SlideShare a Scribd company logo

Network Security and Analysis with Python

pycontw
pycontw

Using Python, the author has developed a program that learns about protocol formats, with the main goal in being useful for Deep Packet Inspection. Deep Packet Inspection is a process mainly used in network security to ensure integrity of network data sent across the network. Deep Packet Inspection is used to pre-empt and prevent malicious data from being transmitted over a network in order to ensure the security of the organization. http://tw.pycon.org/2015apac/en/lightning_en

Technology
1 of 37
Download to read offline
NETWORK SECURITY AND ANALYSIS WITH PYTHON Lee Yang Peng Dunman High School Singapore
DEEP Packet Inspection Searching if anything in the packet is suspicious
ANALYTICS Motivation: Helping Deep Packet Inspection An initial experimental study Then I conducted experiments on them to determine their effectiveness
HEURISTICS FOR ANALYTICS Detecting Constant Fields and Enumeration fields to learn about protocol format Constant: Bytes that do not change data in all packets in a single protocol.  For example: {‘x00’} appears all the time. Or {‘x00’, ‘x01’, ‘x02’} in sequence Enums: Bytes at fixed positions that changes only slightly or has a limited number of values.  For example: At position 5, only contains values within {‘x00’, ‘x01’, ‘x02’}
Constant fields in protocol headers: Maybe… Paddings Protocol Version Reserved Fields
Where pi is the probability of each value occurring
13 May 2015
Ethernet TCP UDP IPv4 IPv6 ICMP IGMP(v3) ARP SMB NBNS LLMNR DNS SCTP OSPF
Contagio: http://contagiodump.blogspot.sg/
• Collected data unable to simulate randomness of a real network • False positives will be observed • For consistency, will mark these as incorrect during my evaluation
• Manual analysis of the protocol header was compared against ground truth from protocol documentation • Mark every byte in protocol header as {Constant, Not Constant}, and {Enum, Not Enum} • Accuracy = (True Positives + True Negatives) / Total Header Length • Entered these data into a table
Protocol Accuracy (Constants) Accuracy (Enums) TCP 100% 95% IPv4 90% 95% Ethernet 100% 100% IPv6 97.5% 92.5% DNS / NetBIOS-NS / LLMNR 41.7% 91.6% ARP 50.0% 62.5% ICMP 100% 100% UDP 100% 100% OSPF 30% 80% IGMP Version 3 50% 62.5% SCTP 100% 100% SMB 62.5% 84.4% Average Accuracy 76.8% 88.6%
LIMITATIONS • Is only useful for analyzing a single protocol • Heuristics to detect higher level fields such as dependencies and sequence numbers are not yet implemented
Network Security and Analysis with Python

Recommended

CVPRW2015
CVPRW2015CVPRW2015
CVPRW2015Thomas Effland
 
A probabilistic data encryption scheme (pdes)
A probabilistic data encryption scheme (pdes)A probabilistic data encryption scheme (pdes)
A probabilistic data encryption scheme (pdes)Alexander Decker
 
maXbox Starter 31 Closures
maXbox Starter 31 ClosuresmaXbox Starter 31 Closures
maXbox Starter 31 ClosuresMax Kleiner
 
Secure ordered bucketization
Secure ordered bucketizationSecure ordered bucketization
Secure ordered bucketizationShakas Technologies
 
SummaRuNNer: A Recurrent Neural Network based Sequence Model for Extractive ...
SummaRuNNer: A Recurrent Neural Network based Sequence Model for Extractive ... SummaRuNNer: A Recurrent Neural Network based Sequence Model for Extractive ...
SummaRuNNer: A Recurrent Neural Network based Sequence Model for Extractive ...Shubhangi Tandon
 
a performance analysis of generalized key scheme block cipher (gksbc) algorit...
a performance analysis of generalized key scheme block cipher (gksbc) algorit...a performance analysis of generalized key scheme block cipher (gksbc) algorit...
a performance analysis of generalized key scheme block cipher (gksbc) algorit...INFOGAIN PUBLICATION
 
Ciphers
CiphersCiphers
Ciphersphanleson
 
Introduction to Python for Security Professionals
Introduction to Python for Security ProfessionalsIntroduction to Python for Security Professionals
Introduction to Python for Security ProfessionalsAndrew McNicol
 

