SlideShare a Scribd company logo

Qualifying exam-2015-final

Open Networking Perú (Opennetsoft)
Open Networking Perú (Opennetsoft)

The document proposes an architecture called IntelFlow that aims to integrate cyber threat intelligence into software defined networks. IntelFlow would introduce a knowledge plane that receives threat intelligence from various sources and allows the Bro IDS to query this intelligence. The knowledge plane would then export OpenFlow rules to implement countermeasures. The document outlines IntelFlow's components, how it would map intelligence indicators to OpenFlow flows, and presents initial results from a proof-of-concept showing IntelFlow can detect attacks faster than reactive approaches and successfully mitigated a DDoS attack in testing. Future work will further evaluate IntelFlow's effectiveness against other attacks.

1 of 47
IntelFlow: A Proactive Approach To Add Cyber Threat Intelligence To Software Defined Networks EQM – February 24, 2015 Candidate: Javier Richard Quinto A. Orientator: Prof. Dr. Christian Esteve Rothenberg State University of Campinas School of Electrical and Computer Engineering 1
Outline 1. Motivation & Background 2. Problem Definition & Research Objectives 3. Related Work 4. Proposed Architecture: IntelFlow 5. Proof of Concept Implementation 6. Partial Results and Conclusions 7. Execution Schedule 2
Motivation Top Threats to Cloud Computing Abuse and Nefarious Use of Cloud Computing Source: [1] 3
Motivation Top Threats to Cloud Computing Malicious Insiders Source: [2] Abuse and Nefarious Use of Cloud Computing Source: [1] 4
Background What is Intruder Detection System ? IDS is a security device or software that monitor network or computer in order to analyze and detect malicious attacks within a networking system. Detection Techniques of the IDSs Anomaly: Identifies events which do not agree to an expected pattern or is an unusual event. However, new rules are difficult to create. Signature: Monitors packets on the network and compare them against a database of signatures or attributes. However, new attacks can not be detected. Fig: Components IDS 5
Background What is Intruder Detection System ? IDS is a security device or software that monitor network or computer in order to analyze and detect malicious attacks within a networking system. Detection Techniques of the IDSs Anomaly: Identifies events which do not agree to an expected pattern or is an unusual event. However, new rules are difficult to create. Signature: Monitors packets on the network and compare them against a database of signatures or attributes. However, new attacks can not be detected. Bro is a type of IDS powerful network analysis framework that is much different from the typical IDS. Bro is adaptable, efficient, flexible, forensics, in-depth analysis, highly stateful, open source. Fig: Architecture BRO IDS Source: [3] Fig: Components IDS 6
Limitation of the Intruder Prevention System (IPS) IPS is a network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits. However, it has certain limitations such as: a) Latency: Deep Packet Inspection degrades the performance and results in a high latency. b) Accuracy: Reducing false positives is a challenge. c) Flexibility: Blocking certain range of the suspect network without affecting the healthy traffic from innocent neighbors. 7 Motivation
Motivation Information vs Intelligence Raw Information Source: [4] 8
Motivation Raw Information Source: [4] Intelligence Data 9 Information vs Intelligence
Background What is Cyber Threat Intelligence ? Cyber Threat Intelligence (CTI) is an emerging methodology of evidence-based knowledge, that organizations identifies and successfully responds to a cyber attack. E.g., When an institution faces a similar threat, they are able to rapidly deploy countermeasures based on the experience acquired by other organizations, in order to prevent attacks intelligently. Fig: Cyber Threat Intelligence Source: [5] 10
Background What is Cyber Threat Intelligence ? Cyber Threat Intelligence (CTI) is an emerging methodology of evidence-based knowledge, that organizations identifies and successfully responds to a cyber attack. E.g., When an institution faces a similar threat, they are able to rapidly deploy countermeasures based on the experience acquired by other organizations, in order to prevent attacks intelligently. Collective Intelligence Framework (CIF) is a cyber threat intelligence management system that allows you to combine known malicious threat information from many sources and use that information for identification (incident response), detection (IDS) and mitigation (null route). Fig: Process of the CIF Fig: Cyber Threat Intelligence Source: [5] 11
Problem Definition & Research Objectives Problem Definition • General: How to enhance the use of network defense technologies? • More specific: How to integrate Cyber Threat Intelligence into (software-defined) networking management and control systems? 12
Problem Definition & Research Objectives Problem Definition • General: How to enhance the use of network defense technologies? • More specific: How to integrate Cyber Threat Intelligence into (software-defined) networking management and control systems? Scope and Objectives of the Master Thesis: a) Leveraging Collective Intelligence Framework (CIF) to add security service to SDN. b) Integrating the Bro’s Intel framework to acquire intelligence data from reliable sources. c) Evaluating the IntelFlow architecture for different scenarios, validating it with a proof-of-concept implementation and experiments to assess effectiveness and performance. 13
Background What is Software Defined Networking (SDN) ? • The control and data planes are decoupled. • Forwarding decisions are flow-based, instead of destination-based. • Control logic is moved to an external entity, the SDN controller located on Network Operating System (NOS). • The network is programmable through software applications running on top of the NOS that interacts with the underlying data plane devices. Fig: SDN architecture Source: [6] 14
Background What is OpenFlow? OpenFlow is the first standard communications interface defined between the control and forwarding layers of an SDN architecture. The protocol allows direct access to and manipulation of the forwarding plane of network devices such as switches and routers. This allows moving network control out of the networking switches to logically centralized control software. Fig: SDN / OpenFlow Source: [7] 15
Related Work 16
Proposed Architecture: IntelFlow Main idea: Introducing a Knowledge Plane (KP) • KP receives as input sources of threat intelligence • KP allows queries from Bro IDS about the acquired intelligence data. • KP exports the generated OpenFlow rules. 17
Proposed Architecture: IntelFlow 18
Proposed Architecture: IntelFlow Bro IDS 19
Proposed Architecture: IntelFlow Bro IDS SDN 20
Proposed Architecture: IntelFlow Bro IDS SDN IntelFlow Architecture 21
Architecture (Modes of operation) 22
