SlideShare ist ein Scribd-Unternehmen logo

AGILIS: An On-Line Map Reduce Environment for Collaborative Cyber Security

Als PPTX, PDF herunterladen
Roberto Baldoni
Roberto Baldoni

The document discusses using a collaborative approach and distributed event processing platform called Agilis to detect stealthy port scans across multiple organizations. It describes how a stealthy scan works and how collaborating organizations can share network traffic data in a "semantic room" to identify scanners that target only a small number of ports at each location. The Agilis platform is able to process large amounts of real-time data in parallel to detect such attacks with low latency even when the workload varies over time. A demonstration of the system detected a stealthy scan within 700 seconds using traffic from 8 machines simulated to represent different collaborators.

TechnologieWirtschaft & Finanzen
1 von 33
AGILIS: an on-line map reduce environmentfor collaborative security MIDLAB Middleware Laboratory Sapienza Università di Roma Dipartimento di Informatica e Sistemistica Roberto Baldoni UniversitàdegliStudidi Roma “La Sapienza” baldoni@dis.uniroma1.it, http://www.dis.uniroma1.it/~baldoni/ Prin Meeting - San Vito diCadore Joint Work with IBM Haifa in the contextofCoMiFin EU Project 14/2/2011
Middleware Laboratory MIDLAB Focus and structure of the talk Requirements coming from the financial context; Collaborative event processing for Cyber Security Edge vs centralized event processing over the internet Agilis Esper Roberto Baldoni
MIDLAB Middleware Laboratory Sapienza Università di Roma Dipartimento di Informatica e Sistemistica The case of the Financial Critical Infrastructure
Middleware Laboratory MIDLAB The case of Collaborative Cyber Security in Financial Ecosystem "webification" of critical financial services, such as home banking, online trading, remote payments; Cross-domain interactions, spanning different organization boundaries are in place in financial contexts; Heterogeneous infrastructure systems such as telecommunication supply, banking, and credit card companies working on heterogeneous data; Roberto Baldoni
Middleware Laboratory MIDLAB The case of Collaborative Cyber Security in Financial Ecosystem A payment card fraud (2008) 100 compromised payment cards used by a network of coordinated attackers retrieving cash from 130 different ATMs in 49 countries worldwide, totaling 9 million of US dollars. High degree of coordination, half an hour to be executed evade all the local monitoring techniques used for detecting anomalies in payment card usage patterns. The fraud has been detected only later, after aggregating all the information gathered locally by each financial institution involved in the payment card scam Roberto Baldoni
Middleware Laboratory MIDLAB The case of Collaborative Cyber Security in Financial Ecosystem Distributed Denial Of Service Attack (2007, Northern Europe) render web-based financial services unreachable from legitimate users. DDoS attack targeted a credit card company and two DNS. Internet restored only after several trial-and-error activities carried out manually by network administrators of the attacked systems and of their Internet Service Providers (ISPs). Long preparation time (days), short attack time (seconds) Roberto Baldoni
Middleware Laboratory MIDLAB Economicsof a DDOS ,[object Object]
Use of Botnets (rented now with a credit card in a few minutes)
Three examples of DDOS campaign in Cyberwarfare:
Estonia 2007
Georgia 2008
Iran (in progress!). Stuxnet worm invaded Iran’s Supervisory Control and Data Acquisition systemsMcAfee report 2010 “in the crossfire: criticalinfrastructures in the ageof cyber war “ Roberto Baldoni
Middleware Laboratory MIDLAB Economicsof a DDOS ,[object Object]
damage to reputation
loss of personal information about customers
one out of five DDos attacks is accompanied with an extorsionMcAfee report 2010 “in the crossfire: criticalinfrastructures in the ageof cyber war “ Roberto Baldoni
Middleware Laboratory MIDLAB The case of Collaborative Cyber Security in Financial Ecosystem Both previous attacks cannot be detected quickly through information available at the IT infrastructure of a single financial player (i.e., using local monitoring) Need of Information Sharing Exchange non-sensitive status information Set up of agreements Advantages of a global monitoring system Damage mitigation Quick reaction Roberto Baldoni
Middleware Laboratory MIDLAB Barriers to Collaboration ,[object Object]
Understanding the economics
Trust
Legal IssuesLLYODS France Telecom UBS Internet AT&T SWIFT Unicredit EDF Events warnings Roberto Baldoni
MIDLAB Middleware Laboratory Sapienza Università di Roma Dipartimento di Informatica e Sistemistica Collaborative event Processing for cyber security: The CoMiFin Project ApplicationLevel CollaborationLevel Internet level
Middleware Laboratory MIDLAB Collaborative Cyber Security Platform Monitoring and reaction to threats (MitM, Stealty Scan , Phishing, …) Black/white lists distribution (for credit reputation, trust level, …) Anti-terrorism lists (with name check VAS) Anti money laundering monitoring Risk management support Some Requirements on the platform uneven workload along the time High throughput high computational power Large storage capabilities Timeliness Roberto Baldoni
Middleware Laboratory MIDLAB ,[object Object]
set of processing and data sharing services provided by the SR along with the data protection, privacy, isolation, trust, security, dependability, performance requirements.
The contractalsocontainsthe hardware and software requirements a member has to provision in order to be admitted into the SR.
Objective
each SR has a specic strategic objective to meet (e.g, large-scale stealthy scans detection, detecting Man-In-The-Middle attacks)
Deployment
highly flexible to accommodate the use of different technologies for the implementation of the processing and sharing within the SR (i.e., the implementation of the SR logic or functionality).Roberto Baldoni The notion of semantic room
Middleware Laboratory MIDLAB The notion of semantic room: relationship with cloud computing ,[object Object]
Deploymentof the semanticroomthrough the federationofcomputing and storagecapabilities at eachmember
Eachmemberbrings a private cloudto federate

