tide proactive threat detection introduction
play

TIDE: Proactive threat detection Introduction Ph.D. student from - PowerPoint PPT Presentation

Nov 27, 2022 •515 likes •1.6k views

2019-06-20 Olivier van der Toorn <o.i.vandertoorn@utwente.nl> University of Twente, Design and Analysis of Communication Systems TIDE: Proactive threat detection Introduction Ph.D. student from the University of Twente System

  1. 17 RBL comparison (2 month period) 100000 ains 10000 ber of detected dom 1000 100 10 1 0 10 20 30 40 50 60 70 80 Num Detection in advance (days)

  2. 17 RBL comparison (2 month period) 100000 ains 10000 ber of detected dom 1000 100 10 1 0 10 20 30 40 50 60 70 80 Num Detection in advance (days) 30705 Δ t < 2 days

  3. 17 RBL comparison (2 month period) 100000 ains 10000 ber of detected dom 1000 100 10 1 0 10 20 30 40 50 60 70 80 Num Detection in advance (days) 30705 1972 Δ t < 2 days Δ t ≥ 2 days

  4. 17 RBL comparison (2 month period) 100000 ains 10000 ber of detected dom 1000 100 10 1 0 10 20 30 40 50 60 70 80 Num Detection in advance (days) 1154 30705 1972 Δ t < 2 days Δ t ≥ 2 days

  5. 17 RBL comparison (2 month period) 100000 ains 10000 ber of detected dom 1000 100 10 1 0 10 20 30 40 50 60 70 80 Num Detection in advance (days) 1105 1154 30705 1972 Δ t < 2 days Δ t ≥ 2 days

  6. 17 RBL comparison (2 month period) 100000 ains 10000 ber of detected dom 1000 100 10 1 0 10 20 30 40 50 60 70 80 Num Detection in advance (days) 971 1105 1154 30705 1972 Δ t < 2 days Δ t ≥ 2 days

  7. 17 RBL comparison (2 month period) 100000 ains 10000 ber of detected dom 1000 100 10 1 0 10 20 30 40 50 60 70 80 Num Detection in advance (days) 949 971 1105 1154 30705 1972 Δ t < 2 days Δ t ≥ 2 days

  8. 18 RBL comparison (9 month period) Number of detected domains 10000 1000 100 10 1 0 20 40 60 80 100 120 140 160 180 Detection in advance (days) 205 1305 57724 6710 Δ t < 2 days Δ t ≥ 2 days

  9. 19 SURFnet evaluation daadzgam.com Domain names realdrippy.com coachspoke.com stillscratch.com homerope.com quittradition.com 2017-05-24 2017-06-23 2017-07-23 Observation dates

  10. 20 SURFnet evaluation daadzgam.com Domain names realdrippy.com coachspoke.com stillscratch.com homerope.com quittradition.com 2017-05-24 2017-06-23 2017-07-23 Observation dates

  11. 20 SURFnet evaluation daadzgam.com Domain names Detected realdrippy.com Blacklisted coachspoke.com stillscratch.com homerope.com quittradition.com 2017-05-24 2017-06-23 2017-07-23 Observation dates

  12. • 45% of received emails fall in this category 20 • 18% of observed domains fall in this category SURFnet evaluation daadzgam.com Domain names Detected realdrippy.com Blacklisted coachspoke.com stillscratch.com homerope.com quittradition.com 2017-05-24 2017-06-23 2017-07-23 Observation dates Δ t < 2 days

  13. • 17% of received emails fall in this category 20 • 26% of observed domains fall in this category SURFnet evaluation daadzgam.com Domain names Detected realdrippy.com Blacklisted coachspoke.com stillscratch.com homerope.com quittradition.com 2017-05-24 2017-06-23 2017-07-23 Observation dates Δ t ≥ 2 days

  14. • 38% of received emails fall in this category • 57% of observed domains fall in this category 20 SURFnet evaluation daadzgam.com Domain names Detected realdrippy.com Blacklisted coachspoke.com stillscratch.com homerope.com quittradition.com 2017-05-24 2017-06-23 2017-07-23 Observation dates ? domain not on existing blacklist yet

