1 CURELAN TECHNOLOGY Co., LTD Flowviewer FM-800A CURELAN TECHNOLOGY Co., LTD www.CureLan.com.

Slides:



Advertisements
Similar presentations
Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
Advertisements

REFLEX INTRUSION PREVENTION SYSTEM.. OVERVIEW The Reflex Interceptor appliance is an enterprise- level Network Intrusion Prevention System. It is designed.
F3 Collecting Network Based Evidence (NBE)
OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Detectability of Traffic Anomalies in Two Adjacent Networks Augustin Soule, Haakon Ringberg, Fernando Silveira, Jennifer Rexford, Christophe Diot.
Network Traffic Anomaly Detection Based on Packet Bytes Matthew V. Mahoney Florida Institute of Technology
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
1 CURELAN TECHNOLOGY Co., LTD Flowviewer FM-800A CURELAN TECHNOLOGY Co., LTD
Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.
Firewalls and Intrusion Detection Systems
Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
ANOMALY DETECTION AND CHARACTERIZATION: LEARNING AND EXPERIANCE YAN CHEN – MATT MODAFF – AARON BEACH.
Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.
1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
Design and Implementation of SIP-aware DDoS Attack Detection System.
Lecture 11 Intrusion Detection (cont)
Using Argus Audit Trails to Enhance IDS Analysis Jed Haile Nitro Data Systems
Cisco PIX 515E Firewall. Overview What a PIX Firewall can do Adaptive Security Algorithm Address Translation Cut-Through Proxy Access Control Network.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.
1 CURELAN TECHNOLOGY Co., LTD Flowviewer FM-800A CURELAN TECHNOLOGY Co., LTD
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
FIREWALL Mạng máy tính nâng cao-V1.
A Statistical Anomaly Detection Technique based on Three Different Network Features Yuji Waizumi Tohoku Univ.
Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.
Network Flow-Based Anomaly Detection of DDoS Attacks Vassilis Chatzigiannakis National Technical University of Athens, Greece TNC.
Step-by-Step Intrusion Detection using TCPdump SHADOW.
Intrusion Prevention System. Module Objectives By the end of this module, participants will be able to: Use the FortiGate Intrusion Prevention System.
1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen
Honeypot and Intrusion Detection System
Networking Functions of windows NT Sever
CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.
FlowScan at the University of Wisconsin Perry Brunelli, Network Services.
DoWitcher: Effective Worm Detection and Containment in the Internet Core S. Ranjan et. al in INFOCOM 2007 Presented by: Sailesh Kumar.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Learning Rules for Anomaly Detection of Hostile Network Traffic Matthew V. Mahoney and Philip K. Chan Florida Institute of Technology.
By Jim White WiredCity, Div. of OSIsoft Copyright c 2004 OSIsoft Inc. All rights reserved. Cyber Security Tools.
IEEE Communications Surveys & Tutorials 1st Quarter 2008.
Verify that timestamps for debugging and logging messages has been enabled. Verify the severity level of events that are being captured. Verify that the.
Open-Eye Georgios Androulidakis National Technical University of Athens.
1 Chapter 9 Intruders. 2 Outline Intruders –Intrusion Techniques –Password Protection –Password Selection Strategies –Intrusion Detection Statistical.
ACCESS CONTROL LIST.
1 CURELAN TECHNOLOGY Co., LTD Flowviewer FM-800A CURELAN TECHNOLOGY Co., LTD
Chapter 9 Intruders.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
7200 Samsung Confidential & Proprietary Information Copyright 2006, All Rights Reserved. -0/4- OfficeServ 7200 Enterprise IP Solutions - Data Server –
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—10-1 Lesson 10 Attack Guards, Intrusion Detection, and Shunning.
CS526: Information Security Chris Clifton November 25, 2003 Intrusion Detection.
DDoS flooding attack detection through a step-by-step investigation
CTC 228 – Computer Networks Fall 2015 Instructor: Robert Spengler.
© 2002, Cisco Systems, Inc. All rights reserved..
Chapter 3 TCP and IP 1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) User Datagram Protocol (UDP) Internet.
Juniper Networks Mobile Security Solution Nosipho Masilela COSC 356.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
1 CURELAN TECHNOLOGY Co., LTD Flowviewer FM-800A CURELAN TECHNOLOGY Co., LTD
Chapter 9 Intruders.
Chapter 3 TCP and IP Chapter 3 TCP and IP.
Working at a Small-to-Medium Business or ISP – Chapter 8
CURELAN TECHNOLOGY Co., LTD Flowviewer FM-800A / FM-1500A
Authors – Johannes Krupp, Michael Backes, and Christian Rossow(2016)
Firewalls at UNM 11/8/2018 Chad VanPelt Sean Taylor.
Chapter 9 Intruders.
Intrusion Detection with Neural Networks my awesome graphic ↑
Internet Protocol Formats
Statistical based IDS background introduction
Presentation transcript:

1 CURELAN TECHNOLOGY Co., LTD Flowviewer FM-800A CURELAN TECHNOLOGY Co., LTD

Slow response time Do Hackers Attack ? 2

Why do Hackers Attack ? Steal private data & credit card info 3

The Blind Spot of the IPS Equipment Feature code scheme (pattern) High error rate on the threshold setting function False Positives 4

Cyber-Intrusion== Cyber-Attack Cyber-Intrusion V.S. Attack Robber Huge Traffic / Sessions Not care being discovered 5 Cyber-Intrusion Cyber-Attack Thief Small packet Not like to be discovered

The Blind Spot of the IPS Equipment The Amount of TrafficA Number of Sessions

Network Behavior Anomaly Detection (NBAD) Detect & block attacks automatically 7 NBAD Technology Flowviewer is 64 bit solution NBAD Technology Flowviewer is 64 bit solution Picture provided by : free vector graphics Version 1 Version 2 ? TRUE ? FALSE ? High Error Rate High Error Rate

Packets Sessions (Flows) Protocol Transport protocol port Time Duration Destination IP address Source IP address Traffic Info Collected Real-Time Data Collected From The Flowviewer FM-800A

Intrusion Port scan SSH RDP Worm Attack UDP Flood Attack DOS Attack DNS Attack NTP Attack Detect and Block Intrusion & Attack

Math Formula 10 S: session P src n : source port number P dst n : destination port number T n : some time ∵ ∵

IPS ( Intrusion prevention system ) of DoS Protection Profile Threshold Function UDP_SRC_Session default 5,000 session/ second UDP_DST_Session default 5,000 session/ second UDP_Flood default 2,000 packets/ second 11

Real Case 1 A University: Event Time, 2014 / 05 / 27 05:00-06:00 12

IPS Threshold : default 5,000 session / sec Hacker can avoid IPS detection 13 The maximum session of attack is 743. Hacker can avoid IPS detection.

Real Case 2 B University: Event Time, 2015 / 07 / 21 22:00-23:00 14

IPS Threshold : default 5,000 session / sec Hacker can avoid IPS detection 15 The maximum session of attack is Hacker can avoid IPS detection.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.