yourself from the Evils of the Internet Steve McEvoy March 6 th

Personal CyberSecurity Protecting Yourself from the Evils of the Internet Steve McEvoy March 6 th

Personal CyberSecurity Protecting Yourself from the Evils of the Internet Steve McEvoy March 6 th , 2020 Austin, TX The Internet has some scary s**t going on This is a self defense course Goals What is the #1 Security Risk to your

786 views • 60 slides
CryptDB Protecting Confidentiality with Encrypted Query Processing Katarzyna Baranowska

CryptDB Protecting Confidentiality with Encrypted Query Processing Katarzyna Baranowska

CryptDB Protecting Confidentiality with Encrypted Query Processing Katarzyna Baranowska University of Warsaw January 21, 2012 Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Why secure data? Medical data Contact data Payment

1.27k views • 78 slides
Protecting Free and Open Communications on the Internet Against Man-in-the-Middle Attacks on

Protecting Free and Open Communications on the Internet Against Man-in-the-Middle Attacks on

Protecting Free and Open Communications on the Internet Against Man-in-the-Middle Attacks on Third-Party Software Jeffrey Knockel, Jedidiah Crandall Computer Science Department University of New Mexico Recent News Iran: forged SSL

569 views • 27 slides
Monitors & Condition Synchronisation controller DM519 Concurrent Programming 1 Monitors

Monitors & Condition Synchronisation controller DM519 Concurrent Programming 1 Monitors

Chapter 5 Monitors & Condition Synchronisation controller DM519 Concurrent Programming 1 Monitors & Condition Synchronisation Concepts : monitors (and controllers): encapsulated data + access procedures + mutual exclusion + condition

1.02k views • 45 slides
Assessment What is Threat Assessment Threat assessment is the process of gathering

Assessment What is Threat Assessment Threat assessment is the process of gathering

Threat Assessment What is Threat Assessment Threat assessment is the process of gathering information to understand the threat of violence posed by a person. Threat management is the process of developing and executing plans to mitigate

332 views • 15 slides
Protecting against Statistical Ineffective Fault Attacks Joan Daemen, Christoph Dobraunig, Maria

Protecting against Statistical Ineffective Fault Attacks Joan Daemen, Christoph Dobraunig, Maria

Protecting against Statistical Ineffective Fault Attacks Joan Daemen, Christoph Dobraunig, Maria Eichlseder, Hannes Gross, Florian Mendel and Robert Primas CHES 2020 Motivation www.tugraz.at Using crypto in the wild requires:

964 views • 64 slides
Basics of Cryptography and Cybersecurity Protecting Against Harm That May Come via Network

Basics of Cryptography and Cybersecurity Protecting Against Harm That May Come via Network

Basics of Cryptography and Cybersecurity Protecting Against Harm That May Come via Network Access Security Goal: Confidentiality q Suppose you are a customer using a credit card to order an item from a website q Threat: - An adversary may

305 views • 27 slides
e- -NeXSh: OS Fortification NeXSh: OS Fortification e Protecting Software from Internet Malware

e- -NeXSh: OS Fortification NeXSh: OS Fortification e Protecting Software from Internet Malware

e- -NeXSh: OS Fortification NeXSh: OS Fortification e Protecting Software from Internet Malware Protecting Software from Internet Malware Gaurav S. Kc Kc, , Angelos Angelos D. D. Keromytis Keromytis Gaurav S. Columbia University

581 views • 28 slides
Real Real- -Time Systems Time Systems Monitors Monitors Monitors: (Burns & Wellings,

Real Real- -Time Systems Time Systems Monitors Monitors Monitors: (Burns & Wellings,

EDA222/DIT160 Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #7 Updated 2009-02-03 Real Real- -Time Systems Time Systems Monitors Monitors Monitors: (Burns & Wellings, Chapter 8.6) Monitors: (Burns & Wellings, Chapter 8.6)

290 views • 6 slides
The Piracy Threat Problem 1 : Unauthorized over production of IC $$ Lost revenue