Empfohlen

The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...Konstantinos Demertzis
 
Risks and Security of Internet and System
Risks and Security of Internet and SystemRisks and Security of Internet and System
Risks and Security of Internet and SystemParam Nanavati
 
A Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud ComputingA Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud Computingijsrd.com
 
Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
 
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNishanth Gandhidoss
 
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...ijtsrd
 
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Drjabez
 
Security Solutions against Computer Networks Threats
Security Solutions against Computer Networks ThreatsSecurity Solutions against Computer Networks Threats
Security Solutions against Computer Networks ThreatsEswar Publications
 

Empfohlen

The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...Konstantinos Demertzis
 
Risks and Security of Internet and System
Risks and Security of Internet and SystemRisks and Security of Internet and System
Risks and Security of Internet and SystemParam Nanavati
 
A Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud ComputingA Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud Computingijsrd.com
 
Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
 
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNishanth Gandhidoss
 
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...ijtsrd
 
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Drjabez
 
Security Solutions against Computer Networks Threats
Security Solutions against Computer Networks ThreatsSecurity Solutions against Computer Networks Threats
Security Solutions against Computer Networks ThreatsEswar Publications
 
Web application firewall solution market
Web application firewall solution marketWeb application firewall solution market
Web application firewall solution marketSameerShaikh225
 
Cybersecurity Goes Mainstream
Cybersecurity Goes MainstreamCybersecurity Goes Mainstream
Cybersecurity Goes MainstreamRob Marson
 
Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...eSAT Publishing House
 
Intrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningIntrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningeSAT Journals
 
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Deepak Mishra
 
Unique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative SolutionsUnique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative SolutionsJuniper Networks
 
Retail
Retail Retail
Retail CMR WORLD TECH
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco Security
 
Insecure magazine - 52
Insecure magazine - 52Insecure magazine - 52
Insecure magazine - 52Felipe Prado
 
5 Cybersecurity threats in Public Sector
5 Cybersecurity threats in Public Sector5 Cybersecurity threats in Public Sector
5 Cybersecurity threats in Public SectorSeqrite
 
C018131821
C018131821C018131821
C018131821IOSR Journals
 
Survey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresSurvey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresIOSR Journals
 
Darktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalDarktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalCMR WORLD TECH
 
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging ThreatsLumension
 
Getting ahead of compromise
Getting ahead of compromiseGetting ahead of compromise
Getting ahead of compromiseCMR WORLD TECH
 
Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof SoodZsolt Nemeth
 
Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1newbie2019
 
The Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseThe Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseReadWrite
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data securityUlf Mattsson
 
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET Journal
 
Iot(security)
Iot(security)Iot(security)
Iot(security)Shreya Pohekar
 
Secure your Space: The Internet of Things
Secure your Space: The Internet of ThingsSecure your Space: The Internet of Things
Secure your Space: The Internet of ThingsThe Security of Things Forum
 

Weitere ähnliche Inhalte

Was ist angesagt?