Architecture (Inputs and Outputs) Bro IDS Input Fields OpenFlow Output Flows 23 Field Description id.orig_h Source IP id.orig_p Source port id.resp_h Destination IP id.resp_p Destination port seen.indicator Trigger the match seen.where Location Conn::IN_ORIG Connection source IP Conn::IN_RESP Connection destination IP HTTP::IN_HOST_ HEADER HTTP host header Flow Description nw_src Source IP tp_src Source port nw_src Destination IP tp_src Port IP action Realized by O.F SW
Architecture (Mapping Flows 1) 24
Architecture (Mapping Flows 1) Algorithm for seen.indicator_type = “Intel::ADDR” If (seen.where == Conn::IN_RESP) seen.indicator = malicious_IP mapping (malicious_IP) = nw_dst actions = drop (nw_dst) and output -> HoneyPot Port else if (seen.where == Conn::IN_ORIG) seen.indicator = malicious_IP (== id.orig_h) mapping (malicious_IP) = nw_src actions = drop (nw_src) and output -> HoneyPot Port Intelligence Algorithm 25
Architecture (Mapping Flows 2) 26
Architecture (Mapping Flows 2) Algorithm for seen.indicator_type = “Intel::DOMAIN” || Intel::”URL” If (seen.where == HTTP::IN_HOST_HEADER || seen.where == DNS::IN_REQUEST) seen.indicator = malicious_domain inverse (seen.indicator) = malicious_IP = IPm mapping (IPm; id.resp_p) = nw_dst; tp_dst actions = drop (nw_dst;tp_dst) and output -> HoneyPot Port else If (seen.where == HTTP::IN_URL) seen.indicator = malicious_URL inverse (seen.indicator) = malicious_IP = IPm mapping (IPm; id.resp_p) = nw_dst; tp_dst actions = drop (nw_dst;tp_dst) and output -> HoneyPot Port Intelligence Algorithm 27
Architecture (Mapping Flows 3) 28
Architecture (Mapping Flows 3) Algorithm for Notice If (note == Scan::Port_Scan) src = suspicious_IP function (src) if -> false_positive return 0; // end else if mapping (src) = nw_src actions = drop (nw_src) and output -> HoneyPot Port else If (note == Scan::Password_Guessing) src = malicious_IP mapping (src) = nw_src actions = drop (nw_src) and output -> HoneyPot Port Notice Algorithm 29
Proof of Concept Implementation (Inter-Domain Collaboration) 30
Proof of Concept Implementation (Intra-Domain Operation) 31
Proof of Concept Implementation (Test bed) 32
Experimental Methodology 33
Experimental Methodology 34
Experimental Methodology 35
Experimental Methodology 36
How many intelligence rules generated by BRO could be detected and converted to OpenFlow rules in time t ? 𝐒𝐮𝐜𝐞𝐬𝐬 𝑨𝒏𝒂𝒍𝒚𝒛𝒊𝒏𝒈 𝑹𝒂𝒕𝒆 = # 𝑶.𝑭 𝑭𝒍𝒐𝒘𝒔 # 𝑰𝑵𝑻𝑬𝑳 + # 𝑵𝑶𝑻𝑰𝑪𝑬 (%) Partial Results Experimental Evaluation 1 Fig. Number of OpenFlow rules generated by the Intel API 37
Partial Results How does a system react against a Distributed Denial of Service attack? 𝑹𝒂𝒕𝒆 𝒐𝒇 𝑺𝒀𝑵 𝒑𝒂𝒄𝒌𝒆𝒕𝒔 = 𝟏𝟓𝟎 + 𝟐 ∗ 𝒕 ∗ 𝒑𝒂𝒒 𝒔𝒆𝒄 Threshold x VN = 230 paq/sec Threshold x server = 500 paq/sec Attack: Send a script to each VN simulating a DDoS. Monitoring System : Iperf Experimental Evaluation 2 Fig. Comparison times to counter an attack DDoS 38
Partial Results Experimental Evaluation 3 Fig. Comparing times between Proactive and Reactive modes 39
Partial Conclusions • Taking advantage of IDS and a collaborative security framework (CIF), we propose an architecture that allows dropping different types of attacks by proactively programming OpenFlow entries. • The required time to react against some type of attack has direct impact on the applicability of the system. - Proactive approaches present appealing performance. • Future work will continue evaluating show the effectiveness of our proposal compared to conventional approaches. 40
Execution Schedule 41 The working plan details the activities which have been and continue to be developed through the next months and the execution schedule at intervals of six weeks.
References [Tianyi Xing 2013] T. Xing, D. Huang, L. Xu, C.-J. Chung, and P. Khatkar, Snortow: A openflow-based intrusion prevention system in cloud environment," in Proceedings of the 2013 Second GENI Research and Educational Experiment Workshop, GREE '13, (Washington, DC, USA), pp. 89{92, IEEE Computer Society, 2013. [Tianyi Xing 2014] T. Xing, Z. X., D. Huang, and D. M., Sdnips: Enabling software-defined networking based intrusion prevention system in clouds," 10th International Conference on Network and Service Management, 2014. [Martin Lopez 2014] M. A. Lopez, U. Figueiredo, A. P. Lobato, and O. C. M. B. DUARTE, Broflow: Um sistema eficiente de deteccao e prevencao de intrusao em redes definidas por software," in XXXIV Congresso da Sociedade Brasileira de Computacao { CSBC 2014, (Centro de Convencoes Brasil 21), CSBC2014, 2014. 42
References [Antonio Lobato 2014] A. P. Lobato, U. Figueiredo, M. A. Lopez, and O. C. M. B. DUARTE, Uma arquitetura elastica para prevencao de intrusao em redes virtuais usando redes definidas por software," in Anais do XXXII Simposio Brasileiro de Redes de Computadores e Sistemas Distribudos { SBRC 2014, (Florianopolis, SC, Brazil), SBRC 2014, 2014. [Fábio Nagahama 2014] F. Y. Nagahama, F. Farias, E. Aguiar, G. Luciano, L. Granville, E. Cerqueira, and A. Antonio, Ipsflow{uma proposta de sistema de prevencao de intrusao baseado no framework openflow," in III WPEIF-SBRC, vol. 12, pp. 42{47, 2012. [Radware 2014] RADWARE, Defenseflow: The sdn application that programs networks for dos security," tech. rep., RADWARE. 43
References List of Figures: Source [1]: www.icp.ge.ch Source [2]: blog.securestate.com Source [3]: www.bro.org Source [4]: www.isightpartners.com Source [5]: clintonfirth.com Source [6]: Article: “Software-Defined Networking: A Comprehensive Survey,” Proceeding of the IEEE Source [7]: www.opennetworking.org 44
Thank you! Questions? 45
Related Work • SnortFlow: Proposes a flexible IPS system in cloud virtual networking environments, based on the performance evaluation of the virtual machines, reconfiguring the network in case of any abnormal activity [Tianyi Xing 2013]. • BroFlow: Proposes a system capable of reacting against DoS attacks in real time, combining an IDS and an OpenFlow application programming interface. BroFlow is an extension of the Bro architecture with two additional modules, one for the security policies and the other for message countermeasure. If there is a threat, a POX application either drops packets to eliminate malicious events or uses an output to forward packets to a specific target [Martín Lopez 2014]. • Elastic Architecture for IPS: Proposes methods to detect anomalies in an intra-domain network with multiples virtual networks and protection to the Deep Packet Inspection (DPI) monitoring tools as well a load balancing of the same, distributing flows in a suitable manner [Antonio Lobato 2014]. 46
Related Work • IPSFlow: Proposes a solution of IPS based on SDN/OpenFlow with automatized block of the malicious traffic. One of the advantages is the selective and distributed capture of the traffic in switches for the analyzing of one of more IDSs [Fabio Nagahama 2012]. • Radware: Provides a DDoS attack defense solution that leverages SDN technology taking actions of reconfiguration forwarding devices against DDoS attacks [DefenseFlow 2013] • SDNIPS: Compares the SDN-based IPS solution with the traditional IPS approach from both mechanism analysis and evaluation. The network reconfiguration are designed and implemented based on POX controller to enhance its flexibility. Evaluations of SDNIPS demonstrated its feasibility and efficiency over traditional approaches [Tianyi Xing 2014]. 47