Recommended

CVPRW2015
CVPRW2015CVPRW2015
CVPRW2015Thomas Effland
 
A probabilistic data encryption scheme (pdes)
A probabilistic data encryption scheme (pdes)A probabilistic data encryption scheme (pdes)
A probabilistic data encryption scheme (pdes)Alexander Decker
 
maXbox Starter 31 Closures
maXbox Starter 31 ClosuresmaXbox Starter 31 Closures
maXbox Starter 31 ClosuresMax Kleiner
 
Secure ordered bucketization
Secure ordered bucketizationSecure ordered bucketization
Secure ordered bucketizationShakas Technologies
 
SummaRuNNer: A Recurrent Neural Network based Sequence Model for Extractive ...
SummaRuNNer: A Recurrent Neural Network based Sequence Model for Extractive ... SummaRuNNer: A Recurrent Neural Network based Sequence Model for Extractive ...
SummaRuNNer: A Recurrent Neural Network based Sequence Model for Extractive ...Shubhangi Tandon
 
a performance analysis of generalized key scheme block cipher (gksbc) algorit...
a performance analysis of generalized key scheme block cipher (gksbc) algorit...a performance analysis of generalized key scheme block cipher (gksbc) algorit...
a performance analysis of generalized key scheme block cipher (gksbc) algorit...INFOGAIN PUBLICATION
 
Ciphers
CiphersCiphers
Ciphersphanleson
 
Introduction to Python for Security Professionals
Introduction to Python for Security ProfessionalsIntroduction to Python for Security Professionals
Introduction to Python for Security ProfessionalsAndrew McNicol
 
Python build your security tools.pdf
Python build your security tools.pdfPython build your security tools.pdf
Python build your security tools.pdfTECHNOLOGY CONTROL CO.
 
Python for Penetration testers
Python for Penetration testersPython for Penetration testers
Python for Penetration testersChristian Martorella
 
شهادات سيسكو الإحترافية
شهادات سيسكو الإحترافيةشهادات سيسكو الإحترافية
شهادات سيسكو الإحترافيةEldaw Ali Yousif
 
Atm hacking and cracking to steal money with atm backdoor default master pass...
Atm hacking and cracking to steal money with atm backdoor default master pass...Atm hacking and cracking to steal money with atm backdoor default master pass...
Atm hacking and cracking to steal money with atm backdoor default master pass...FREDDY KEKANA
 
CapAnalysis - Deep Packet Inspection
CapAnalysis - Deep Packet InspectionCapAnalysis - Deep Packet Inspection
CapAnalysis - Deep Packet InspectionChris Harrington
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration TestingAndrew McNicol
 
Snake bites : Python for Pentesters
Snake bites : Python for PentestersSnake bites : Python for Pentesters
Snake bites : Python for PentestersAnant Shrivastava
 
Python Cryptography & Security
Python Cryptography & SecurityPython Cryptography & Security
Python Cryptography & SecurityJose Manuel Ortega Candel
 
OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with pythonJose Manuel Ortega Candel
 
Penetration testing using python
Penetration testing using pythonPenetration testing using python
Penetration testing using pythonPurna Chander K
 
Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)Mikko Ohtamaa
 
اسلاید دوم جلسه یازدهم کلاس پایتون برای هکر های قانونی
اسلاید دوم جلسه یازدهم کلاس پایتون برای هکر های قانونیاسلاید دوم جلسه یازدهم کلاس پایتون برای هکر های قانونی
اسلاید دوم جلسه یازدهم کلاس پایتون برای هکر های قانونیMohammad Reza Kamalifard
 
Evdokimov python arsenal for re
Evdokimov python arsenal for reEvdokimov python arsenal for re
Evdokimov python arsenal for reDefconRussia
 
Python tools for testing web services over HTTP
Python tools for testing web services over HTTPPython tools for testing web services over HTTP
Python tools for testing web services over HTTPMykhailo Kolesnyk
 
Le pentest face au droit - Cyber@Hack 2015
Le pentest face au droit - Cyber@Hack 2015Le pentest face au droit - Cyber@Hack 2015
Le pentest face au droit - Cyber@Hack 2015Benjamin Benifei
 
