Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security Lab Jelena Mirkovic Sig NewGrad presentantion.

Published byPeter Willis Modified over 7 years ago

Similar presentations

Presentation on theme: "Network Security Lab Jelena Mirkovic Sig NewGrad presentantion."— Presentation transcript:

1 Network Security Lab Jelena Mirkovic sunshine@cis.udel.edu Sig NewGrad presentantion

2 Main Research Areas Distributed Denial of Service Distributed Denial of Service Distributed defense: DefCOM Distributed defense: DefCOM Internet Worms Internet Worms Worm simulation: PAWS Worm simulation: PAWS Cooperative defense: WIN Cooperative defense: WIN Detecting new malicious executables Detecting new malicious executables Application-level Honeynets, summarizing firewall logs, predicting routing changes … Application-level Honeynets, summarizing firewall logs, predicting routing changes …

3 Distributed Denial of Service

4

5 Ideal solution! Too much traffic Attack traffic looks like legitimate

6 Distributed Denial of Service Detect attack Stop attack Differentiate between attack and legitimate traffic

7 DefCOM Distributed defense against DDoS Distributed defense against DDoS Combines nodes at: Combines nodes at: Victim – Alert generators: detect attack and alert other nodes Victim – Alert generators: detect attack and alert other nodes Core – Rate limiters: stop attack by dropping traffic Core – Rate limiters: stop attack by dropping traffic Source – Classifiers: differentiate between legitimate and attack traffic Source – Classifiers: differentiate between legitimate and attack traffic Nodes cooperate through an overlay Nodes cooperate through an overlay

8 DefCOM AG RL C C Attack! 1. Attack detection

9 DefCOM AG RL C C 2. Forming the traffic tree mark = 3 mark = 5 mark = 12 mark 56 I see mark 3! I see mark 5! I see marks 12 and 56!

10 DefCOM AG RL C C 2. Forming the traffic tree

11 DefCOM AG RL C C 3. Distributed rate-limiting 100Mbps 50Mbps

12 DefCOM AG RL C C 4. Traffic differentiation 100Mbps 50Mbps L=76 M=43 L=6 M=20 L=33 M=17 L=4 M=25

13 DefCOM AG RL C C 4. Traffic differentiation 100Mbps 50Mbps L=76 M=43 L=6 M=20 L=33 M=17 L=4 M=25

14 Internet Worms  A program that:  Scans network for vulnerable machines  Breaks into machines by exploiting the found vulnerability  Installs some piece of malicious code – backdoor, DDoS tool  Moves on  Don’t need any user action to spread  Spread very fast!

15 PAWS  Parallel worm simulator  Runs on multiple machines – gain memory and CPU resources  Can simulate greater detail than single-node simulators  Can simulate various defenses  Machines synchronize with network messages

16 WIN  Worm information network  We need fast, automatic response to stop worms  How can we detect worms  How can we devise signatures quickly and automatically  How can we share signatures with other networks  How can we accept signatures from others and be sure we won’t filter out legitimate traffic

Download ppt "Network Security Lab Jelena Mirkovic Sig NewGrad presentantion."

Similar presentations

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
CIS 459/659 – Introduction to Network Security – Spring 2005 – Class 13 – 4/5/05 1 D-WARD 1  Goal: detect attacks, reduce the attack traffic, recognize.

CIS 459/659 – Introduction to Network Security – Spring 2005 – Class 13 – 4/5/05 1 D-WARD 1  Goal: detect attacks, reduce the attack traffic, recognize.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
1 Anti Virus vs virus System i-Specific Anti-Virus Product Ali ameen al said.

1 Anti Virus vs virus System i-Specific Anti-Virus Product Ali ameen al said.
Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
 Well-publicized worms  Worm propagation curve  Scanning strategies (uniform, permutation, hitlist, subnet) 1.

 Well-publicized worms  Worm propagation curve  Scanning strategies (uniform, permutation, hitlist, subnet) 1.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.

IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.
Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.

Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Worm Defense. Outline  Internet Quarantine: Requirements for Containing Self-Propagating Code  Netbait: a Distributed Worm Detection Service  Midgard.

Worm Defense. Outline  Internet Quarantine: Requirements for Containing Self-Propagating Code  Netbait: a Distributed Worm Detection Service  Midgard.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Max Robinson Jelena Mirković DR. Peter Reiher DefCOM Motivation Distributed denial-of-service attacks require a distributed solution. Detection is more.

Max Robinson Jelena Mirković DR. Peter Reiher DefCOM Motivation Distributed denial-of-service attacks require a distributed solution. Detection is more.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
1 Computer Security: Protect your PC and Protect Yourself.

1 Computer Security: Protect your PC and Protect Yourself.
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

Similar presentations

Ads by Google