SlideShare a Scribd company logo

Malicious traffic

I
Ishraq Al Fataftah

This document discusses malicious traffic on computer networks. It defines malicious traffic as any traffic anomalies caused by hardware/software failures or intentionally modified internet packets. Several types of malicious traffic are described, including scanners, worms, spam, backscatter, and denial-of-service (DOS) attacks. Methods for detecting and preventing malicious traffic involve anomaly detection techniques, signature scanning, intrusion detection systems, quality-of-service metrics, and network filters. The conclusion emphasizes the importance of security awareness to help mitigate internet misuse.

TechnologyBusiness
1 of 26
MALICIOUS TRAFFIC Presented by Ishraq Fataftah
Agenda  Introduction.  What is Malicious traffic.  Malicious traffic types.  Malicious traffic detection and prevention.  Conclusion.
Introduction  As the internet become more mature, management of its resources to provide guaranteed services is crucial.  The success of the Internet has increased its vulnerability to misuse and performance problems.
Introduction  It has been frequently abused by people mostly with hostile intentions.  We have been under various kinds of attacks such as viruses, worms and commonly a bunch of spam mails every day.
Introduction
Malicious Traffic  It is hard to detect and distinguish malicious packet and legitimate packets in the traffic.  The behavior of Internet traffic is very far from being regular.  Presents large variations in its throughput at all scales.
Malicious Traffic  Any traffic anomalies that occur from hardware or software failures to internet packets with maliciously modified options.  Generated from what is called botnets.
Malicious Traffic: Botnets
Malicious Traffic  Monitoring the flow of packets.  Malicious traffic usually exhausts the legitimate resources by sending a lot of traffic.  Monitoring traffic targeting unused addresses in the network.
Malicious Traffic Types  Scanners.  Worms.  Malicious Spam.  Backscatters.  DOS, DDOS.
Scanners  Single source.  Strikes the same port on many machines.  Different ports on the same machine.  Generates a lot of flows.
Worms  Self-replicating virus that does not alter files but resides in active memory and duplicates itself.  CodeRed worm infected 395,000 computers and resulted in approximately $2.6 billion in damage.  Results in an increase in service activity, especially if service is law traffic.
Worms MyTob Worm, 2005  Copies itself as %System%msnmsgs.exe  Adds the value: “MSN” = “msnmsgs.exe” to IRC Server registry: HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion RunServices HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun HKEY_CURRENT_USERSoftwareMicrosoftOLE HKEY_CURRENT_USERSYSTEMCurrentControlSetControlLsa  W32.Mytob@mm runs every time Windows starts User Zone Server Zone
Malicious Spam  Spamming is flooding the network with a huge amount of unsolicited email messages to force people to receive them.  Contains malware or links to malicious sites.
Backscatter  Email bounces for emails that a person didn’t send.  Spammer is spoofing the Reply-to field in email.  When sent to email server, it is bounces to the reply-to address rather than the sender.  Used to overcome spam filters and in DOS attacks.
DOS, DDOS  Generate a huge amount of adverse traffic to a target server to make it unavailable.  Attempt to exhaust the resources of the victim.  They are difficult to detect and prevent.  DDOS attacks are simultaneously launched from several sources destined to the same target.
DOS, DDOS
Malicious traffic Detection and Prevention  Anomaly detection techniques.  Signature-scan techniques.  Intrusion detection and prevention systems.  QoS metrics.  Tools such as Snort.  Network filters such as ACLs.  Honeypots.
Anomaly detection techniques  Differentiates between normal and malicious traffic by:  Studying the normal behavior of users, resources.  Create patterns for these activities.  Any behavior that deviates from this pattern is considered malicious.
Signature-scan techniques  Uses a database that store signatures.  Passive scan for network traffic, any patterns match these stored signatures are considered malicious traffic.  Effective for known attacks.
Intrusion detection and prevention systems  Software or hardware that is designed to detect and prevent any malicious attack or activity on the network.  Monitor the network traffic.  Analyze any suspicious event.  Log these events and report them to the network administrator for actions.
QoS metrics  Studying the behavior of the network traffic under normal and malicious attacks.  Extracting parameters from network traffic.
Snort  Open source tool that is used in intrusion detection systems.  Real time analysis on the network traffic.  Intrusion detection system to monitor the traffic, analyzes it and inform the network administrator for suspicious activities.
ACLs  Installed in routers and used to match packet headers against a pre-defined list of rules and takes pre-defined actions on any matching packets.
Honeypots “a security resource whose value lies in being probed, attacked or compromised”  Any attempt to interact with honeypots incurs a malicious activity or attack.
Conclusion  Malicious traffic is any traffic anomalies occurs from failure in traffic packets that is intentionally modified for malicious acts.  By studying malicious attacks we can obtain better understanding of malicious traffic and how to detect and prevent these attacks.  An increase in the awareness toward the importance of security will help in mitigation against internet misuse.

