Presentation is loading. Please wait.

Presentation is loading. Please wait.

Northwestern Lab for Internet and Security Technology (LIST) Yan Chen ychen@cs.northwestern.edu Department of Computer Science Northwestern University.

Published byAage Langeland Modified over 5 years ago

Similar presentations

Presentation on theme: "Northwestern Lab for Internet and Security Technology (LIST) Yan Chen ychen@cs.northwestern.edu Department of Computer Science Northwestern University."— Presentation transcript:

1 Northwestern Lab for Internet and Security Technology (LIST) Yan Chen Department of Computer Science Northwestern University Global Router-based Anomaly/Intrusion Detection (GRAID) Systems Current Intrusion Detection Systems and Shortcomings Mostly host-based and not scalable to high-speed networks Mostly signature-based and cannot recognize unknown anomalies/intrusions Isolated or centralized systems Slammer worm infected 75,000 machines in <10 mins Polymorphic/new viruses/worms Insufficient info for causes, patterns and prevalence of global-scale attacks Multiple GRAID sensors interconnect through distributed hash table (DHT) for alarm fusion with Scalability Load balancing Fault-tolerance Intrusion correlation Internet IDS IDS + SFC GRAID Coverage Attack Injected CDDHT Mesh Router LAN Internet Switch (a) (b) GRAID sensor scan port Splitter (c) Online traffic recording and analysis for high-speed routers Remote aggregated sketch records Sent out for aggregation Normal flows Reversible k-ary sketch monitoring Part I Sketch-based monitoring & detection Local sketch records Sketch based statistical anomaly detection (SSAD) Streaming packet data Attach GRAID sensors to high-speed routers (a) original configuration, (b) distributed configuration for which each port is monitored separately, (c) aggregate configuration for which a splitter is used to aggregate the traffic from all the ports of a router. Keys of suspicious flows Filtering Keys of normal flows Statistical detection Sample hardware: FPGA board used to implement the sketch-based traffic stream monitoring (courtesy of Prof. Memik of ECE Dept) Signature-based detection Per-flow monitoring Network fault detection Suspicious flows Part II Per-flow monitoring & detection Traffic profile checking Integrated approach for false positive reduction Intrusion or anomaly alarms Our theme: challenges for Internet as a new infrastructure for service delivery Un-trusted: security (viruses, worms, etc.) Highly dynamic: congestion/failures Modules on the critical path Modules on the non-critical path Data path Control path Architecture of a GRAID sensor Hardware implementation of critical-path for real-time detection Tomography-based Overlay network Monitoring (TOM) Real Adaptive Streaming Media on TOM Challenge: Given an overlay of n end hosts and O(n2) paths, how to select a minimal subset of paths to monitor so that the loss rates/latency of all other paths can be inferred. X UC San Diego Stanford HP Labs Overlay network monitoring essential for Overlay routing/location VPN management/provisioning Service redirection/placement Link failure/congestion diagnosis Requirements for E2E monitoring system Scalable & efficient: small amount of probing traffic Accurate: capture congestion/failures Adaptive: nodes join/leave, topology changes Robust: tolerate measurement errors Balanced measurement load End hosts Overlay Network Operation Center UC Berkeley Our solution: Select a basis set of k paths that fully describe O(n2) paths (k = O(nlogn)). Monitor the loss rates of k paths, and infer the loss rates of all other paths Adaptive to topology changes Balanced measurement load Topology measurement error tolerance Implemented with Winamp client and SHOUTcast server Congestion introduced with a Packet Shaper Skip-free playback: server buffering and rewinding Total adaptation time < 4 seconds See our paper in Collaborators

Download ppt "Northwestern Lab for Internet and Security Technology (LIST) Yan Chen ychen@cs.northwestern.edu Department of Computer Science Northwestern University."

Similar presentations

5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Copyright © sFlow.org. 2004 All Rights Reserved sFlow & Benefits Complete Network Visibility and Control You cannot control what you cannot see.

Copyright © sFlow.org All Rights Reserved sFlow & Benefits Complete Network Visibility and Control You cannot control what you cannot see.
1 Yan Chen Northwestern Lab for Internet and Security Technology (LIST) Dept. of Computer Science Northwestern University

1 Yan Chen Northwestern Lab for Internet and Security Technology (LIST) Dept. of Computer Science Northwestern University
Tomography-based Overlay Network Monitoring UC Berkeley Yan Chen, David Bindel, and Randy H. Katz.

