Presentation is loading. Please wait.

Presentation is loading. Please wait.

Countering Denial of Information Attacks with Network Visualization Gregory Conti

Published byChristian Jennings Modified over 8 years ago

Similar presentations

Presentation on theme: "Countering Denial of Information Attacks with Network Visualization Gregory Conti"— Presentation transcript:

1 Countering Denial of Information Attacks with Network Visualization Gregory Conti www.cc.gatech.edu/~conti conti@acm.org http://plus.maths.org/issue23/editorial/information.jpg

2 Disclaimer The views expressed in this presentation are those of the author and do not reflect the official policy or position of the United States Military Academy, the Department of the Army, the Department of Defense or the U.S. Government. image: http://www.leavenworth.army.mil/usdb/standard%20products/vtdefault.htm

3 Denial of Information Attacks: Intentional Attacks that overwhelm the human or otherwise alter their decision making http://circadianshift.net/images/Virginia_Tech_1920s_NS5423_Y_small.jpg

4 http://cagle.slate.msn.com/news/EvilEmailHackers/main.asp

5 The Problem of Information Growth The surface WWW contains ~170TB (17xLOC) IM generates five billion messages a day (750GB), or 274 terabytes a year. Email generates about 400,000 TB/year. P2P file exchange on the Internet is growing rapidly. The largest files exchanged are video files larger than 100 MB, but the most frequently exchanged files contain music (MP3 files). http://www.sims.berkeley.edu/research/projects/how-much-info-2003/

6 Applying the Model & Taxonomy… http://www.butterfly-insect.com/butterfly-insect/graphic/education-pic-worldlife-on.gif

7 Defense Taxonomy (Big Picture) Microsoft, AOL, Earthlink and Yahoo file 6 antispam lawsuits (Mar 04) Federal Can Spam Legislation (Jan 04) California Business and Professions Code, prohibits the sending of unsolicited commercial email (September 98) http://www.metroactive.com/papers/metro/12.04.03/booher-0349.html First Spam Conference (Jan 03)

8 Defense Taxonomy (Big Picture) Microsoft, AOL, Earthlink and Yahoo file 6 antispam lawsuits (Mar 04) Federal Can Spam Legislation (Jan 04) California Business and Professions Code, prohibits the sending of unsolicited commercial email (September 98) http://www.metroactive.com/papers/metro/12.04.03/booher-0349.html First Spam Conference (Jan 03)

9 Human Consumer Human Producer Communication Channel Consumer Node RAM Hard Drive CPU Producer Node STM LTM Cognition Consumer Producer RAM Hard Drive CPU STM LTM Cognition Vision Hearing Speech Motor Vision Hearing Speech Motor System Model

10 Human Consumer Human Producer Communication Channel Consumer Node RAM Hard Drive CPU Producer Node STM LTM Cognition Consumer Producer RAM Hard Drive CPU STM LTM Cognition Vision Hearing Speech Motor Vision Hearing Speech Motor very small text exploit round off algorithm trigger many alerts Example DoI Attacks misleading advertisements spoof browser

11 Human Consumer Human Producer Communication Channel Consumer Node RAM Hard Drive CPU Producer Node STM LTM Cognition Consumer Producer RAM Hard Drive CPU STM LTM Cognition Vision Hearing Speech Motor Vision Hearing Speech Motor TCP Damping Usable Security Eliza Spam Responder Decompression Bombs Example DoI Defenses Computational Puzzle Solving

12 Orient Observe Act Decide Scan Subject Line Spam Delete Confirm Deletion Successful Not Spam No Observation No Action Overhead Number of Email x Time to Decide Overhead Number of Spam x Time to Delete Overhead Number of Spam x Time to Observe Total Overhead = (Number of Spam x (Time to Delete + Time to Observe))+(Number of Email X (Time to Decide + Time to Scan)) Overhead Number of Email x Time to Scan

13 For more information… G. Conti and M. Ahamad; "A Taxonomy and Framework for Countering Denial of Information Attacks;" IEEE Security and Privacy. (to be published) email me…

14 DoI Countermeasures in the Network Security Domain

15 information visualization is the use of interactive, sensory representations, typically visual, of abstract data to reinforce cognition. http://en.wikipedia.org/wiki/Information_visualization

16 rumint v.51

17

18 nmap 3 (RH8) NMapWin 3 (XP) SuperScan 3.0 (XP) SuperScan 4.0 (XP) nmap 3 UDP (RH8) nmap 3.5 (XP) scanline 1.01 (XP) nikto 1.32 (XP)

19 For more information… G. Conti and K. Abdullah; " Passive Visual Fingerprinting of Network Attack Tools;" ACM Conference on Computer and Communications Security's Workshop on Visualization and Data Mining for Computer Security (VizSEC); October 2004. --Talk PPT Slides see www.cc.gatech.edu/~conti and www.rumint.org for the tool G. Conti; "Network Attack Visualization;" DEFCON 12; August 2004. --Talk PPT Slides --Classical InfoVis Survey PPT Slides --Security InfoVis Survey PPT Slides

20 Last year at DEFCON First question… How do we attack it?

21 Malicious Visualizations…

22 Pokemon http://www.miowebitalia.com/desktop/cartoni/pokemon.jpg

23 Visual Information Overload (perception)

24 Attack Fading (memory) Image: http://www.inf.uct.cl/~amellado/gestion_en_linux/etherape.jpg http://etherape.sourceforge.net/