Recommended

Network attacks
Network attacksNetwork attacks
Network attacks
Manjushree Mashal
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentation
Mahmoud Ibra
 
Cryptanalysis
CryptanalysisCryptanalysis
Cryptanalysis
Sou Jana
 
Key management
Key managementKey management
Key management
Sujata Regoti
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9
koolkampus
 
Sql injection
Sql injectionSql injection
Sql injection
Pallavi Biswas
 
Cryptography
CryptographyCryptography
Cryptography
gueste4c97e
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
Niloy Biswas
 

Recommended

Network attacks
Network attacksNetwork attacks
Network attacks
Manjushree Mashal
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentation
Mahmoud Ibra
 
Cryptanalysis
CryptanalysisCryptanalysis
Cryptanalysis
Sou Jana
 
Key management
Key managementKey management
Key management
Sujata Regoti
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9
koolkampus
 
Sql injection
Sql injectionSql injection
Sql injection
Pallavi Biswas
 
Cryptography
CryptographyCryptography
Cryptography
gueste4c97e
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
Niloy Biswas
 
CNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksCNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer Attacks
Sam Bowne
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSA
Dr.Florence Dayana
 
DNS Attacks
DNS AttacksDNS Attacks
DNS Attacks
Himanshu Prabhakar
 
Hash function
Hash function Hash function
Hash function
Salman Memon
 
Database security
Database securityDatabase security
Database security
Birju Tank
 
Ossec Lightning
Ossec LightningOssec Lightning
Ossec Lightning
wremes
 
One-Time Password
One-Time PasswordOne-Time Password
One-Time Password
Ata Ebrahimi
 
Footprinting
FootprintingFootprinting
Footprinting
Duah John
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
NishaYadav177
 
Cryptanalysis 101
Cryptanalysis 101Cryptanalysis 101
Cryptanalysis 101
rahat ali
 
Cryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownCryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie Brown
Information Security Awareness Group
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
John Ely Masculino
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
Vivek Gandhi
 
Database security
Database securityDatabase security
Database security
Arpana shree
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
CAS
 
Ch14
Ch14Ch14
Ch14
Francis Alamina
 
Rc4
Rc4Rc4
Rc4
Amjad Rehman
 
Brute Forcing
Brute ForcingBrute Forcing
Brute Forcing
n|u - The Open Security Community
 
Digital signature
Digital signatureDigital signature
Digital signature
AJAL A J
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
Nikhil Raj
 
Towards scalable locationaware
Towards scalable locationawareTowards scalable locationaware
Towards scalable locationaware
Ishraq Al Fataftah
 
Optimizing spatial database
Optimizing spatial databaseOptimizing spatial database
Optimizing spatial database
Ishraq Al Fataftah
 

More Related Content

What's hot

CNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksCNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer Attacks
Sam Bowne
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSA
Dr.Florence Dayana
 
DNS Attacks
DNS AttacksDNS Attacks
DNS Attacks
Himanshu Prabhakar
 
Hash function
Hash function Hash function
Hash function
Salman Memon
 
Database security
Database securityDatabase security
Database security
Birju Tank
 