  15. • 59% of these emails have not been marked as spam • 41% of emails were received in the purple areas 20 SURFnet evaluation daadzgam.com Domain names Detected realdrippy.com Blacklisted coachspoke.com stillscratch.com homerope.com quittradition.com 2017-05-24 2017-06-23 2017-07-23 Observation dates

  16. Use case: DDoS domains

  17. In DDoS attacks the amplification factor is important. Domains crafted for DDoS attacks typically have: • Many records • Long (TXT) records 21 DDoS domains

  18. In DDoS attacks the amplification factor is important. Domains crafted for DDoS attacks typically have: • Many records • Long (TXT) records 21 DDoS domains

  19. Possible methodology could be: 1. Filter domains with more than average number of records, or longer than average TXT record 2. Gather the records for the past X days 3. Determine trend lines 4. Predict the size of the domain, say, ten days from now 5. Flag the domain if the predicted size is above a certain threshold 22 Lifetime of a DDoS domain 4000 A NS 3500 SOA Estimated ANY size (bytes) 3000 TXT 2500 Attacks observed 2000 1500 1000 500 0 2 3 4 5 6 7 8 9 0 0 0 0 0 0 0 0 - - - - - - - - 5 5 5 5 5 5 5 5 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2

  20. Possible methodology could be: 1. Filter domains with more than average number of records, or longer than average TXT record 2. Gather the records for the past X days 3. Determine trend lines 4. Predict the size of the domain, say, ten days from now 5. Flag the domain if the predicted size is above a certain threshold 22 Lifetime of a DDoS domain 4000 A NS 3500 SOA Estimated ANY size (bytes) 3000 TXT 2500 Attacks observed 2000 1500 1000 500 0 2 3 4 5 6 7 8 9 0 0 0 0 0 0 0 0 - - - - - - - - 5 5 5 5 5 5 5 5 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2

  21. Possible methodology could be: 1. Filter domains with more than average number of records, or longer than average TXT record 2. Gather the records for the past X days 3. Determine trend lines 4. Predict the size of the domain, say, ten days from now 5. Flag the domain if the predicted size is above a certain threshold 22 Lifetime of a DDoS domain 4000 A NS 3500 SOA Estimated ANY size (bytes) 3000 TXT 2500 Attacks observed 2000 1500 1000 500 0 2 3 4 5 6 7 8 9 0 0 0 0 0 0 0 0 - - - - - - - - 5 5 5 5 5 5 5 5 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2

  22. Possible methodology could be: 1. Filter domains with more than average number of records, or longer than average TXT record 2. Gather the records for the past X days 3. Determine trend lines 4. Predict the size of the domain, say, ten days from now 5. Flag the domain if the predicted size is above a certain threshold 22 Lifetime of a DDoS domain 4000 A NS 3500 SOA Estimated ANY size (bytes) 3000 TXT 2500 Attacks observed 2000 1500 1000 500 0 2 3 4 5 6 7 8 9 0 0 0 0 0 0 0 0 - - - - - - - - 5 5 5 5 5 5 5 5 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2

  23. Possible methodology could be: 1. Filter domains with more than average number of records, or longer than average TXT record 2. Gather the records for the past X days 3. Determine trend lines 4. Predict the size of the domain, say, ten days from now 5. Flag the domain if the predicted size is above a certain threshold 22 Lifetime of a DDoS domain 4000 A NS 3500 SOA Estimated ANY size (bytes) 3000 TXT 2500 Attacks observed 2000 1500 1000 500 0 2 3 4 5 6 7 8 9 0 0 0 0 0 0 0 0 - - - - - - - - 5 5 5 5 5 5 5 5 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2

  24. Possible methodology could be: 1. Filter domains with more than average number of records, or longer than average TXT record 2. Gather the records for the past X days 3. Determine trend lines 4. Predict the size of the domain, say, ten days from now 5. Flag the domain if the predicted size is above a certain threshold 22 Lifetime of a DDoS domain 4000 A NS 3500 SOA Estimated ANY size (bytes) 3000 TXT 2500 Attacks observed 2000 1500 1000 500 0 2 3 4 5 6 7 8 9 0 0 0 0 0 0 0 0 - - - - - - - - 5 5 5 5 5 5 5 5 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2