25 Motion Induced Blindness (perception) http://www.keck.ucsf.edu/~yoram/mib-basic.html

26 Optical Illusions (perception) http://www.ritsumei.ac.jp.nyud.net:8090/~akitaoka/index-e.html

27 Crying Wolf… (cognitive/motor) Snot vs. Snort

28 CDX 2003 Dataset X = Time Y = Destination IP Z = Destination Port Labeling Attack (algorithm)

29 AutoScale Attack/Force User to Zoom (algorithm)

30 Precision Attack (algorithm) http://developers.slashdot.org/article.pl?sid=04/06/01/1747223&mode=thread&tid=126&tid=172 http://www.nersc.gov/nusers/security/Cube.jpg

31 Occlusion (visualization design)

32 Jamming (visualization design)

33 For more information… G. Conti, M. Ahamad and J. Stasko; "Attacking Information Visualization System Usability: Overloading and Deceiving the Human;" Symposium on Usable Privacy and Security (SOUPS); July 2005. (submitted, under review) See also www.rumint.org for the tool. email me…

34 rumint v 1.15 beta

35 Network packets over time Bit 0, Bit 1, Bit 2 Length of packet - 1

36 rumint 1.15 tool overview network monitoring mode (left), clicking the small pane brings up the detailed analysis view for that visualization.

37 So what do you think…

38

39 Visual exploration of binary objects…

40 Reverse Engineering IDA Pro Dissassembler and Debugger http://www.datarescue.com/idabase/

41 Textual vs. Visual Exploration

42 binaryexplorer.exe

43 visualexplorer.exe (visual studio) calc.exe (unknown compiler) rumint.exe (visual studio) regedit.exe (unkown compiler) Comparing Executable Binaries (1 bit per pixel) mozillafirebird.exe (unknown compiler) cdex.exe (unknown compiler) apache.exe (unknown compiler) ethereal.exe (unknown compiler)

44 image.bmp image.zipimage.jpg image.pae (encrypted) Comparing Image Files (1 bit per pixel)

45 pash.mp3 disguises.mp3the.mp3 Comparing mp3 files (1 bit per pixel)

46 secvis w/Sven Krasser, Julian Grizzard, Jeff Gribschaw and Henry Owen (Georgia Tech)

47 Overview of Visualization

48

49 Overview and Detail

50 Routine Honeynet Traffic (baseline)

51 Compromised Honeypot

52 Slammer Worm

53 Constant Bitrate UDP Traffic

54 Port Sweep

55 System Performance

56 For more information… S. Krasser, G. Conti, J. Grizzard, J. Gribschaw and H. Owen; "Real-Time and Forensic Network Data Analysis Using Animated and Coordinated Visualization;" IEEE Information Assurance Workshop (IAW); June 2005. (submitted) email me…

57 Demos binary exploration rumint 1.15 secvis

58 Questions? Image: http://altura.speedera.net/ccimg.catalogcity.com/210000/211700/211780/Products/6203927.jpg Gregory Conti conti@cc.gatech.edu www.cc.gatech.edu/~conti

59 Backup Slides

60 External IP to Internal Port 6 Oct 04 13 Oct 04 20 Oct 04 27 Oct 04 30 Nov 04 One Week SnapshotsOne Month

Download ppt "Countering Denial of Information Attacks with Network Visualization Gregory Conti"

Similar presentations

Intrusion Detection/Prevention Systems Charles Poff Bearing Point.

Intrusion Detection/Prevention Systems Charles Poff Bearing Point.
6/1/2014FLOCON 2009, Scottsdale, AZ. DoD Disclaimer 6/1/2014FLOCON 2009, Scottsdale, AZ This document was prepared as a service to the DoD community.

6/1/2014FLOCON 2009, Scottsdale, AZ. DoD Disclaimer 6/1/2014FLOCON 2009, Scottsdale, AZ This document was prepared as a service to the DoD community.
ESafe Reporter V3.0 eSafe Learning and Certification Program February 2007.

ESafe Reporter V3.0 eSafe Learning and Certification Program February 2007.
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
1 Visualizing Network Attacks Eric Conrad April 2009.

1 Visualizing Network Attacks Eric Conrad April 2009.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
$200 $300 $400 $500 $100 $200 $300 $400 $500 $100 $200 $300 $400 $500 $100 $200 $300 $400 $500 $100 $200 $300 $500 $100 Category One Category Two Category.

$200 $300 $400 $500 $100 $200 $300 $400 $500 $100 $200 $300 $400 $500 $100 $200 $300 $400 $500 $100 $200 $300 $500 $100 Category One Category Two Category.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.

Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.
Hardware and Software Basics. Computer Hardware  Central Processing Unit - also called “The Chip”, a CPU, a processor, or a microprocessor  Memory (RAM)

Hardware and Software Basics. Computer Hardware  Central Processing Unit - also called “The Chip”, a CPU, a processor, or a microprocessor  Memory (RAM)
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Jayne Bernardini Peter Schunk Jan Vanecek. Presentation Outline Evolution of Security Software Company Profiles Compare System.

Jayne Bernardini Peter Schunk Jan Vanecek. Presentation Outline Evolution of Security Software Company Profiles Compare System.
Computers, The Internet & The Web Jacie Yang Texas State University.

Computers, The Internet & The Web Jacie Yang Texas State University.
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 
Introduction to Honeypot, Botnet, and Security Measurement

Introduction to Honeypot, Botnet, and Security Measurement
© 2006 Consumer Jungle Minimizing Online Risks. © 2006 Consumer Jungle 15 Steps to Minimizing Online Risks 1.Update your operating system 2.Use a firewall.

© 2006 Consumer Jungle Minimizing Online Risks. © 2006 Consumer Jungle 15 Steps to Minimizing Online Risks 1.Update your operating system 2.Use a firewall.

Similar presentations

Ads by Google