Recommended

IDS - Fact, Challenges and Future
IDS - Fact, Challenges and FutureIDS - Fact, Challenges and Future
IDS - Fact, Challenges and Future
amiable_indian
 
Finding Diversity In Remote Code Injection Exploits
Finding Diversity In Remote Code Injection ExploitsFinding Diversity In Remote Code Injection Exploits
Finding Diversity In Remote Code Injection Exploits
amiable_indian
 
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET Journal
 
Replay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network TestbedsReplay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network Testbeds
DETER-Project
 
A Back Propagation Neural Network Intrusion Detection System Based on KVM
A Back Propagation Neural Network Intrusion Detection System Based on KVMA Back Propagation Neural Network Intrusion Detection System Based on KVM
A Back Propagation Neural Network Intrusion Detection System Based on KVM
International Journal of Innovation Engineering and Science Research
 
Icacci presentation-cnn intrusion
Icacci presentation-cnn intrusionIcacci presentation-cnn intrusion
Icacci presentation-cnn intrusion
vinaykumar R
 
Machine Learning
Machine LearningMachine Learning
Machine Learning
Mahdi Hosseini Moghaddam
 
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionCloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Wei-Yu Chen
 

Recommended

IDS - Fact, Challenges and Future
IDS - Fact, Challenges and FutureIDS - Fact, Challenges and Future
IDS - Fact, Challenges and Future
amiable_indian
 
Finding Diversity In Remote Code Injection Exploits
Finding Diversity In Remote Code Injection ExploitsFinding Diversity In Remote Code Injection Exploits
Finding Diversity In Remote Code Injection Exploits
amiable_indian
 
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET Journal
 
Replay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network TestbedsReplay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network Testbeds
DETER-Project
 
A Back Propagation Neural Network Intrusion Detection System Based on KVM
A Back Propagation Neural Network Intrusion Detection System Based on KVMA Back Propagation Neural Network Intrusion Detection System Based on KVM
A Back Propagation Neural Network Intrusion Detection System Based on KVM
International Journal of Innovation Engineering and Science Research
 
Icacci presentation-cnn intrusion
Icacci presentation-cnn intrusionIcacci presentation-cnn intrusion
Icacci presentation-cnn intrusion
vinaykumar R
 
Machine Learning
Machine LearningMachine Learning
Machine Learning
Mahdi Hosseini Moghaddam
 
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionCloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Wei-Yu Chen
 
Application of machine learning and cognitive computing in intrusion detectio...
Application of machine learning and cognitive computing in intrusion detectio...Application of machine learning and cognitive computing in intrusion detectio...
Application of machine learning and cognitive computing in intrusion detectio...
Mahdi Hosseini Moghaddam
 
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAINDETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
cscpconf
 
Databse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining ApproachDatabse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining Approach
Suraj Chauhan
 
A Technique by using Neuro-Fuzzy Inference System for Intrusion Detection and...
A Technique by using Neuro-Fuzzy Inference System for Intrusion Detection and...A Technique by using Neuro-Fuzzy Inference System for Intrusion Detection and...
A Technique by using Neuro-Fuzzy Inference System for Intrusion Detection and...
IJMER
 
How the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development LifecycleHow the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development Lifecycle
Seungjoo Kim
 
5
55
5
aniketnimaje
 
D03601023026
D03601023026D03601023026
D03601023026
theijes
 
4
44
4
aniketnimaje
 
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...
IRJET Journal
 
Auto sign an automatic signature generator for high-speed malware filtering d...
Auto sign an automatic signature generator for high-speed malware filtering d...Auto sign an automatic signature generator for high-speed malware filtering d...
Auto sign an automatic signature generator for high-speed malware filtering d...
UltraUploader
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity Innovation
Pete Burnap
 
Anomaly detection final
Anomaly detection finalAnomaly detection final
Anomaly detection final
Akshay Bansal
 
Artificial neural network for misuse detection
Artificial neural network for misuse detectionArtificial neural network for misuse detection
Artificial neural network for misuse detection
Likan Patra
 
Secure Checkpointing Approach for Mobile Environment
Secure Checkpointing Approach for Mobile EnvironmentSecure Checkpointing Approach for Mobile Environment
Secure Checkpointing Approach for Mobile Environment
idescitation
 