Stegano Secrets - Python
Stegano Secrets - PythonStegano Secrets - Python
Stegano Secrets - Pythonn|u - The Open Security Community
 
Pycon Sec
Pycon SecPycon Sec
Pycon Secguesta762e4
 
Denoising auto encoders(d a)
Denoising auto encoders(d a)Denoising auto encoders(d a)
Denoising auto encoders(d a)Tae Young Lee
 
Protecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxProtecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxGiuseppe Paterno'
 
A Critical Reassessment of Evolutionary Algorithms on the Cryptanalysis of th...
A Critical Reassessment of Evolutionary Algorithms on the Cryptanalysis of th...A Critical Reassessment of Evolutionary Algorithms on the Cryptanalysis of th...
A Critical Reassessment of Evolutionary Algorithms on the Cryptanalysis of th...ijcisjournal
 
A critical reassessment of
A critical reassessment ofA critical reassessment of
A critical reassessment ofijcisjournal
 

More Related Content

Viewers also liked

شهادات سيسكو الإحترافية
شهادات سيسكو الإحترافيةشهادات سيسكو الإحترافية
شهادات سيسكو الإحترافيةEldaw Ali Yousif
 
Atm hacking and cracking to steal money with atm backdoor default master pass...
Atm hacking and cracking to steal money with atm backdoor default master pass...Atm hacking and cracking to steal money with atm backdoor default master pass...
Atm hacking and cracking to steal money with atm backdoor default master pass...FREDDY KEKANA
 
CapAnalysis - Deep Packet Inspection
CapAnalysis - Deep Packet InspectionCapAnalysis - Deep Packet Inspection
CapAnalysis - Deep Packet InspectionChris Harrington
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration TestingAndrew McNicol
 
Snake bites : Python for Pentesters
Snake bites : Python for PentestersSnake bites : Python for Pentesters
Snake bites : Python for PentestersAnant Shrivastava
 
OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with pythonJose Manuel Ortega Candel
 
Penetration testing using python
Penetration testing using pythonPenetration testing using python
Penetration testing using pythonPurna Chander K
 
Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)Mikko Ohtamaa
 
اسلاید دوم جلسه یازدهم کلاس پایتون برای هکر های قانونی
اسلاید دوم جلسه یازدهم کلاس پایتون برای هکر های قانونیاسلاید دوم جلسه یازدهم کلاس پایتون برای هکر های قانونی
اسلاید دوم جلسه یازدهم کلاس پایتون برای هکر های قانونیMohammad Reza Kamalifard
 
Evdokimov python arsenal for re
Evdokimov python arsenal for reEvdokimov python arsenal for re
Evdokimov python arsenal for reDefconRussia
 
Python tools for testing web services over HTTP
Python tools for testing web services over HTTPPython tools for testing web services over HTTP
Python tools for testing web services over HTTPMykhailo Kolesnyk
 
Le pentest face au droit - Cyber@Hack 2015
Le pentest face au droit - Cyber@Hack 2015Le pentest face au droit - Cyber@Hack 2015
Le pentest face au droit - Cyber@Hack 2015Benjamin Benifei
 
Denoising auto encoders(d a)
Denoising auto encoders(d a)Denoising auto encoders(d a)
Denoising auto encoders(d a)Tae Young Lee
 
Protecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxProtecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxGiuseppe Paterno'
 

Viewers also liked (20)

Python build your security tools.pdf
Python build your security tools.pdfPython build your security tools.pdf
Python build your security tools.pdf
 
Python for Penetration testers
Python for Penetration testersPython for Penetration testers
Python for Penetration testers
 
شهادات سيسكو الإحترافية
شهادات سيسكو الإحترافيةشهادات سيسكو الإحترافية
شهادات سيسكو الإحترافية
 
Atm hacking and cracking to steal money with atm backdoor default master pass...
Atm hacking and cracking to steal money with atm backdoor default master pass...Atm hacking and cracking to steal money with atm backdoor default master pass...
Atm hacking and cracking to steal money with atm backdoor default master pass...
 
