Integrating BotMiner and SNARE into SMITE Nick Feamster and Wenke Lee Students: Shuang Hao and Junjie Zhang Georgia Tech.

Slides:

Advertisements

Similar presentations

Symantec 2010 Windows 7 Migration EMEA Results. Methodology Applied Research performed survey 1,360 enterprises worldwide SMBs and enterprises Cross-industry.

Advertisements

Symantec 2010 Windows 7 Migration Global Results.

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Data Mining Challenges for Network Management Nick Feamster, Georgia Tech Dave Andersen, CMU (joint with Jay Lepreau and Emulab)

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Guofei Gu1,2, Roberto Perdisci3, Junjie Zhang1,

Campus Testbed for Network Management and Operations Nick Feamster Georgia Tech Joint with Ankur Nayak, Russ Clark, Ron Hutchins, Campus OIT Also input.

1 Integrating BotMiner & SNARE into SMITE Nick Feamster and Wenke Lee Georgia Tech Students: Shuang Hao, Junjie Zhang.

1 Network-Level Spam Detection Nick Feamster Georgia Tech.

6/1/2014FLOCON 2009, Scottsdale, AZ. DoD Disclaimer 6/1/2014FLOCON 2009, Scottsdale, AZ This document was prepared as a service to the DoD community.

Solving Manufacturing Equipment Monitoring Through Efficient Complex Event Processing Tilmann Rabl, Kaiwen Zhang, Mohammad Sadoghi, Navneet Kumar Pandey,

ArcGIS Server Architecture at the DNR GIS/LIS Conference, October 2013.

The Protein Folding Problem David van der Spoel Dept. of Cell & Mol. Biology Uppsala, Sweden

Dawei Lin, Ph.D. Director, Bioinformatics Core UC Davis Genome Center July 20, 2008, SLIMS (Solexa sequencing.

1 A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection 許富皓資訊工程學系中央大學 1.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

Target Learning for Wireless Sensor Networks Prasanth Jeevan.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Motor Vehicle Inspector. About Mobile vehicle Inspector is application for traffic check post officers to fine and maintain the records for the defaulting.

Big Data and Hadoop and DLRL Introduction to the DLRL Hadoop Cluster Sunshin Lee and Edward A. Fox DLRL, CS, Virginia Tech 21 May 2015 presentation for.

Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray,

 The processor number is one of several factors, along with processor brand, specific system configurations and system-level benchmarks, to be.

COMPARISONS 64-bit Intel Xeon X Ghz processors –12 processors sharing 48 GB RAM –Each BARON run restricted to single processor All experiments.

Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology USENIX Security '08 Presented by Lei Wu.

Toward a Statistical Framework for Source Anonymity in Sensor Networks.

Annotating Search Results from Web Databases. Abstract An increasing number of databases have become web accessible through HTML form-based search interfaces.

ADVANCE FORENSIC WORKSTATION. SPECIFICATION Mother board : Xeon 5000 Series Server Board support 667MHz, 1066MHz and 1333MHz1 Processor : Two Intel Quad.

Technology Expectations in an Aeros Environment October 15, 2014.

WARNINGBIRD: A Near Real-time Detection System for Suspicious URLs in Twitter Stream.

Serial vs.Parallel Computing Scalable Perf. vs. Availability

Cross-Domain Privacy-Preserving Cooperative Firewall Optimization.

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Guofei Gu, Roberto Perdisci, Junjie Zhang, and.

Zak Lowman Shaquille Wilkins. $10,000 Budget Server  Hardware HP ProLiant ML 100 G6  Intel Xeon X3430 Processor (4 core, 2.40 GHz)  2GB DDR3 RAM 

AUTHORS: STIJN POLFLIET ET. AL. BY: ALI NIKRAVESH Studying Hardware and Software Trade-Offs for a Real-Life Web 2.0 Workload.

CERN - IT Department CH-1211 Genève 23 Switzerland t Tier0 database extensions and multi-core/64 bit studies Maria Girone, CERN IT-PSS LCG.

“ PC  PC Latency measurements” G.Lamanna, R.Fantechi & J.Kroon (CERN) TDAQ WG –

Summary of Alma-OSF’s Evaluation of MongoDB for Monitoring Data Heiko Sommer June 13, 2013 Heavily based on the presentation by Tzu-Chiang Shen, Leonel.

Hosting on a managed server hosted by TAG  No technical support required  Full backup of database and files  RAID 5 system means that if a hard drive.