Tbhf
TbhfTbhf
Tbhf
Lijo George
 
6
66
6
aniketnimaje
 
Efficient two-stage cryptography scheme for secure distributed data storage i...
Efficient two-stage cryptography scheme for secure distributed data storage i...Efficient two-stage cryptography scheme for secure distributed data storage i...
Efficient two-stage cryptography scheme for secure distributed data storage i...
IJECEIAES
 
An Approach of Automatic Data Mining Algorithm for Intrusion Detection and P...
An Approach of Automatic Data Mining Algorithm for Intrusion Detection and P...An Approach of Automatic Data Mining Algorithm for Intrusion Detection and P...
An Approach of Automatic Data Mining Algorithm for Intrusion Detection and P...
IOSR Journals
 
Hybrid elliptic curve cryptography using ant colony
Hybrid elliptic curve cryptography using ant colonyHybrid elliptic curve cryptography using ant colony
Hybrid elliptic curve cryptography using ant colony
قصي نسور
 
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET Journal
 
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
Open Networking Perú (Opennetsoft)
 
Optimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning AlgorithmOptimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning Algorithm
ijtsrd
 

More Related Content

What's hot

Application of machine learning and cognitive computing in intrusion detectio...
Application of machine learning and cognitive computing in intrusion detectio...Application of machine learning and cognitive computing in intrusion detectio...
Application of machine learning and cognitive computing in intrusion detectio...
Mahdi Hosseini Moghaddam
 
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAINDETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
cscpconf
 
Databse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining ApproachDatabse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining Approach
Suraj Chauhan
 
A Technique by using Neuro-Fuzzy Inference System for Intrusion Detection and...
A Technique by using Neuro-Fuzzy Inference System for Intrusion Detection and...A Technique by using Neuro-Fuzzy Inference System for Intrusion Detection and...
A Technique by using Neuro-Fuzzy Inference System for Intrusion Detection and...
IJMER
 
How the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development LifecycleHow the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development Lifecycle
Seungjoo Kim
 
5
55
5
aniketnimaje
 
D03601023026
D03601023026D03601023026
D03601023026
theijes
 
4
44
4
aniketnimaje
 
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...
IRJET Journal
 
Auto sign an automatic signature generator for high-speed malware filtering d...
Auto sign an automatic signature generator for high-speed malware filtering d...Auto sign an automatic signature generator for high-speed malware filtering d...
Auto sign an automatic signature generator for high-speed malware filtering d...
UltraUploader
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity Innovation
Pete Burnap
 
Anomaly detection final
Anomaly detection finalAnomaly detection final
Anomaly detection final
Akshay Bansal
 
Artificial neural network for misuse detection
Artificial neural network for misuse detectionArtificial neural network for misuse detection
Artificial neural network for misuse detection
Likan Patra
 
Secure Checkpointing Approach for Mobile Environment
Secure Checkpointing Approach for Mobile EnvironmentSecure Checkpointing Approach for Mobile Environment
Secure Checkpointing Approach for Mobile Environment
idescitation
 
Tbhf
TbhfTbhf
Tbhf
Lijo George
 
6
66
6
aniketnimaje
 
Efficient two-stage cryptography scheme for secure distributed data storage i...
Efficient two-stage cryptography scheme for secure distributed data storage i...Efficient two-stage cryptography scheme for secure distributed data storage i...
Efficient two-stage cryptography scheme for secure distributed data storage i...
IJECEIAES
 
An Approach of Automatic Data Mining Algorithm for Intrusion Detection and P...
An Approach of Automatic Data Mining Algorithm for Intrusion Detection and P...An Approach of Automatic Data Mining Algorithm for Intrusion Detection and P...
An Approach of Automatic Data Mining Algorithm for Intrusion Detection and P...
IOSR Journals
 
Hybrid elliptic curve cryptography using ant colony
Hybrid elliptic curve cryptography using ant colonyHybrid elliptic curve cryptography using ant colony
Hybrid elliptic curve cryptography using ant colony
قصي نسور
 
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET Journal
 

What's hot (20)

Application of machine learning and cognitive computing in intrusion detectio...
Application of machine learning and cognitive computing in intrusion detectio...Application of machine learning and cognitive computing in intrusion detectio...
Application of machine learning and cognitive computing in intrusion detectio...
 
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAINDETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
 
Databse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining ApproachDatabse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining Approach
 
A Technique by using Neuro-Fuzzy Inference System for Intrusion Detection and...
A Technique by using Neuro-Fuzzy Inference System for Intrusion Detection and...A Technique by using Neuro-Fuzzy Inference System for Intrusion Detection and...
A Technique by using Neuro-Fuzzy Inference System for Intrusion Detection and...
 
How the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development LifecycleHow the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development Lifecycle
 
5
55
5
 
D03601023026
D03601023026D03601023026
D03601023026
 
4
44
4
 
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...
 
Auto sign an automatic signature generator for high-speed malware filtering d...
Auto sign an automatic signature generator for high-speed malware filtering d...Auto sign an automatic signature generator for high-speed malware filtering d...
Auto sign an automatic signature generator for high-speed malware filtering d...
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity Innovation
 
Anomaly detection final
Anomaly detection finalAnomaly detection final
Anomaly detection final
 
Artificial neural network for misuse detection
Artificial neural network for misuse detectionArtificial neural network for misuse detection
Artificial neural network for misuse detection
 
Secure Checkpointing Approach for Mobile Environment
Secure Checkpointing Approach for Mobile EnvironmentSecure Checkpointing Approach for Mobile Environment
Secure Checkpointing Approach for Mobile Environment
 
Tbhf
TbhfTbhf
Tbhf
 
6
66
6
 
Efficient two-stage cryptography scheme for secure distributed data storage i...
Efficient two-stage cryptography scheme for secure distributed data storage i...Efficient two-stage cryptography scheme for secure distributed data storage i...
Efficient two-stage cryptography scheme for secure distributed data storage i...
 
An Approach of Automatic Data Mining Algorithm for Intrusion Detection and P...
An Approach of Automatic Data Mining Algorithm for Intrusion Detection and P...An Approach of Automatic Data Mining Algorithm for Intrusion Detection and P...
An Approach of Automatic Data Mining Algorithm for Intrusion Detection and P...
 