Ossec Lightning
Ossec LightningOssec Lightning
Ossec Lightning
wremes
 
One-Time Password
One-Time PasswordOne-Time Password
One-Time Password
Ata Ebrahimi
 
Footprinting
FootprintingFootprinting
Footprinting
Duah John
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
NishaYadav177
 
Cryptanalysis 101
Cryptanalysis 101Cryptanalysis 101
Cryptanalysis 101
rahat ali
 
Cryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownCryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie Brown
Information Security Awareness Group
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
John Ely Masculino
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
Vivek Gandhi
 
Database security
Database securityDatabase security
Database security
Arpana shree
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
CAS
 
Ch14
Ch14Ch14
Ch14
Francis Alamina
 
Rc4
Rc4Rc4
Rc4
Amjad Rehman
 
Brute Forcing
Brute ForcingBrute Forcing
Brute Forcing
n|u - The Open Security Community
 
Digital signature
Digital signatureDigital signature
Digital signature
AJAL A J
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
Nikhil Raj
 

What's hot (20)

CNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksCNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer Attacks
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSA
 
DNS Attacks
DNS AttacksDNS Attacks
DNS Attacks
 
Hash function
Hash function Hash function
Hash function
 
Database security
Database securityDatabase security
Database security
 
Ossec Lightning
Ossec LightningOssec Lightning
Ossec Lightning
 
One-Time Password
One-Time PasswordOne-Time Password
One-Time Password
 
Footprinting
FootprintingFootprinting
Footprinting
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
 
Cryptanalysis 101
Cryptanalysis 101Cryptanalysis 101
Cryptanalysis 101
 
Cryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownCryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie Brown
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
Database security
Database securityDatabase security
Database security
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Ch14
Ch14Ch14
Ch14
 
Rc4
Rc4Rc4
Rc4
 
Brute Forcing
Brute ForcingBrute Forcing
Brute Forcing
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 

Viewers also liked

Towards scalable locationaware
Towards scalable locationawareTowards scalable locationaware
Towards scalable locationaware
Ishraq Al Fataftah
 
Optimizing spatial database
Optimizing spatial databaseOptimizing spatial database
Optimizing spatial database
Ishraq Al Fataftah
 
Password based cryptography
Password based cryptographyPassword based cryptography
Password based cryptography
Ishraq Al Fataftah
 
Network Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortNetwork Intrusion Detection System Using Snort
Network Intrusion Detection System Using Snort
Disha Bedi
 
Snort IDS/IPS Basics
Snort IDS/IPS BasicsSnort IDS/IPS Basics
Snort IDS/IPS Basics
Mahendra Pratap Singh
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Akhil Kumar
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
shraddha_b
 
Introduction to Snort Rule Writing
Introduction to Snort Rule WritingIntroduction to Snort Rule Writing
Introduction to Snort Rule Writing
Cisco DevNet
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Sheetal Verma
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
gaurav koriya
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its types
Sai Sakoji
 

Viewers also liked (11)

Towards scalable locationaware
Towards scalable locationawareTowards scalable locationaware
Towards scalable locationaware
 
Optimizing spatial database
Optimizing spatial databaseOptimizing spatial database
Optimizing spatial database
 
Password based cryptography
Password based cryptographyPassword based cryptography
Password based cryptography
 
Network Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortNetwork Intrusion Detection System Using Snort
Network Intrusion Detection System Using Snort
 
Snort IDS/IPS Basics
Snort IDS/IPS BasicsSnort IDS/IPS Basics
Snort IDS/IPS Basics
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
 
Introduction to Snort Rule Writing
Introduction to Snort Rule WritingIntroduction to Snort Rule Writing
Introduction to Snort Rule Writing
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its types
 

Similar to Malicious traffic

Security threats
Security threatsSecurity threats
Security threats
Qamar Farooq
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHacking
Ave Nawsh
 
Computing safety
Computing safetyComputing safety
Computing safety
Brulius
 
Threat Hunting Playbook.pdf
Threat Hunting Playbook.pdfThreat Hunting Playbook.pdf
Threat Hunting Playbook.pdf
laibaarsyila
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topic
piyushkamble6
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !
Mohammed Jaseem Tp
 
Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...
Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...
Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...
Editor IJCATR
 
An email worm vaccine architecture
An email worm vaccine architectureAn email worm vaccine architecture
An email worm vaccine architecture
UltraUploader
 
Recipient Activated Malware Diffusion
Recipient Activated Malware DiffusionRecipient Activated Malware Diffusion
Recipient Activated Malware Diffusion
Bruce Fowler
 
Modern Malware and Threats
Modern Malware and ThreatsModern Malware and Threats
Modern Malware and Threats
MarketingArrowECS_CZ
 
Trojan horse and salami attack
Trojan horse and salami attackTrojan horse and salami attack
Trojan horse and salami attack
guestc8c7c02bb
 
A review botnet detection and suppression in clouds
A review botnet detection and suppression in cloudsA review botnet detection and suppression in clouds
A review botnet detection and suppression in clouds
Alexander Decker
 
5 worms and other malware
5 worms and other malware5 worms and other malware
5 worms and other malware
drewz lin
 
L N Yadav Cyber SECURITY.ppt
L N Yadav Cyber SECURITY.pptL N Yadav Cyber SECURITY.ppt
L N Yadav Cyber SECURITY.ppt
lowlesh1
 
L N Yadav Cyber SECURITY2.ppt
L N Yadav Cyber SECURITY2.pptL N Yadav Cyber SECURITY2.ppt
L N Yadav Cyber SECURITY2.ppt
lowlesh1
 
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGYA REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
ijasa
 
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
Yasser Mohammed
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
newbie2019
 
Types of attack -Part3 (Malware Part -2)
Types of attack -Part3 (Malware Part -2)Types of attack -Part3 (Malware Part -2)
Types of attack -Part3 (Malware Part -2)
SHUBHA CHATURVEDI
 
computer virus ppt.pptx
computer virus ppt.pptxcomputer virus ppt.pptx
computer virus ppt.pptx
Abiniyavk
 

Similar to Malicious traffic (20)

Security threats
Security threatsSecurity threats
Security threats
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHacking
 
Computing safety
Computing safetyComputing safety
Computing safety
 
Threat Hunting Playbook.pdf
Threat Hunting Playbook.pdfThreat Hunting Playbook.pdf
Threat Hunting Playbook.pdf
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topic
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !
 
Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...
Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...
Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...
 
An email worm vaccine architecture
An email worm vaccine architectureAn email worm vaccine architecture
An email worm vaccine architecture
 
Recipient Activated Malware Diffusion
Recipient Activated Malware DiffusionRecipient Activated Malware Diffusion
Recipient Activated Malware Diffusion
 
Modern Malware and Threats
Modern Malware and ThreatsModern Malware and Threats
Modern Malware and Threats
 
Trojan horse and salami attack
Trojan horse and salami attackTrojan horse and salami attack
Trojan horse and salami attack
 
A review botnet detection and suppression in clouds
A review botnet detection and suppression in cloudsA review botnet detection and suppression in clouds
A review botnet detection and suppression in clouds
 
5 worms and other malware
5 worms and other malware5 worms and other malware
5 worms and other malware
 
L N Yadav Cyber SECURITY.ppt
L N Yadav Cyber SECURITY.pptL N Yadav Cyber SECURITY.ppt
L N Yadav Cyber SECURITY.ppt
 
L N Yadav Cyber SECURITY2.ppt
L N Yadav Cyber SECURITY2.pptL N Yadav Cyber SECURITY2.ppt
L N Yadav Cyber SECURITY2.ppt
 
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGYA REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
 
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Types of attack -Part3 (Malware Part -2)
Types of attack -Part3 (Malware Part -2)Types of attack -Part3 (Malware Part -2)
Types of attack -Part3 (Malware Part -2)
 
computer virus ppt.pptx
computer virus ppt.pptxcomputer virus ppt.pptx
computer virus ppt.pptx
 