CapAnalysis - Deep Packet Inspection
CapAnalysis - Deep Packet InspectionCapAnalysis - Deep Packet Inspection
CapAnalysis - Deep Packet Inspection
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration Testing
 
Snake bites : Python for Pentesters
Snake bites : Python for PentestersSnake bites : Python for Pentesters
Snake bites : Python for Pentesters
 
Python Cryptography & Security
Python Cryptography & SecurityPython Cryptography & Security
Python Cryptography & Security
 
OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with python
 
Penetration testing using python
Penetration testing using pythonPenetration testing using python
Penetration testing using python
 
Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)
 
اسلاید دوم جلسه یازدهم کلاس پایتون برای هکر های قانونی
اسلاید دوم جلسه یازدهم کلاس پایتون برای هکر های قانونیاسلاید دوم جلسه یازدهم کلاس پایتون برای هکر های قانونی
اسلاید دوم جلسه یازدهم کلاس پایتون برای هکر های قانونی
 
Evdokimov python arsenal for re
Evdokimov python arsenal for reEvdokimov python arsenal for re
Evdokimov python arsenal for re
 
Python tools for testing web services over HTTP
Python tools for testing web services over HTTPPython tools for testing web services over HTTP
Python tools for testing web services over HTTP
 
Le pentest face au droit - Cyber@Hack 2015
Le pentest face au droit - Cyber@Hack 2015Le pentest face au droit - Cyber@Hack 2015
Le pentest face au droit - Cyber@Hack 2015
 
Stegano Secrets - Python
Stegano Secrets - PythonStegano Secrets - Python
Stegano Secrets - Python
 
Pycon Sec
Pycon SecPycon Sec
Pycon Sec
 
Denoising auto encoders(d a)
Denoising auto encoders(d a)Denoising auto encoders(d a)
Denoising auto encoders(d a)
 
Protecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxProtecting confidential files using SE-Linux
Protecting confidential files using SE-Linux
 

Similar to Network Security and Analysis with Python

A Critical Reassessment of Evolutionary Algorithms on the Cryptanalysis of th...
A Critical Reassessment of Evolutionary Algorithms on the Cryptanalysis of th...A Critical Reassessment of Evolutionary Algorithms on the Cryptanalysis of th...
A Critical Reassessment of Evolutionary Algorithms on the Cryptanalysis of th...ijcisjournal
 
A critical reassessment of
A critical reassessment ofA critical reassessment of
A critical reassessment ofijcisjournal
 
Utilisation of l-Diversity and Differential Privacy in the Anonymisation of N...
Utilisation of l-Diversity and Differential Privacy in the Anonymisation of N...Utilisation of l-Diversity and Differential Privacy in the Anonymisation of N...
Utilisation of l-Diversity and Differential Privacy in the Anonymisation of N...Shankar Lal
 
Smith et al. - Efficient auditory coding (Nature 2006)
Smith et al. - Efficient auditory coding (Nature 2006)Smith et al. - Efficient auditory coding (Nature 2006)
Smith et al. - Efficient auditory coding (Nature 2006)xrampino
 

Similar to Network Security and Analysis with Python (6)

A Critical Reassessment of Evolutionary Algorithms on the Cryptanalysis of th...
A Critical Reassessment of Evolutionary Algorithms on the Cryptanalysis of th...A Critical Reassessment of Evolutionary Algorithms on the Cryptanalysis of th...
A Critical Reassessment of Evolutionary Algorithms on the Cryptanalysis of th...
 
A critical reassessment of
A critical reassessment ofA critical reassessment of
A critical reassessment of
 
HPC_NIST_SHA3
HPC_NIST_SHA3HPC_NIST_SHA3
HPC_NIST_SHA3
 
Huffman Coding
Huffman CodingHuffman Coding
Huffman Coding
 
Utilisation of l-Diversity and Differential Privacy in the Anonymisation of N...
Utilisation of l-Diversity and Differential Privacy in the Anonymisation of N...Utilisation of l-Diversity and Differential Privacy in the Anonymisation of N...
Utilisation of l-Diversity and Differential Privacy in the Anonymisation of N...
 