Hybrid elliptic curve cryptography using ant colony
Hybrid elliptic curve cryptography using ant colonyHybrid elliptic curve cryptography using ant colony
Hybrid elliptic curve cryptography using ant colony
 
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
 

Similar to Qualifying exam-2015-final

IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
Open Networking Perú (Opennetsoft)
 
Optimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning AlgorithmOptimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning Algorithm
ijtsrd
 
COPYRIGHTThis thesis is copyright materials protected under the .docx
COPYRIGHTThis thesis is copyright materials protected under the .docxCOPYRIGHTThis thesis is copyright materials protected under the .docx
COPYRIGHTThis thesis is copyright materials protected under the .docx
voversbyobersby
 
Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...
Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...
Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...
Hassan EL ALLOUSSI
 
An Efficient Framework for Detection & Classification of IoT BotNet.pptx
An Efficient Framework for Detection & Classification of IoT BotNet.pptxAn Efficient Framework for Detection & Classification of IoT BotNet.pptx
An Efficient Framework for Detection & Classification of IoT BotNet.pptx
Sandeep Maurya
 
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSDDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
ijfls
 
DDoS Attack Detection on Internet o Things using Unsupervised Algorithms
DDoS Attack Detection on Internet o Things using Unsupervised AlgorithmsDDoS Attack Detection on Internet o Things using Unsupervised Algorithms
DDoS Attack Detection on Internet o Things using Unsupervised Algorithms
ijfls
 
Lecture_10_AML_in_Network_Intrusion_Detection.pptx
Lecture_10_AML_in_Network_Intrusion_Detection.pptxLecture_10_AML_in_Network_Intrusion_Detection.pptx
Lecture_10_AML_in_Network_Intrusion_Detection.pptx
HetansheeShah2
 
Lecture_10_AML_in_Network_Intrusion_Detection (3).pptx
Lecture_10_AML_in_Network_Intrusion_Detection (3).pptxLecture_10_AML_in_Network_Intrusion_Detection (3).pptx
Lecture_10_AML_in_Network_Intrusion_Detection (3).pptx
Aditi943522
 
Lecture_10_AML_in_Network_Intrusion_Detection.pptx
Lecture_10_AML_in_Network_Intrusion_Detection.pptxLecture_10_AML_in_Network_Intrusion_Detection.pptx
Lecture_10_AML_in_Network_Intrusion_Detection.pptx
TsegabrehanZerihun
 
Genetic Algorithm based Layered Detection and Defense of HTTP Botnet
Genetic Algorithm based Layered Detection and Defense of HTTP BotnetGenetic Algorithm based Layered Detection and Defense of HTTP Botnet
Genetic Algorithm based Layered Detection and Defense of HTTP Botnet
IDES Editor
 
D03302030036
D03302030036D03302030036
D03302030036
theijes
 
Vulnerability Detection Based on Git History
Vulnerability Detection Based on Git HistoryVulnerability Detection Based on Git History
Vulnerability Detection Based on Git History
Kenta Yamamoto
 
2 14-1346479656-1- a study of feature selection methods in intrusion detectio...
2 14-1346479656-1- a study of feature selection methods in intrusion detectio...2 14-1346479656-1- a study of feature selection methods in intrusion detectio...
2 14-1346479656-1- a study of feature selection methods in intrusion detectio...
Dr. Amrita .
 
Understanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptxUnderstanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptx
Rineri1
 
Secure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security SensemakingSecure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security Sensemaking
Anita D'Amico
 
FIOT_Uni4.pptx
FIOT_Uni4.pptxFIOT_Uni4.pptx
FIOT_Uni4.pptx
RishikeshPathak10
 
Intrusion detection using data mining
Intrusion detection using data miningIntrusion detection using data mining
Intrusion detection using data mining
balbeerrawat
 
A Study of Intrusion Detection and Prevention System for Network Security
A Study of Intrusion Detection and Prevention System for Network SecurityA Study of Intrusion Detection and Prevention System for Network Security
A Study of Intrusion Detection and Prevention System for Network Security
IRJET Journal
 
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated DesignCisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Russia
 

Similar to Qualifying exam-2015-final (20)

IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
 
Optimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning AlgorithmOptimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning Algorithm
 
COPYRIGHTThis thesis is copyright materials protected under the .docx
COPYRIGHTThis thesis is copyright materials protected under the .docxCOPYRIGHTThis thesis is copyright materials protected under the .docx
COPYRIGHTThis thesis is copyright materials protected under the .docx
 
Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...
Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...
Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...
 
An Efficient Framework for Detection & Classification of IoT BotNet.pptx
An Efficient Framework for Detection & Classification of IoT BotNet.pptxAn Efficient Framework for Detection & Classification of IoT BotNet.pptx
An Efficient Framework for Detection & Classification of IoT BotNet.pptx
 
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSDDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
 
DDoS Attack Detection on Internet o Things using Unsupervised Algorithms
DDoS Attack Detection on Internet o Things using Unsupervised AlgorithmsDDoS Attack Detection on Internet o Things using Unsupervised Algorithms
DDoS Attack Detection on Internet o Things using Unsupervised Algorithms
 
Lecture_10_AML_in_Network_Intrusion_Detection.pptx
Lecture_10_AML_in_Network_Intrusion_Detection.pptxLecture_10_AML_in_Network_Intrusion_Detection.pptx
Lecture_10_AML_in_Network_Intrusion_Detection.pptx
 
Lecture_10_AML_in_Network_Intrusion_Detection (3).pptx
Lecture_10_AML_in_Network_Intrusion_Detection (3).pptxLecture_10_AML_in_Network_Intrusion_Detection (3).pptx
Lecture_10_AML_in_Network_Intrusion_Detection (3).pptx
 
Lecture_10_AML_in_Network_Intrusion_Detection.pptx
Lecture_10_AML_in_Network_Intrusion_Detection.pptxLecture_10_AML_in_Network_Intrusion_Detection.pptx
Lecture_10_AML_in_Network_Intrusion_Detection.pptx
 
Genetic Algorithm based Layered Detection and Defense of HTTP Botnet
Genetic Algorithm based Layered Detection and Defense of HTTP BotnetGenetic Algorithm based Layered Detection and Defense of HTTP Botnet
Genetic Algorithm based Layered Detection and Defense of HTTP Botnet
 
D03302030036
D03302030036D03302030036
D03302030036
 
Vulnerability Detection Based on Git History
Vulnerability Detection Based on Git HistoryVulnerability Detection Based on Git History
Vulnerability Detection Based on Git History
 
2 14-1346479656-1- a study of feature selection methods in intrusion detectio...
2 14-1346479656-1- a study of feature selection methods in intrusion detectio...2 14-1346479656-1- a study of feature selection methods in intrusion detectio...
2 14-1346479656-1- a study of feature selection methods in intrusion detectio...
 
Understanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptxUnderstanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptx
 
Secure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security SensemakingSecure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security Sensemaking
 
FIOT_Uni4.pptx
FIOT_Uni4.pptxFIOT_Uni4.pptx
FIOT_Uni4.pptx
 
Intrusion detection using data mining
Intrusion detection using data miningIntrusion detection using data mining
Intrusion detection using data mining
 
A Study of Intrusion Detection and Prevention System for Network Security
A Study of Intrusion Detection and Prevention System for Network SecurityA Study of Intrusion Detection and Prevention System for Network Security
A Study of Intrusion Detection and Prevention System for Network Security
 
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated DesignCisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
 

More from Open Networking Perú (Opennetsoft)

Primera capacitación en sdn para el proyecto Bella-T
Primera capacitación en sdn para el proyecto Bella-TPrimera capacitación en sdn para el proyecto Bella-T
Primera capacitación en sdn para el proyecto Bella-T
Open Networking Perú (Opennetsoft)
 
Capacitación de SDN para COMSOC UNI
Capacitación de SDN para COMSOC UNICapacitación de SDN para COMSOC UNI
Capacitación de SDN para COMSOC UNI
Open Networking Perú (Opennetsoft)
 
Open Dayligth usando SDN-NFV
Open Dayligth usando SDN-NFVOpen Dayligth usando SDN-NFV
Open Dayligth usando SDN-NFV
Open Networking Perú (Opennetsoft)
 
OVS-NFV Tutorial
OVS-NFV TutorialOVS-NFV Tutorial
OVS-NFV Tutorial
Open Networking Perú (Opennetsoft)
 
Afiche Oficial del COOPEBRAS-2017 - I Jornada Peruana-Internacional de Invest...
Afiche Oficial del COOPEBRAS-2017 - I Jornada Peruana-Internacional de Invest...Afiche Oficial del COOPEBRAS-2017 - I Jornada Peruana-Internacional de Invest...
Afiche Oficial del COOPEBRAS-2017 - I Jornada Peruana-Internacional de Invest...
Open Networking Perú (Opennetsoft)
 
Programa Oficial del COOPEBRAS 2017
Programa Oficial del COOPEBRAS 2017Programa Oficial del COOPEBRAS 2017
Programa Oficial del COOPEBRAS 2017
Open Networking Perú (Opennetsoft)
 
Tutorial GPG
Tutorial GPGTutorial GPG
Tutorial GPG
Open Networking Perú (Opennetsoft)
 
Docker 2014
Docker 2014Docker 2014
Docker 2014
Open Networking Perú (Opennetsoft)
 
New Virtualization Technologies
New Virtualization TechnologiesNew Virtualization Technologies
New Virtualization Technologies
Open Networking Perú (Opennetsoft)
 

More from Open Networking Perú (Opennetsoft) (9)

Primera capacitación en sdn para el proyecto Bella-T
Primera capacitación en sdn para el proyecto Bella-TPrimera capacitación en sdn para el proyecto Bella-T
Primera capacitación en sdn para el proyecto Bella-T
 
Capacitación de SDN para COMSOC UNI
Capacitación de SDN para COMSOC UNICapacitación de SDN para COMSOC UNI
Capacitación de SDN para COMSOC UNI
 
Open Dayligth usando SDN-NFV
Open Dayligth usando SDN-NFVOpen Dayligth usando SDN-NFV
Open Dayligth usando SDN-NFV
 
OVS-NFV Tutorial
OVS-NFV TutorialOVS-NFV Tutorial
OVS-NFV Tutorial
 
Afiche Oficial del COOPEBRAS-2017 - I Jornada Peruana-Internacional de Invest...
Afiche Oficial del COOPEBRAS-2017 - I Jornada Peruana-Internacional de Invest...Afiche Oficial del COOPEBRAS-2017 - I Jornada Peruana-Internacional de Invest...
Afiche Oficial del COOPEBRAS-2017 - I Jornada Peruana-Internacional de Invest...
 
Programa Oficial del COOPEBRAS 2017
Programa Oficial del COOPEBRAS 2017Programa Oficial del COOPEBRAS 2017
Programa Oficial del COOPEBRAS 2017
 
Tutorial GPG
Tutorial GPGTutorial GPG
Tutorial GPG
 
Docker 2014
Docker 2014Docker 2014
Docker 2014
 
New Virtualization Technologies
New Virtualization TechnologiesNew Virtualization Technologies
New Virtualization Technologies
 

Recently uploaded

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Zilliz
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 

Recently uploaded (20)