More from Ishraq Al Fataftah

Edge detection
Edge detectionEdge detection
Edge detection
Ishraq Al Fataftah
 
Peer to-peer mobile payments
Peer to-peer mobile paymentsPeer to-peer mobile payments
Peer to-peer mobile payments
Ishraq Al Fataftah
 
Publish subscribe model overview
Publish subscribe model overviewPublish subscribe model overview
Publish subscribe model overview
Ishraq Al Fataftah
 
Requirement engineering evaluation
Requirement engineering evaluationRequirement engineering evaluation
Requirement engineering evaluation
Ishraq Al Fataftah
 
Packet sniffing in switched LANs
Packet sniffing in switched LANsPacket sniffing in switched LANs
Packet sniffing in switched LANs
Ishraq Al Fataftah
 
Presentation skills
Presentation skillsPresentation skills
Presentation skills
Ishraq Al Fataftah
 

More from Ishraq Al Fataftah (6)

Edge detection
Edge detectionEdge detection
Edge detection
 
Peer to-peer mobile payments
Peer to-peer mobile paymentsPeer to-peer mobile payments
Peer to-peer mobile payments
 
Publish subscribe model overview
Publish subscribe model overviewPublish subscribe model overview
Publish subscribe model overview
 
Requirement engineering evaluation
Requirement engineering evaluationRequirement engineering evaluation
Requirement engineering evaluation
 
Packet sniffing in switched LANs
Packet sniffing in switched LANsPacket sniffing in switched LANs
Packet sniffing in switched LANs
 
Presentation skills
Presentation skillsPresentation skills
Presentation skills
 

Recently uploaded

Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
TIPNGVN2
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 

Recently uploaded (20)

Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 

Malicious traffic

  • 2. Agenda  Introduction.  What is Malicious traffic.  Malicious traffic types.  Malicious traffic detection and prevention.  Conclusion.
  • 3. Introduction  As the internet become more mature, management of its resources to provide guaranteed services is crucial.  The success of the Internet has increased its vulnerability to misuse and performance problems.
  • 4. Introduction  It has been frequently abused by people mostly with hostile intentions.  We have been under various kinds of attacks such as viruses, worms and commonly a bunch of spam mails every day.
  • 6. Malicious Traffic  It is hard to detect and distinguish malicious packet and legitimate packets in the traffic.  The behavior of Internet traffic is very far from being regular.  Presents large variations in its throughput at all scales.
  • 7. Malicious Traffic  Any traffic anomalies that occur from hardware or software failures to internet packets with maliciously modified options.  Generated from what is called botnets.
  • 9. Malicious Traffic  Monitoring the flow of packets.  Malicious traffic usually exhausts the legitimate resources by sending a lot of traffic.  Monitoring traffic targeting unused addresses in the network.
  • 10. Malicious Traffic Types  Scanners.  Worms.  Malicious Spam.  Backscatters.  DOS, DDOS.
  • 11. Scanners  Single source.  Strikes the same port on many machines.  Different ports on the same machine.  Generates a lot of flows.
  • 12. Worms  Self-replicating virus that does not alter files but resides in active memory and duplicates itself.  CodeRed worm infected 395,000 computers and resulted in approximately $2.6 billion in damage.  Results in an increase in service activity, especially if service is law traffic.
  • 13. Worms MyTob Worm, 2005  Copies itself as %System%msnmsgs.exe  Adds the value: “MSN” = “msnmsgs.exe” to IRC Server registry: HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion RunServices HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun HKEY_CURRENT_USERSoftwareMicrosoftOLE HKEY_CURRENT_USERSYSTEMCurrentControlSetControlLsa  W32.Mytob@mm runs every time Windows starts User Zone Server Zone
  • 14. Malicious Spam  Spamming is flooding the network with a huge amount of unsolicited email messages to force people to receive them.  Contains malware or links to malicious sites.
  • 15. Backscatter  Email bounces for emails that a person didn’t send.  Spammer is spoofing the Reply-to field in email.  When sent to email server, it is bounces to the reply-to address rather than the sender.  Used to overcome spam filters and in DOS attacks.
  • 16. DOS, DDOS  Generate a huge amount of adverse traffic to a target server to make it unavailable.  Attempt to exhaust the resources of the victim.  They are difficult to detect and prevent.  DDOS attacks are simultaneously launched from several sources destined to the same target.
  • 18. Malicious traffic Detection and Prevention  Anomaly detection techniques.  Signature-scan techniques.  Intrusion detection and prevention systems.  QoS metrics.  Tools such as Snort.  Network filters such as ACLs.  Honeypots.
  • 19. Anomaly detection techniques  Differentiates between normal and malicious traffic by:  Studying the normal behavior of users, resources.  Create patterns for these activities.  Any behavior that deviates from this pattern is considered malicious.
  • 20. Signature-scan techniques  Uses a database that store signatures.  Passive scan for network traffic, any patterns match these stored signatures are considered malicious traffic.  Effective for known attacks.
  • 21. Intrusion detection and prevention systems  Software or hardware that is designed to detect and prevent any malicious attack or activity on the network.  Monitor the network traffic.  Analyze any suspicious event.  Log these events and report them to the network administrator for actions.
  • 22. QoS metrics  Studying the behavior of the network traffic under normal and malicious attacks.  Extracting parameters from network traffic.
  • 23. Snort  Open source tool that is used in intrusion detection systems.  Real time analysis on the network traffic.  Intrusion detection system to monitor the traffic, analyzes it and inform the network administrator for suspicious activities.
  • 24. ACLs  Installed in routers and used to match packet headers against a pre-defined list of rules and takes pre-defined actions on any matching packets.
  • 25. Honeypots “a security resource whose value lies in being probed, attacked or compromised”  Any attempt to interact with honeypots incurs a malicious activity or attack.
  • 26. Conclusion  Malicious traffic is any traffic anomalies occurs from failure in traffic packets that is intentionally modified for malicious acts.  By studying malicious attacks we can obtain better understanding of malicious traffic and how to detect and prevent these attacks.  An increase in the awareness toward the importance of security will help in mitigation against internet misuse.