  25. Possible methodology could be: 1. Filter domains with more than average number of records, or longer than average TXT record 2. Gather the records for the past X days 3. Determine trend lines 4. Predict the size of the domain, say, ten days from now 5. Flag the domain if the predicted size is above a certain threshold 22 Lifetime of a DDoS domain 4000 A NS 3500 SOA Estimated ANY size (bytes) 3000 TXT 2500 Attacks observed 2000 1500 1000 500 0 2 3 4 5 6 7 8 9 0 0 0 0 0 0 0 0 - - - - - - - - 5 5 5 5 5 5 5 5 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2

  26. Possible methodology could be: 1. Filter domains with more than average number of records, or longer than average TXT record 2. Gather the records for the past X days 3. Determine trend lines 4. Predict the size of the domain, say, ten days from now 5. Flag the domain if the predicted size is above a certain threshold 22 Lifetime of a DDoS domain 4000 A NS 3500 SOA Estimated ANY size (bytes) 3000 TXT 2500 Attacks observed 2000 1500 1000 500 0 2 3 4 5 6 7 8 9 0 0 0 0 0 0 0 0 - - - - - - - - 5 5 5 5 5 5 5 5 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2

  27. Use case: DNS TXT records

  28. • 1.2% falls in the ‘other’ category 23 • Majority of TXT records are related to email (~70%) DNS TXT records 80 M Crypto Coins 70 M Email TXT records Number of Encoded 60 M Miscellaneous 50 M Other 40 M Patterns Verification 30 M 20 M 2015-07 2016-01 2016-07 2017-01 2017-07 2018-01 2018-07 Date

  29. • 1.2% falls in the ‘other’ category 23 • Majority of TXT records are related to email (~70%) DNS TXT records 80 M Crypto Coins 70 M Email TXT records Number of Encoded 60 M Miscellaneous 50 M Other 40 M Patterns Verification 30 M 20 M 2015-07 2016-01 2016-07 2017-01 2017-07 2018-01 2018-07 Date

  30. • 1.2% falls in the ‘other’ category 23 • Majority of TXT records are related to email (~70%) DNS TXT records 80 M Crypto Coins 70 M Email TXT records Number of Encoded 60 M Miscellaneous 50 M Other 40 M Patterns Verification 30 M 20 M 2015-07 2016-01 2016-07 2017-01 2017-07 2018-01 2018-07 Date

  31. One of the hightlights of this ‘other’ category is single character records. • More than 278K TXT records consisting of a single charcter • Majority contains a ~ • Almost all of these domains are hosted in the same AS 24 DNS TXT records

  32. One of the hightlights of this ‘other’ category is single character records. • More than 278K TXT records consisting of a single charcter • Majority contains a ~ • Almost all of these domains are hosted in the same AS 24 DNS TXT records

  33. One of the hightlights of this ‘other’ category is single character records. • More than 278K TXT records consisting of a single charcter • Majority contains a ~ • Almost all of these domains are hosted in the same AS 24 DNS TXT records

  34. One of the hightlights of this ‘other’ category is single character records. • More than 278K TXT records consisting of a single charcter • Majority contains a ~ • Almost all of these domains are hosted in the same AS 24 DNS TXT records

  35. 25 DNS TXT records

  36. • Generally, no Are these records useful for threat detection? • The ‘~’; case could be an identifier for domains from a specific AS 26 DNS TXT records

  37. Use case: Combo-squat domains

  38. Many types of squatting domains: Type Example (target: utwente.nl) Typosquatting utwent.nl Combosquatting utwente-login.nl Bitsquatting utwenpe.nl Homograph-Based squatting utvvente.nl 27 Combo-squat: What is a combo-squat domain?

  39. We started out by developing a general machine-learning based detection model. Feeding the detection model a list of trademarks worked a lot better! Trademark Number of domains Apple 8751 Paypal 1241 Microsoft 711 28 Combo-squat: A general approach?

  40. We started out by developing a general machine-learning based detection model. Feeding the detection model a list of trademarks worked a lot better! Trademark Number of domains Apple 8751 Paypal 1241 Microsoft 711 28 Combo-squat: A general approach?