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 

Qualifying exam-2015-final

  • 1. IntelFlow: A Proactive Approach To Add Cyber Threat Intelligence To Software Defined Networks EQM – February 24, 2015 Candidate: Javier Richard Quinto A. Orientator: Prof. Dr. Christian Esteve Rothenberg State University of Campinas School of Electrical and Computer Engineering 1
  • 2. Outline 1. Motivation & Background 2. Problem Definition & Research Objectives 3. Related Work 4. Proposed Architecture: IntelFlow 5. Proof of Concept Implementation 6. Partial Results and Conclusions 7. Execution Schedule 2
  • 3. Motivation Top Threats to Cloud Computing Abuse and Nefarious Use of Cloud Computing Source: [1] 3
  • 4. Motivation Top Threats to Cloud Computing Malicious Insiders Source: [2] Abuse and Nefarious Use of Cloud Computing Source: [1] 4
  • 5. Background What is Intruder Detection System ? IDS is a security device or software that monitor network or computer in order to analyze and detect malicious attacks within a networking system. Detection Techniques of the IDSs Anomaly: Identifies events which do not agree to an expected pattern or is an unusual event. However, new rules are difficult to create. Signature: Monitors packets on the network and compare them against a database of signatures or attributes. However, new attacks can not be detected. Fig: Components IDS 5
  • 6. Background What is Intruder Detection System ? IDS is a security device or software that monitor network or computer in order to analyze and detect malicious attacks within a networking system. Detection Techniques of the IDSs Anomaly: Identifies events which do not agree to an expected pattern or is an unusual event. However, new rules are difficult to create. Signature: Monitors packets on the network and compare them against a database of signatures or attributes. However, new attacks can not be detected. Bro is a type of IDS powerful network analysis framework that is much different from the typical IDS. Bro is adaptable, efficient, flexible, forensics, in-depth analysis, highly stateful, open source. Fig: Architecture BRO IDS Source: [3] Fig: Components IDS 6
  • 7. Limitation of the Intruder Prevention System (IPS) IPS is a network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits. However, it has certain limitations such as: a) Latency: Deep Packet Inspection degrades the performance and results in a high latency. b) Accuracy: Reducing false positives is a challenge. c) Flexibility: Blocking certain range of the suspect network without affecting the healthy traffic from innocent neighbors. 7 Motivation
  • 8. Motivation Information vs Intelligence Raw Information Source: [4] 8
  • 9. Motivation Raw Information Source: [4] Intelligence Data 9 Information vs Intelligence
  • 10. Background What is Cyber Threat Intelligence ? Cyber Threat Intelligence (CTI) is an emerging methodology of evidence-based knowledge, that organizations identifies and successfully responds to a cyber attack. E.g., When an institution faces a similar threat, they are able to rapidly deploy countermeasures based on the experience acquired by other organizations, in order to prevent attacks intelligently. Fig: Cyber Threat Intelligence Source: [5] 10
  • 11. Background What is Cyber Threat Intelligence ? Cyber Threat Intelligence (CTI) is an emerging methodology of evidence-based knowledge, that organizations identifies and successfully responds to a cyber attack. E.g., When an institution faces a similar threat, they are able to rapidly deploy countermeasures based on the experience acquired by other organizations, in order to prevent attacks intelligently. Collective Intelligence Framework (CIF) is a cyber threat intelligence management system that allows you to combine known malicious threat information from many sources and use that information for identification (incident response), detection (IDS) and mitigation (null route). Fig: Process of the CIF Fig: Cyber Threat Intelligence Source: [5] 11
  • 12. Problem Definition & Research Objectives Problem Definition • General: How to enhance the use of network defense technologies? • More specific: How to integrate Cyber Threat Intelligence into (software-defined) networking management and control systems? 12
  • 13. Problem Definition & Research Objectives Problem Definition • General: How to enhance the use of network defense technologies? • More specific: How to integrate Cyber Threat Intelligence into (software-defined) networking management and control systems? Scope and Objectives of the Master Thesis: a) Leveraging Collective Intelligence Framework (CIF) to add security service to SDN. b) Integrating the Bro’s Intel framework to acquire intelligence data from reliable sources. c) Evaluating the IntelFlow architecture for different scenarios, validating it with a proof-of-concept implementation and experiments to assess effectiveness and performance. 13
  • 14. Background What is Software Defined Networking (SDN) ? • The control and data planes are decoupled. • Forwarding decisions are flow-based, instead of destination-based. • Control logic is moved to an external entity, the SDN controller located on Network Operating System (NOS). • The network is programmable through software applications running on top of the NOS that interacts with the underlying data plane devices. Fig: SDN architecture Source: [6] 14
  • 15. Background What is OpenFlow? OpenFlow is the first standard communications interface defined between the control and forwarding layers of an SDN architecture. The protocol allows direct access to and manipulation of the forwarding plane of network devices such as switches and routers. This allows moving network control out of the networking switches to logically centralized control software. Fig: SDN / OpenFlow Source: [7] 15
  • 17. Proposed Architecture: IntelFlow Main idea: Introducing a Knowledge Plane (KP) • KP receives as input sources of threat intelligence • KP allows queries from Bro IDS about the acquired intelligence data. • KP exports the generated OpenFlow rules. 17
  • 21. Proposed Architecture: IntelFlow Bro IDS SDN IntelFlow Architecture 21
  • 22. Architecture (Modes of operation) 22
  • 23. Architecture (Inputs and Outputs) Bro IDS Input Fields OpenFlow Output Flows 23 Field Description id.orig_h Source IP id.orig_p Source port id.resp_h Destination IP id.resp_p Destination port seen.indicator Trigger the match seen.where Location Conn::IN_ORIG Connection source IP Conn::IN_RESP Connection destination IP HTTP::IN_HOST_ HEADER HTTP host header Flow Description nw_src Source IP tp_src Source port nw_src Destination IP tp_src Port IP action Realized by O.F SW