Tomography-based Overlay Network Monitoring UC Berkeley Yan Chen, David Bindel, and Randy H. Katz.
 Don Towsley 2000 Network Tomography for the Internet: Open Problems D. Towsley U. Massachusetts.

 Don Towsley 2000 Network Tomography for the Internet: Open Problems D. Towsley U. Massachusetts.
Northwestern Lab for Internet and Security Technology (LIST) Yan Chen Router-based Anomaly/Intrusion Detection and Mitigation (RAIDM) Systems Scalable.

Northwestern Lab for Internet and Security Technology (LIST) Yan Chen Router-based Anomaly/Intrusion Detection and Mitigation (RAIDM) Systems Scalable.
Reverse Hashing for High-speed Network Monitoring: Algorithms, Evaluation, and Applications Robert Schweller 1, Zhichun Li 1, Yan Chen 1, Yan Gao 1, Ashish.

Reverse Hashing for High-speed Network Monitoring: Algorithms, Evaluation, and Applications Robert Schweller 1, Zhichun Li 1, Yan Chen 1, Yan Gao 1, Ashish.
Tomography-based Overlay Network Monitoring and its Applications Joint work with David Bindel, Brian Chavez, Hanhee Song, and Randy H. Katz UC Berkeley.

Tomography-based Overlay Network Monitoring and its Applications Joint work with David Bindel, Brian Chavez, Hanhee Song, and Randy H. Katz UC Berkeley.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
An Algebraic Approach to Practical and Scalable Overlay Network Monitoring University of California at Berkeley David Bindel, Hanhee Song, and Randy H.

An Algebraic Approach to Practical and Scalable Overlay Network Monitoring University of California at Berkeley David Bindel, Hanhee Song, and Randy H.
Tomography-based Overlay Network Monitoring UC Berkeley Yan Chen, David Bindel, and Randy H. Katz.

Tomography-based Overlay Network Monitoring UC Berkeley Yan Chen, David Bindel, and Randy H. Katz.
Cumulative Violation For any window size  t  Communication-Efficient Tracking for Distributed Cumulative Triggers Ling Huang* Minos Garofalakis.

Cumulative Violation For any window size  t  Communication-Efficient Tracking for Distributed Cumulative Triggers Ling Huang* Minos Garofalakis.
Towards a High-speed Router-based Anomaly/Intrusion Detection System (HRAID) Zhichun Li, Yan Gao, Yan Chen Northwestern.

Towards a High-speed Router-based Anomaly/Intrusion Detection System (HRAID) Zhichun Li, Yan Gao, Yan Chen Northwestern.
Tomography-based Overlay Network Monitoring and its Applications Joint work with David Bindel, Brian Chavez, Hanhee Song, and Randy H. Katz UC Berkeley.

Tomography-based Overlay Network Monitoring and its Applications Joint work with David Bindel, Brian Chavez, Hanhee Song, and Randy H. Katz UC Berkeley.
1 Network Intrusion Detection and Mitigation Yan Chen Northwestern Lab for Internet and Security Technology (LIST) Department of Computer Science Northwestern.

1 Network Intrusion Detection and Mitigation Yan Chen Northwestern Lab for Internet and Security Technology (LIST) Department of Computer Science Northwestern.
Tomography-based Overlay Network Monitoring Hugo Angelmar Slides courtesy of (Yan Chen, David Bindel, and Randy H. Katz)

Tomography-based Overlay Network Monitoring Hugo Angelmar Slides courtesy of (Yan Chen, David Bindel, and Randy H. Katz)
1 Towards Anomaly/Intrusion Detection and Mitigation on High-Speed Networks Yan Gao, Zhichun Li, Yan Chen Northwestern Lab for Internet and Security Technology.

1 Towards Anomaly/Intrusion Detection and Mitigation on High-Speed Networks Yan Gao, Zhichun Li, Yan Chen Northwestern Lab for Internet and Security Technology.
1 Yan Chen Northwestern Lab for Internet and Security Technology (LIST) Dept. of Computer Science Northwestern University

1 Yan Chen Northwestern Lab for Internet and Security Technology (LIST) Dept. of Computer Science Northwestern University
Towards a High speed Router based Anomaly/Intrusion detection System Yan Gao & Zhichun Li.

Towards a High speed Router based Anomaly/Intrusion detection System Yan Gao & Zhichun Li.
Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study

Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study

Similar presentations

Ads by Google