  41. We started out by developing a general machine-learning based detection model. Feeding the detection model a list of trademarks worked a lot better! Trademark Number of domains Apple 8751 Paypal 1241 Microsoft 711 28 Combo-squat: A general approach?

  42. 29 However, a larger problem is the life time of a combosquat domain. Combo-squat: The problems with a generic approach

  43. 29 However, a larger problem is the life time of a combosquat domain. Combo-squat: The problems with a generic approach

  44. Where it works: • Snowshoe spam domains Where it might work: • DDoS Domains • Malicious TXT records Where it doesn’t work: • Combo-squat domains 30 Use cases

  45. Where it works: • Snowshoe spam domains Where it might work: • DDoS Domains • Malicious TXT records Where it doesn’t work: • Combo-squat domains 30 Use cases

  46. Where it works: • Snowshoe spam domains Where it might work: • DDoS Domains • Malicious TXT records Where it doesn’t work: • Combo-squat domains 30 Use cases

  47. Reflection

  48. What have we learned from these use cases? • The data needs to contain hints • This approach works for relatively long setup times (in our case >1d) 31 Reflection

  49. What have we learned from these use cases? • The data needs to contain hints • This approach works for relatively long setup times (in our case >1d) 31 Reflection

  50. What have we learned from these use cases? • The data needs to contain hints • This approach works for relatively long setup times (in our case >1d) 31 Reflection

  51. 32 We realize that our solution is not perfect. Improvement?

  52. We think the “ultimate” solution is to combine passive and active measurements. We realize that our solution is not perfect. 32 Improvement?

Recommend

A Layered Approach to Insider Threat Detection and Proactive Forensics Phillip G. Bradford, Ning

A Layered Approach to Insider Threat Detection and Proactive Forensics Phillip G. Bradford, Ning

A Layered Approach to Insider Threat Detection and Proactive Forensics Phillip G. Bradford, Ning Hu University of Alabama Tuscaloosa, AL 35487 ACSAC Dec. 5-9, 2005 Insider threats Definition Menaces to computer security as a result of

131 views • 11 slides
Insider Threat Insider Threat (Database Intrusion Detection) 1 Insider Threats: Motivation and

Insider Threat Insider Threat (Database Intrusion Detection) 1 Insider Threats: Motivation and

Insider Threat Insider Threat (Database Intrusion Detection) 1 Insider Threats: Motivation and Challenges Challenges Mission critical information = High value target Threatens Government organizations and large corporations

435 views • 39 slides
Counterintelligence &amp; Insider Threat Detection National Insider Threat Special Interest Group

Counterintelligence &amp; Insider Threat Detection National Insider Threat Special Interest Group

Counterintelligence &amp; Insider Threat Detection National Insider Threat Special Interest Group July 18, 2017 Douglas D. Thomas Director, Counterintelligence Operations &amp; Corporate Investigations Lockheed Martin Counterintelligence

706 views • 16 slides
Analysis of Bypassing Detection by Microsoft Advanced Threat Analytics Edgar Bohte and Nick

Analysis of Bypassing Detection by Microsoft Advanced Threat Analytics Edgar Bohte and Nick

Analysis of Bypassing Detection by Microsoft Advanced Threat Analytics Edgar Bohte and Nick Offerman Research Project 2 #72 Introduction - Advanced Threat Analytics (ATA) Microsoft Active Directory (AD) On-premise Post-Infiltration

439 views • 25 slides
Highest Astronomical Tide for Pacific Countys SMP update HIGHEST ASTRONOMICAL TIDE (HAT) The

Highest Astronomical Tide for Pacific Countys SMP update HIGHEST ASTRONOMICAL TIDE (HAT) The

Highest Astronomical Tide for Pacific Countys SMP update HIGHEST ASTRONOMICAL TIDE (HAT) The elevation of the highest predicted astronomical tide expected to occur at a specific time station over the National Tidal Datum Epoch (NTDE) (NOAA;

813 views • 4 slides
Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Tom Ueltschi, Swiss

Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Tom Ueltschi, Swiss

Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Tom Ueltschi, Swiss Post CERT Botconf 2016 | Advanced Incident Detection and Threat Hunting using Sysmon and Splunk | Tom Ueltschi | TLP-WHITE Seite 1 C:\&gt; whoami /all