Editor's Notes

  1. threats may range from simple to severe functional and financial damage to the network infrastructure. Adding the legal perspective, these threats should be clearly and carefully identified, analyzed and managed.
  2. data is encapsulated in packets.
  3. Most flows are roughly symmetric at the packet levelWhenever a packet is sent, a packet is received within some reasonable interval (round trip time)This can me measured (and enforced) at the edge router inexpensively
  4. these botnets launch malicious traffic that attacks network hosts and internet service provider (ISPS).
  5. Malicious traffic can be detected by monitoring the network traffic using packet monitoring tools and studying any up normal or suspected behavior in the network. By monitoring the flow of packets, maliciously changed packets can be identified and infected computers can be determined based on its signature. In addition, malicious traffic usually exhausts the legitimate resources by sending a lot of traffic to halt its functionality. Another measurement can be by monitoring traffic targeting unused addresses in the network [3]. Unused addresses should expect a very limited load of traffic not mentioning that no device should be connected to it.
  6. Among all attacks, the denial-of-service (DoS) attack is one ofthe attacks rather difficult to detect and prevent since they exploitregular services, and overwhelm such services with tremendousmalicious traffic.
  7. Anomaly-detection first establishes a normal behavior pattern forusers, programs or resources in the system, and then looks for deviationfrom this behavior.signature-scan techniques passively monitor traffic seen on a network and detect an attack when patterns within the packet match predefined signatures in a database.They are a resource that has no authorized activity, they do not have any production value. Theoreticlly, a honeypot should see no traffic because it has no legitimate activity. This means any interaction with a honeypot is most likely unauthorized or malicious activity. Any connection attempts to a honeypot are most likely a probe, attack, or compromise. Snort’s open source network-based intrusion detection system (NIDS) has the ability to perform real-time traffic analysis and packet logging on Internet Protocol (IP) networks. Snort can be configured in three main modes: sniffer, packet logger, and network intrusion detection. Snort can be configured in three main modes: sniffer, packet logger, and network intrusion detection. the program will monitor network traffic and analyze it against a ruleset defined by the user. The program will then perform a specific action based on what has been identified