Web application firewall solution market
Web application firewall solution marketWeb application firewall solution market
Web application firewall solution marketSameerShaikh225
 
Cybersecurity Goes Mainstream
Cybersecurity Goes MainstreamCybersecurity Goes Mainstream
Cybersecurity Goes MainstreamRob Marson
 
Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...eSAT Publishing House
 
Intrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningIntrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningeSAT Journals
 
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Deepak Mishra
 
Unique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative SolutionsUnique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative SolutionsJuniper Networks
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco Security
 
Insecure magazine - 52
Insecure magazine - 52Insecure magazine - 52
Insecure magazine - 52Felipe Prado
 
5 Cybersecurity threats in Public Sector
5 Cybersecurity threats in Public Sector5 Cybersecurity threats in Public Sector
5 Cybersecurity threats in Public SectorSeqrite
 
Survey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresSurvey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresIOSR Journals
 
Darktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalDarktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalCMR WORLD TECH
 
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging ThreatsLumension
 
Getting ahead of compromise
Getting ahead of compromiseGetting ahead of compromise
Getting ahead of compromiseCMR WORLD TECH
 
Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof SoodZsolt Nemeth
 
Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1newbie2019
 
The Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseThe Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseReadWrite
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data securityUlf Mattsson
 
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET Journal
 

Was ist angesagt? (20)

Web application firewall solution market
Web application firewall solution marketWeb application firewall solution market
Web application firewall solution market
 
Cybersecurity Goes Mainstream
Cybersecurity Goes MainstreamCybersecurity Goes Mainstream
Cybersecurity Goes Mainstream
 
Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...
 
Intrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningIntrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern mining
 
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
 
Unique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative SolutionsUnique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative Solutions
 
Retail
Retail Retail
Retail
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security Report
 
Insecure magazine - 52
Insecure magazine - 52Insecure magazine - 52
Insecure magazine - 52
 
5 Cybersecurity threats in Public Sector
5 Cybersecurity threats in Public Sector5 Cybersecurity threats in Public Sector
5 Cybersecurity threats in Public Sector
 
C018131821
C018131821C018131821
C018131821
 
Survey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresSurvey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive Measures
 
Darktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalDarktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digital
 
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats
 
Getting ahead of compromise
Getting ahead of compromiseGetting ahead of compromise
Getting ahead of compromise
 
Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof Sood
 
Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1
 
The Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseThe Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's Enterprise
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data security
 
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
 

Ähnlich wie AGILIS: An On-Line Map Reduce Environment for Collaborative Cyber Security

Banking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisBanking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisCSCJournals
 
20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threat20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threatLuc Beirens
 
Presentation on iot- Internet of Things
Presentation on iot- Internet of ThingsPresentation on iot- Internet of Things
Presentation on iot- Internet of ThingsJIGAR MAKHIJA
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security TechnologiesRuchikaSachdeva4
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...DefCamp
 
DDoS Attack Detection on Internet o Things using Unsupervised Algorithms
DDoS Attack Detection on Internet o Things using Unsupervised AlgorithmsDDoS Attack Detection on Internet o Things using Unsupervised Algorithms
DDoS Attack Detection on Internet o Things using Unsupervised Algorithmsijfls
 
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSDDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSijfls
 
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...ijccsa
 
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Amazon Web Services
 
A Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits AttackA Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits AttackCSCJournals
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Managementipspat
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest ResumeDhishant Abrol
 
Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Chema Alonso
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationKen Flott
 
IoT Network Attack Detection using Supervised Machine Learning
IoT Network Attack Detection using Supervised Machine LearningIoT Network Attack Detection using Supervised Machine Learning
IoT Network Attack Detection using Supervised Machine LearningCSCJournals
 

Ähnlich wie AGILIS: An On-Line Map Reduce Environment for Collaborative Cyber Security (20)

Iot(security)
Iot(security)Iot(security)
Iot(security)
 
Secure your Space: The Internet of Things
Secure your Space: The Internet of ThingsSecure your Space: The Internet of Things
Secure your Space: The Internet of Things
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business Ready
 
Banking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisBanking and Modern Payments System Security Analysis
Banking and Modern Payments System Security Analysis
 
