Network Security Lab - PowerPoint PPT Presentation

About This Presentation
Title:

Network Security Lab

Description:

Internet Worms. A program that: Scans network for vulnerable machines ... Parallel worm simulator. Runs on multiple machines gain memory and CPU resources ... – PowerPoint PPT presentation

Number of Views:62
Avg rating:3.0/5.0
Slides: 17
Provided by: jelenam
Category:
Tags: lab | network | security | worm

less

Transcript and Presenter's Notes

Title: Network Security Lab


1
Network Security Lab
  • Jelena Mirkovicsunshine_at_cis.udel.edu
  • Sig NewGrad presentantion

2
Main Research Areas
  • Distributed Denial of Service
  • Distributed defense DefCOM
  • Internet Worms
  • Worm simulation PAWS
  • Cooperative defense WIN
  • Detecting new malicious executables
  • Application-level Honeynets, summarizing firewall
    logs, predicting routing changes

3
Distributed Denial of Service
4
Distributed Denial of Service
5
Distributed Denial of Service
Ideal solution!
Too much traffic
Attack traffic looks likelegitimate
6
Distributed Denial of Service
Stop attack
Detect attack
Differentiate betweenattack and legitimate
traffic
7
DefCOM
  • Distributed defense against DDoS
  • Combines nodes at
  • Victim Alert generators detect attack and
    alert other nodes
  • Core Rate limiters stop attack by dropping
    traffic
  • Source Classifiers differentiate between
    legitimate and attack traffic
  • Nodes cooperate through an overlay

8
DefCOM
C
RL
Attack!
AG
RL
C
1. Attack detection
9
DefCOM
I see mark 5!
mark 5
mark 56
C
RL
I see marks 12 and 56!
AG
I see mark 3!
RL
mark 12
C
mark 3
2. Forming the traffic tree
10
DefCOM
C
RL
AG
RL
C
2. Forming the traffic tree
11
DefCOM
C
RL
AG
100Mbps
RL
C
3. Distributed rate-limiting
12
DefCOM
L6 M20
L4 M25
C
RL
AG
100Mbps
RL
C
L33 M17
L76 M43
4. Traffic differentiation
13
DefCOM
L6 M20
L4 M25
C
RL
AG
100Mbps
RL
C
L33 M17
L76 M43
4. Traffic differentiation
14
Internet Worms
  • A program that
  • Scans network for vulnerable machines
  • Breaks into machines by exploiting the found
    vulnerability
  • Installs some piece of malicious code backdoor,
    DDoS tool
  • Moves on
  • Dont need any user action to spread
  • Spread very fast!

15
PAWS
  • Parallel worm simulator
  • Runs on multiple machines gain memory and CPU
    resources
  • Can simulate greater detail than single-node
    simulators
  • Can simulate various defenses
  • Machines synchronize with network messages

16
WIN
  • Worm information network
  • We need fast, automatic response to stop worms
  • How can we detect worms
  • How can we devise signatures quickly and
    automatically
  • How can we share signatures with other networks
  • How can we accept signatures from others and be
    sure we wont filter out legitimate traffic
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Network Security Lab" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!