1.34k views • 115 slides
Detection of topological order with quantum simulators EU FET-Proactive QUIC a FNP i n o f

Detection of topological order with quantum simulators EU FET-Proactive QUIC a FNP i n o f

AvH Feodor Lynen EU IP SIQS Advanced ERC Grant: Advanced ERC Grant: MPG QUAGATUA OSYRIS MPI Garching SGR 874 CERCA/Program Detection of topological order with quantum simulators EU FET-Proactive QUIC a FNP i n o f Polish

890 views • 73 slides
Proactive Detection of Inadequate Diagnostic Messages for Software Configuration Errors Sai

Proactive Detection of Inadequate Diagnostic Messages for Software Configuration Errors Sai

Proactive Detection of Inadequate Diagnostic Messages for Software Configuration Errors Sai Zhang Michael D. Ernst Google Research University of Washington Goal : helping developers improve software error diagnostic messages Input data

806 views • 38 slides
Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Tom Ueltschi, Swiss

Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Tom Ueltschi, Swiss

Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Tom Ueltschi, Swiss Post CERT FIRST-TC 2018 | Advanced Incident Detection and Threat Hunting using Sysmon and Splunk | Tom Ueltschi | TLP-WHITE Seite 1 C:\&gt; whoami

1.73k views • 128 slides
Differentiating tide-influenced and tide-dominated deltas: Devonian Baltic Basin Piret

Differentiating tide-influenced and tide-dominated deltas: Devonian Baltic Basin Piret

Differentiating tide-influenced and tide-dominated deltas: Devonian Baltic Basin Piret Plink-Bjorklund MAIN POINTS: - facies, architecture &amp; stratigraphy of tide-influenced and dominated deltas - the nature of tidal signatures in both

624 views • 28 slides
Preparing For The Rising Tide Designing with Water Preparing For The Rising Tide Published

Preparing For The Rising Tide Designing with Water Preparing For The Rising Tide Published

Preparing For The Rising Tide Designing with Water Preparing For The Rising Tide Published February 2013 Maps Bostons vulnerability to coastal flooding Encourages property owners in today and tomorrows flood zone to know

283 views • 26 slides
High Tide Technologies, LLC Advances In Telemetry- Satellite Telemetry COMPANY INTRODUCTION

High Tide Technologies, LLC Advances In Telemetry- Satellite Telemetry COMPANY INTRODUCTION

High Tide Technologies, LLC Advances In Telemetry- Satellite Telemetry COMPANY INTRODUCTION High Tide Technologies, LLC Satellite SCADA Provider Easy to Install Hardware Web-based Software Satellite Communications 24x7

310 views • 27 slides
53-74% Average anti-virus effectiveness against new threats* * RAP Proactive 400 New threats

53-74% Average anti-virus effectiveness against new threats* * RAP Proactive 400 New threats

53-74% Average anti-virus effectiveness against new threats* * RAP Proactive 400 New threats every minute* * Merrill Lynch ...Causing $3T USD in costs, and expected to double by 2021* * CyberSecurity Ventures (2015) Todays threat

508 views • 35 slides
C The TIDE Project www.mbl.edu/tide Whole-ecosystem manipulations in Plum Island Estuary, MA

C The TIDE Project www.mbl.edu/tide Whole-ecosystem manipulations in Plum Island Estuary, MA

Ecosystem Services C The TIDE Project www.mbl.edu/tide Whole-ecosystem manipulations in Plum Island Estuary, MA Target conc. NO 3 - : (70 uM; 1 mg/L) 15x reference creeks May September, Since 2004 Reference Creek System 8 Years after

279 views • 8 slides
Proactive Detection of Network Security Incidents A Study Andrea Dufkova (ENISA) Piotr

Proactive Detection of Network Security Incidents A Study Andrea Dufkova (ENISA) Piotr

Proactive Detection of Network Security Incidents A Study Andrea Dufkova (ENISA) Piotr Kijewski (CERT Polska/NASK) FIRST 2012 Conference 21st June 2012, Malta www.enisa.europa.eu OUR TALK TODAY i. Links with ENISA work ii. Facts