Smith et al. - Efficient auditory coding (Nature 2006)
Smith et al. - Efficient auditory coding (Nature 2006)Smith et al. - Efficient auditory coding (Nature 2006)
Smith et al. - Efficient auditory coding (Nature 2006)
 

More from pycontw

Python on FreeBSD
Python on FreeBSDPython on FreeBSD
Python on FreeBSDpycontw
 
讓 Python Script 擁有圖形化介面的簡單方法
讓 Python Script 擁有圖形化介面的簡單方法讓 Python Script 擁有圖形化介面的簡單方法
讓 Python Script 擁有圖形化介面的簡單方法pycontw
 
CyberLink Meets Python
CyberLink Meets PythonCyberLink Meets Python
CyberLink Meets Pythonpycontw
 
PyKinect: Body Iteration Application Development Using Python
PyKinect: Body Iteration Application Development Using PythonPyKinect: Body Iteration Application Development Using Python
PyKinect: Body Iteration Application Development Using Pythonpycontw
 
Developing Python Apps on Windows Azure
Developing Python Apps on Windows AzureDeveloping Python Apps on Windows Azure
Developing Python Apps on Windows Azurepycontw
 
Qt Quick GUI Programming with PySide
Qt Quick GUI Programming with PySideQt Quick GUI Programming with PySide
Qt Quick GUI Programming with PySidepycontw
 
STAF 在自動化測試上的延伸應用 -- TMSTAF (TrendMicro STAF)
STAF 在自動化測試上的延伸應用 -- TMSTAF (TrendMicro STAF)STAF 在自動化測試上的延伸應用 -- TMSTAF (TrendMicro STAF)
STAF 在自動化測試上的延伸應用 -- TMSTAF (TrendMicro STAF)pycontw
 
Grid Job Management
Grid Job ManagementGrid Job Management
Grid Job Managementpycontw
 
Small Python Tools for Software Release Engineering
Small Python Tools for Software Release EngineeringSmall Python Tools for Software Release Engineering
Small Python Tools for Software Release Engineeringpycontw
 
Python and Startup
Python and StartupPython and Startup
Python and Startuppycontw
 
Panoramic Video in Environmental Monitoring Software Development and Applica...
Panoramic Video in Environmental Monitoring Software Development and Applica...Panoramic Video in Environmental Monitoring Software Development and Applica...
Panoramic Video in Environmental Monitoring Software Development and Applica...pycontw
 
那些年 Python 攻佔了 GIS / The Year Python Takes Over GIS
那些年 Python 攻佔了 GIS / The Year Python Takes Over GIS那些年 Python 攻佔了 GIS / The Year Python Takes Over GIS
那些年 Python 攻佔了 GIS / The Year Python Takes Over GISpycontw
 
Introduction to Discrete-Event Simulation Using SimPy
Introduction to Discrete-Event Simulation Using SimPyIntroduction to Discrete-Event Simulation Using SimPy
Introduction to Discrete-Event Simulation Using SimPypycontw
 
Python and the Web
Python and the WebPython and the Web
Python and the Webpycontw
 
Large-scale Array-oriented Computing with Python
Large-scale Array-oriented Computing with PythonLarge-scale Array-oriented Computing with Python
Large-scale Array-oriented Computing with Pythonpycontw
 

More from pycontw (15)

Python on FreeBSD
Python on FreeBSDPython on FreeBSD
Python on FreeBSD
 
讓 Python Script 擁有圖形化介面的簡單方法
讓 Python Script 擁有圖形化介面的簡單方法讓 Python Script 擁有圖形化介面的簡單方法
讓 Python Script 擁有圖形化介面的簡單方法
 
CyberLink Meets Python
CyberLink Meets PythonCyberLink Meets Python
CyberLink Meets Python
 
PyKinect: Body Iteration Application Development Using Python
PyKinect: Body Iteration Application Development Using PythonPyKinect: Body Iteration Application Development Using Python
PyKinect: Body Iteration Application Development Using Python
 
Developing Python Apps on Windows Azure
Developing Python Apps on Windows AzureDeveloping Python Apps on Windows Azure
Developing Python Apps on Windows Azure
 
Qt Quick GUI Programming with PySide
Qt Quick GUI Programming with PySideQt Quick GUI Programming with PySide
Qt Quick GUI Programming with PySide
 