  • 25. Architecture (Mapping Flows 1) Algorithm for seen.indicator_type = “Intel::ADDR” If (seen.where == Conn::IN_RESP) seen.indicator = malicious_IP mapping (malicious_IP) = nw_dst actions = drop (nw_dst) and output -> HoneyPot Port else if (seen.where == Conn::IN_ORIG) seen.indicator = malicious_IP (== id.orig_h) mapping (malicious_IP) = nw_src actions = drop (nw_src) and output -> HoneyPot Port Intelligence Algorithm 25
  • 27. Architecture (Mapping Flows 2) Algorithm for seen.indicator_type = “Intel::DOMAIN” || Intel::”URL” If (seen.where == HTTP::IN_HOST_HEADER || seen.where == DNS::IN_REQUEST) seen.indicator = malicious_domain inverse (seen.indicator) = malicious_IP = IPm mapping (IPm; id.resp_p) = nw_dst; tp_dst actions = drop (nw_dst;tp_dst) and output -> HoneyPot Port else If (seen.where == HTTP::IN_URL) seen.indicator = malicious_URL inverse (seen.indicator) = malicious_IP = IPm mapping (IPm; id.resp_p) = nw_dst; tp_dst actions = drop (nw_dst;tp_dst) and output -> HoneyPot Port Intelligence Algorithm 27
  • 29. Architecture (Mapping Flows 3) Algorithm for Notice If (note == Scan::Port_Scan) src = suspicious_IP function (src) if -> false_positive return 0; // end else if mapping (src) = nw_src actions = drop (nw_src) and output -> HoneyPot Port else If (note == Scan::Password_Guessing) src = malicious_IP mapping (src) = nw_src actions = drop (nw_src) and output -> HoneyPot Port Notice Algorithm 29
  • 30. Proof of Concept Implementation (Inter-Domain Collaboration) 30
  • 31. Proof of Concept Implementation (Intra-Domain Operation) 31
  • 32. Proof of Concept Implementation (Test bed) 32
  • 37. How many intelligence rules generated by BRO could be detected and converted to OpenFlow rules in time t ? 𝐒𝐮𝐜𝐞𝐬𝐬 𝑨𝒏𝒂𝒍𝒚𝒛𝒊𝒏𝒈 𝑹𝒂𝒕𝒆 = # 𝑶.𝑭 𝑭𝒍𝒐𝒘𝒔 # 𝑰𝑵𝑻𝑬𝑳 + # 𝑵𝑶𝑻𝑰𝑪𝑬 (%) Partial Results Experimental Evaluation 1 Fig. Number of OpenFlow rules generated by the Intel API 37
  • 38. Partial Results How does a system react against a Distributed Denial of Service attack? 𝑹𝒂𝒕𝒆 𝒐𝒇 𝑺𝒀𝑵 𝒑𝒂𝒄𝒌𝒆𝒕𝒔 = 𝟏𝟓𝟎 + 𝟐 ∗ 𝒕 ∗ 𝒑𝒂𝒒 𝒔𝒆𝒄 Threshold x VN = 230 paq/sec Threshold x server = 500 paq/sec Attack: Send a script to each VN simulating a DDoS. Monitoring System : Iperf Experimental Evaluation 2 Fig. Comparison times to counter an attack DDoS 38
  • 39. Partial Results Experimental Evaluation 3 Fig. Comparing times between Proactive and Reactive modes 39
  • 40. Partial Conclusions • Taking advantage of IDS and a collaborative security framework (CIF), we propose an architecture that allows dropping different types of attacks by proactively programming OpenFlow entries. • The required time to react against some type of attack has direct impact on the applicability of the system. - Proactive approaches present appealing performance. • Future work will continue evaluating show the effectiveness of our proposal compared to conventional approaches. 40
  • 41. Execution Schedule 41 The working plan details the activities which have been and continue to be developed through the next months and the execution schedule at intervals of six weeks.
  • 42. References [Tianyi Xing 2013] T. Xing, D. Huang, L. Xu, C.-J. Chung, and P. Khatkar, Snortow: A openflow-based intrusion prevention system in cloud environment," in Proceedings of the 2013 Second GENI Research and Educational Experiment Workshop, GREE '13, (Washington, DC, USA), pp. 89{92, IEEE Computer Society, 2013. [Tianyi Xing 2014] T. Xing, Z. X., D. Huang, and D. M., Sdnips: Enabling software-defined networking based intrusion prevention system in clouds," 10th International Conference on Network and Service Management, 2014. [Martin Lopez 2014] M. A. Lopez, U. Figueiredo, A. P. Lobato, and O. C. M. B. DUARTE, Broflow: Um sistema eficiente de deteccao e prevencao de intrusao em redes definidas por software," in XXXIV Congresso da Sociedade Brasileira de Computacao { CSBC 2014, (Centro de Convencoes Brasil 21), CSBC2014, 2014. 42
  • 43. References [Antonio Lobato 2014] A. P. Lobato, U. Figueiredo, M. A. Lopez, and O. C. M. B. DUARTE, Uma arquitetura elastica para prevencao de intrusao em redes virtuais usando redes definidas por software," in Anais do XXXII Simposio Brasileiro de Redes de Computadores e Sistemas Distribudos { SBRC 2014, (Florianopolis, SC, Brazil), SBRC 2014, 2014. [Fábio Nagahama 2014] F. Y. Nagahama, F. Farias, E. Aguiar, G. Luciano, L. Granville, E. Cerqueira, and A. Antonio, Ipsflow{uma proposta de sistema de prevencao de intrusao baseado no framework openflow," in III WPEIF-SBRC, vol. 12, pp. 42{47, 2012. [Radware 2014] RADWARE, Defenseflow: The sdn application that programs networks for dos security," tech. rep., RADWARE. 43
  • 44. References List of Figures: Source [1]: www.icp.ge.ch Source [2]: blog.securestate.com Source [3]: www.bro.org Source [4]: www.isightpartners.com Source [5]: clintonfirth.com Source [6]: Article: “Software-Defined Networking: A Comprehensive Survey,” Proceeding of the IEEE Source [7]: www.opennetworking.org 44
  • 46. Related Work • SnortFlow: Proposes a flexible IPS system in cloud virtual networking environments, based on the performance evaluation of the virtual machines, reconfiguring the network in case of any abnormal activity [Tianyi Xing 2013]. • BroFlow: Proposes a system capable of reacting against DoS attacks in real time, combining an IDS and an OpenFlow application programming interface. BroFlow is an extension of the Bro architecture with two additional modules, one for the security policies and the other for message countermeasure. If there is a threat, a POX application either drops packets to eliminate malicious events or uses an output to forward packets to a specific target [Martín Lopez 2014]. • Elastic Architecture for IPS: Proposes methods to detect anomalies in an intra-domain network with multiples virtual networks and protection to the Deep Packet Inspection (DPI) monitoring tools as well a load balancing of the same, distributing flows in a suitable manner [Antonio Lobato 2014]. 46
  • 47. Related Work • IPSFlow: Proposes a solution of IPS based on SDN/OpenFlow with automatized block of the malicious traffic. One of the advantages is the selective and distributed capture of the traffic in switches for the analyzing of one of more IDSs [Fabio Nagahama 2012]. • Radware: Provides a DDoS attack defense solution that leverages SDN technology taking actions of reconfiguration forwarding devices against DDoS attacks [DefenseFlow 2013] • SDNIPS: Compares the SDN-based IPS solution with the traditional IPS approach from both mechanism analysis and evaluation. The network reconfiguration are designed and implemented based on POX controller to enhance its flexibility. Evaluations of SDNIPS demonstrated its feasibility and efficiency over traditional approaches [Tianyi Xing 2014]. 47