701 views • 38 slides
ACCELERATING CYBER THREAT DETECTION WITH GPU Joshua Patterson | Director of Applied Solutions

ACCELERATING CYBER THREAT DETECTION WITH GPU Joshua Patterson | Director of Applied Solutions

ACCELERATING CYBER THREAT DETECTION WITH GPU Joshua Patterson | Director of Applied Solutions Engineering | GTC Israel 2017 @datametrician RULES &amp; PEOPLE DONT SCALE Current methods are too slow Right now, financial services reports it

685 views • 57 slides
Proactive Detection of Collaboration Conflicts Yuriy Brun Reid Holmes Michael D. Ernst David

Proactive Detection of Collaboration Conflicts Yuriy Brun Reid Holmes Michael D. Ernst David

Proactive Detection of Collaboration Conflicts Yuriy Brun Reid Holmes Michael D. Ernst David Notkin University of Washington University of Waterloo Have you ever made a mistake while programming and only realized it later? design

505 views • 50 slides
ERP Air Force: Conservation Threat Detection The Capstone Experience Team Evolutio Maddie Jones

ERP Air Force: Conservation Threat Detection The Capstone Experience Team Evolutio Maddie Jones

Alpha Presentation ERP Air Force: Conservation Threat Detection The Capstone Experience Team Evolutio Maddie Jones Jason Kirsch Qingyang Li Logan McDonald Drew Schnieller Department of Computer Science and Engineering Michigan State

249 views • 9 slides
ERP Air Force: Conservation Threat Detection The Capstone Experience Team Evolutio Maddie Jones

ERP Air Force: Conservation Threat Detection The Capstone Experience Team Evolutio Maddie Jones

Project Plan ERP Air Force: Conservation Threat Detection The Capstone Experience Team Evolutio Maddie Jones Jason Kirsch Qingyang Li Logan McDonald Drew Schnieller Department of Computer Science and Engineering Michigan State University

419 views • 13 slides
Assessment What is Threat Assessment Threat assessment is the process of gathering

Assessment What is Threat Assessment Threat assessment is the process of gathering

Threat Assessment What is Threat Assessment Threat assessment is the process of gathering information to understand the threat of violence posed by a person. Threat management is the process of developing and executing plans to mitigate

332 views • 15 slides
How to become a True stories to become a proactive developer! proactive developer? PRESENTED

How to become a True stories to become a proactive developer! proactive developer? PRESENTED

How to become a True stories to become a proactive developer! proactive developer? PRESENTED BY Eduardo Telaya Software arquitect Whats Inside What does it mean to be proactive 7 developer? How to find opportunities to be 14

587 views • 21 slides
AN INTRODUCTION TO THREAT MODELING IN PRACTICE Thorsten Tarrach, Christoph Schmittner WHAT IS

AN INTRODUCTION TO THREAT MODELING IN PRACTICE Thorsten Tarrach, Christoph Schmittner WHAT IS

AN INTRODUCTION TO THREAT MODELING IN PRACTICE Thorsten Tarrach, Christoph Schmittner WHAT IS THREAT MODELING Introduction WHAT IS THREAT MODELING Structured Process Examination of a system for potential weaknesses

391 views • 28 slides
Short Introduction to Parallelism, Grid and ProActive, Distributed Objects and Components (GCM)

Short Introduction to Parallelism, Grid and ProActive, Distributed Objects and Components (GCM)

Short Introduction to Parallelism, Grid and ProActive, Distributed Objects and Components (GCM) Denis Caromel, et al. http://ProActive.ObjectWeb.org OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis, IUF Denis Caromel 1

442 views • 29 slides
Next Steps Tide Gate Literature Review Renee Davis and Ken Fetcho October 2018 OWEB Board

Next Steps Tide Gate Literature Review Renee Davis and Ken Fetcho October 2018 OWEB Board

Next Steps Tide Gate Literature Review Renee Davis and Ken Fetcho October 2018 OWEB Board meeting OWEBs Tide Gate Investments Tide Gate Tide Gate Removals for Replacements for Species and Water Species and Water Quality Benefits

328 views • 5 slides

More recommend