The Piracy Threat Problem 1 : Unauthorized over production of IC $$ Lost revenue

The Piracy Threat Problem 1 : Unauthorized over production of IC $$ Lost revenue opportunities Synthesis, Verification & Test for Secure ICs Undesired exposure of proprietary technology Protecting Integrated Circuits Problem

94 views • 8 slides
Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to

Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to

Honeymoon Threat Restoration Rescue Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to normal living. A disaster has not yet oc- curred, but there is a sense of impending doom. Individual

604 views • 6 slides
What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape

What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape

DDoS & Modern Threat Motives Dan Holden Director, ASERT What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape Geo-poli:cal More defenses ? App/Content t a

1.13k views • 44 slides
Protecting Your Privacy Training Module Introduction How private is your Internet experience?

Protecting Your Privacy Training Module Introduction How private is your Internet experience?

Welcome to the Protecting Your Privacy Training Module Introduction How private is your Internet experience? Introduction Laws concerning the privacy of 1 personal information vary from country to country. Many of the worlds legal

576 views • 26 slides
Internet and Branding: Protecting your Trademarks and Managing your Clients Brand Presence

Internet and Branding: Protecting your Trademarks and Managing your Clients Brand Presence

Internet and Branding: Protecting your Trademarks and Managing your Clients Brand Presence Online State Capital Group 2011 Annual Meeting Washington D.C. Use of Search Engines 92% of online adults use search engines 59% of online

541 views • 22 slides
Monitoring the NZ Internet with AMP WAND Update NZNOG 2014 The Active Measurement Project

Monitoring the NZ Internet with AMP WAND Update NZNOG 2014 The Active Measurement Project

Monitoring the NZ Internet with AMP WAND Update NZNOG 2014 The Active Measurement Project Monitor machines situated throughout the NZ Internet Participating NZ ISPs Universities Alongside name servers Monitors continually

1k views • 33 slides
Summer by the Sea Now for Cafe Curiosity Monitors: you have Chat about what you see 20 In a

Summer by the Sea Now for Cafe Curiosity Monitors: you have Chat about what you see 20 In a

Monitors: you have 5 mins INTRODUCTIONS Please take it in turns to introduce yourselves to each other. Choose a name for your team on the theme of Summer by the Sea Now for Cafe Curiosity Monitors: you have Chat about what you see 20

680 views • 11 slides
Protecting the Privacy of Investors: An Overview of the Regulatory Framework & Tips on

Protecting the Privacy of Investors: An Overview of the Regulatory Framework & Tips on

Protecting the Privacy of Investors: An Overview of the Regulatory Framework & Tips on Avoiding Threats May 28, 2015 Malcolm Townsend, IT Research Analyst Overview Background Trends Threat landscape Privacy regulatory

102 views • 8 slides
Statistical Clustering of Internet Statistical Clustering of Internet Communication Patterns

Statistical Clustering of Internet Statistical Clustering of Internet Communication Patterns

Statistical Clustering of Internet Communication Patterns Talk at Interface 2003 Flix Hernndez-Campos March 13, 2003 The University of North Carolina at Chapel Hill The University of North Carolina at Chapel Hill Talk at Interface 2003

341 views • 12 slides
COMP31212: Concurrency Topics 4.1: Concurrency Patterns - Monitors Topic 4.1: Concurrency

COMP31212: Concurrency Topics 4.1: Concurrency Patterns - Monitors Topic 4.1: Concurrency

Topic 4.1: Concurrency Patterns: Monitors COMP31212: Concurrency Topics 4.1: Concurrency Patterns - Monitors Topic 4.1: Concurrency Patterns: Monitors Outline Topic 4.1: Concurrency Patterns: Monitors Monitors FSP Models-to-Java Monitors

672 views • 24 slides
Active Threat on Campus Prevention & Response Active threat defined An active threat can be

Active Threat on Campus Prevention & Response Active threat defined An active threat can be

Active Threat on Campus Prevention & Response Active threat defined An active threat can be defined as: A person whose immediate activity can cause death and/or serious injury An active threat can involve a firearm or another

395 views • 15 slides

More recommend