STAF 在自動化測試上的延伸應用 -- TMSTAF (TrendMicro STAF)
STAF 在自動化測試上的延伸應用 -- TMSTAF (TrendMicro STAF)STAF 在自動化測試上的延伸應用 -- TMSTAF (TrendMicro STAF)
STAF 在自動化測試上的延伸應用 -- TMSTAF (TrendMicro STAF)
 
Grid Job Management
Grid Job ManagementGrid Job Management
Grid Job Management
 
Small Python Tools for Software Release Engineering
Small Python Tools for Software Release EngineeringSmall Python Tools for Software Release Engineering
Small Python Tools for Software Release Engineering
 
Python and Startup
Python and StartupPython and Startup
Python and Startup
 
Panoramic Video in Environmental Monitoring Software Development and Applica...
Panoramic Video in Environmental Monitoring Software Development and Applica...Panoramic Video in Environmental Monitoring Software Development and Applica...
Panoramic Video in Environmental Monitoring Software Development and Applica...
 
那些年 Python 攻佔了 GIS / The Year Python Takes Over GIS
那些年 Python 攻佔了 GIS / The Year Python Takes Over GIS那些年 Python 攻佔了 GIS / The Year Python Takes Over GIS
那些年 Python 攻佔了 GIS / The Year Python Takes Over GIS
 
Introduction to Discrete-Event Simulation Using SimPy
Introduction to Discrete-Event Simulation Using SimPyIntroduction to Discrete-Event Simulation Using SimPy
Introduction to Discrete-Event Simulation Using SimPy
 
Python and the Web
Python and the WebPython and the Web
Python and the Web
 
Large-scale Array-oriented Computing with Python
Large-scale Array-oriented Computing with PythonLarge-scale Array-oriented Computing with Python
Large-scale Array-oriented Computing with Python
 

Recently uploaded

FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 

Recently uploaded (20)

FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 

Network Security and Analysis with Python

  • 1. NETWORK SECURITY AND ANALYSIS WITH PYTHON Lee Yang Peng Dunman High School Singapore
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9. DEEP Packet Inspection Searching if anything in the packet is suspicious
  • 10.
  • 11.
  • 12.
  • 13.
  • 14. ANALYTICS Motivation: Helping Deep Packet Inspection An initial experimental study Then I conducted experiments on them to determine their effectiveness
  • 15.
  • 16. HEURISTICS FOR ANALYTICS Detecting Constant Fields and Enumeration fields to learn about protocol format Constant: Bytes that do not change data in all packets in a single protocol.  For example: {‘x00’} appears all the time. Or {‘x00’, ‘x01’, ‘x02’} in sequence Enums: Bytes at fixed positions that changes only slightly or has a limited number of values.  For example: At position 5, only contains values within {‘x00’, ‘x01’, ‘x02’}
  • 17.
  • 18. Constant fields in protocol headers: Maybe… Paddings Protocol Version Reserved Fields
  • 19.
  • 20.
  • 21.
  • 22. Where pi is the probability of each value occurring
  • 23.
  • 25.
  • 26. Ethernet TCP UDP IPv4 IPv6 ICMP IGMP(v3) ARP SMB NBNS LLMNR DNS SCTP OSPF
  • 28.
  • 29. • Collected data unable to simulate randomness of a real network • False positives will be observed • For consistency, will mark these as incorrect during my evaluation
  • 30.
  • 31.
  • 32.
  • 33.
  • 34. • Manual analysis of the protocol header was compared against ground truth from protocol documentation • Mark every byte in protocol header as {Constant, Not Constant}, and {Enum, Not Enum} • Accuracy = (True Positives + True Negatives) / Total Header Length • Entered these data into a table
  • 35. Protocol Accuracy (Constants) Accuracy (Enums) TCP 100% 95% IPv4 90% 95% Ethernet 100% 100% IPv6 97.5% 92.5% DNS / NetBIOS-NS / LLMNR 41.7% 91.6% ARP 50.0% 62.5% ICMP 100% 100% UDP 100% 100% OSPF 30% 80% IGMP Version 3 50% 62.5% SCTP 100% 100% SMB 62.5% 84.4% Average Accuracy 76.8% 88.6%
  • 36. LIMITATIONS • Is only useful for analyzing a single protocol • Heuristics to detect higher level fields such as dependencies and sequence numbers are not yet implemented