A System for Denial-of- Service Attack Detection Based on Multivariate Correlation Analysis.

Emergency Vehicle Detector for Use in Consumer’s Motor Vehicle Georgia Institute of Technology School of Electrical and Computer Engineering ECE 4007.

Metadata Management of Terabyte Datasets from an IP Backbone Network: Experience and Challenges Sue B. Moon and Timothy Roscoe.

APAN SIP SERVER Hosted at the APAN Tokyo XP Thanks to  Prof. Konishi for organizing this  Takatoshi Ikeda/ KDDI for mounting the server at APAN TokyoXP.

Alexander Krieg (DESY-IT) - HEPiX Spring May

Twitsper: Tweeting Privately. Abstract Although online social networks provide some form of privacy controls to protect a user's shared content from other.

Introducing the NEW Apple iBook Laptop Computer Anthony Shaffo NEW.

Workshop - November Toulouse (SoC toolKit for critical Embedded sysTems) Thales Use Case: Pedestrian tracking with smart cameras SoCKET Collaborative.

Real-Time Simulation of 3-Level STATCOM With 72 Switches Topology OPAL-RT TECHNOLOGIES Montreal, Quebec, Canada EMS Rev. 001, October 20,

Implementation of SCENS Yan Zhao. Current Status Current implementation is web-based –

July 2013 Elastic Offloading by Dale Denis. Dale Denis The Elastic Offloading of Computationally Intensive Tasks to the Cloud to Augment the Computing.

Emergency Vehicle Detector for use in Consumer’s Motor Vehicle Georgia Institute of Technology School of Electrical and Computer Engineering ECE 4007 Ehren.

1 GFDL Data Portal Current Status, Achievements and Future Development NOAATECH-2006 K.Dixon, V.Balaji, S.Nikonov GFDL, Princeton.

Multiparty Access Control for Online Social Networks : Model and Mechanisms.

Computerised Business Systems, Inc. Charlie G. Hinders President Softwar e Solutions FOR THE TELECOMMUNICATIONS INDUSTRY.

Presented By: Mohammed Al-Mehdhar Presentation Outline Introduction Approaches Implementation Evaluation Conclusion Q & A.

2009/6/221 BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure- Independent Botnet Detection Reporter : Fong-Ruei, Li Machine.

Lab Activities 1, 2. Some of the Lab Server Specifications CPU: 2 Quad(4) Core Intel Xeon 5400 processors CPU Speed: 2.5 GHz Cache : Each 2 cores share.

AMS02 Software and Hardware Evaluation A.Eline. Outline  AMS SOC  AMS POC  AMS Gateway Computer  AMS Servers  AMS ProductionNodes  AMS Backup Solution.

Online Newspaper CMS 1 Date: 27/12/2012. Contents Introduction Project Management Requirement Specifications Design Description Test Documentation Summary.

J & H Automotive “Fast, Reliable Service… Guaranteed”

VM Layout. Virtual Machine (Ubuntu Server) VM x.x You can putty into this machine from on campus. Or you can use vSphere to control the hardware.

M. Bellato INFN Padova and U. Marconi INFN Bologna

LCG 3D Distributed Deployment of Databases

Distributed Network Traffic Feature Extraction for a Real-time IDS

ISAM 5338 Project Business Plan

Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee

ورود اطلاعات بصورت غيربرخط

Declarative Transfer Learning from Deep CNNs at Scale

GRAPHIC ALARM MANAGEMENT SYSTEM

COMP4442 Cloud Computing: Assignment 1

Wei Zhang, Jinho Hwang, Shriram Rajagopal, k. k

Presentation transcript:

Integrating BotMiner and SNARE into SMITE Nick Feamster and Wenke Lee Students: Shuang Hao and Junjie Zhang Georgia Tech

Current Status Implementations using flows from pipeline –SNARE (Perl + R), uses SMTP (port 25) –BotMiner (Java + R + MySQL) Offline performance evaluation BotMiner SNARE

Evaluation Configuration: –1 day of packet capture from university network –2-processor dual-core Intel Xeon 2.0 GHz, with 8 GB of RAM SNARE –Extract features (Perl): seconds, 72 MB –Training (R): seconds, 3.3 GB –Detection time (R): 3.13 seconds, 120 MB BotMiner –Prune, insert into DB: 25,200 seconds –Aggregate c-flows: 61 seconds –Cross-plane correlation: 175 seconds

Next Steps Re-design aspects of SNARE for online detection (currently, works on labeled datasets) Online evaluation in the university network Applying sampling to improve the performance