20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threat20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threat
 
Presentation on iot- Internet of Things
Presentation on iot- Internet of ThingsPresentation on iot- Internet of Things
Presentation on iot- Internet of Things
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security Technologies
 
188
188188
188
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
 
DDoS Attack Detection on Internet o Things using Unsupervised Algorithms
DDoS Attack Detection on Internet o Things using Unsupervised AlgorithmsDDoS Attack Detection on Internet o Things using Unsupervised Algorithms
DDoS Attack Detection on Internet o Things using Unsupervised Algorithms
 
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSDDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
 
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
 
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
 
A Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits AttackA Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits Attack
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest Resume
 
Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 
IoT Network Attack Detection using Supervised Machine Learning
IoT Network Attack Detection using Supervised Machine LearningIoT Network Attack Detection using Supervised Machine Learning
IoT Network Attack Detection using Supervised Machine Learning
 

Mehr von Roberto Baldoni

Presentazione Italian Cybersecurity Report 2016: I controlli essenziali di si...
Presentazione Italian Cybersecurity Report 2016: I controlli essenziali di si...Presentazione Italian Cybersecurity Report 2016: I controlli essenziali di si...
Presentazione Italian Cybersecurity Report 2016: I controlli essenziali di si...Roberto Baldoni
 
2016FRAMEWORK NAZIONALEBALDONIXWEB
2016FRAMEWORK NAZIONALEBALDONIXWEB2016FRAMEWORK NAZIONALEBALDONIXWEB
2016FRAMEWORK NAZIONALEBALDONIXWEBRoberto Baldoni
 
Italian cyber security report 2014
Italian cyber security report 2014Italian cyber security report 2014
Italian cyber security report 2014Roberto Baldoni
 
Distributed Event Routing in Publish/Subscribe Systems
Distributed Event Routing in Publish/Subscribe SystemsDistributed Event Routing in Publish/Subscribe Systems
Distributed Event Routing in Publish/Subscribe SystemsRoberto Baldoni
 
Smart Houses: integrating SOA with Brain Computer Interfaces
Smart Houses: integrating SOA with Brain Computer InterfacesSmart Houses: integrating SOA with Brain Computer Interfaces
Smart Houses: integrating SOA with Brain Computer InterfacesRoberto Baldoni
 
Reliable Distributed Computing: The Price of Mastering Churn in Distributed S...
Reliable Distributed Computing: The Price of Mastering Churn in Distributed S...Reliable Distributed Computing: The Price of Mastering Churn in Distributed S...
Reliable Distributed Computing: The Price of Mastering Churn in Distributed S...Roberto Baldoni
 

Mehr von Roberto Baldoni (6)

Presentazione Italian Cybersecurity Report 2016: I controlli essenziali di si...
Presentazione Italian Cybersecurity Report 2016: I controlli essenziali di si...Presentazione Italian Cybersecurity Report 2016: I controlli essenziali di si...
Presentazione Italian Cybersecurity Report 2016: I controlli essenziali di si...
 
2016FRAMEWORK NAZIONALEBALDONIXWEB
2016FRAMEWORK NAZIONALEBALDONIXWEB2016FRAMEWORK NAZIONALEBALDONIXWEB
2016FRAMEWORK NAZIONALEBALDONIXWEB
 
Italian cyber security report 2014
Italian cyber security report 2014Italian cyber security report 2014
Italian cyber security report 2014
 
Distributed Event Routing in Publish/Subscribe Systems
Distributed Event Routing in Publish/Subscribe SystemsDistributed Event Routing in Publish/Subscribe Systems
Distributed Event Routing in Publish/Subscribe Systems
 
Smart Houses: integrating SOA with Brain Computer Interfaces
Smart Houses: integrating SOA with Brain Computer InterfacesSmart Houses: integrating SOA with Brain Computer Interfaces
Smart Houses: integrating SOA with Brain Computer Interfaces
 
Reliable Distributed Computing: The Price of Mastering Churn in Distributed S...
Reliable Distributed Computing: The Price of Mastering Churn in Distributed S...Reliable Distributed Computing: The Price of Mastering Churn in Distributed S...
Reliable Distributed Computing: The Price of Mastering Churn in Distributed S...
 

Kürzlich hochgeladen

Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Kürzlich hochgeladen (20)

Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

AGILIS: An On-Line Map Reduce Environment for Collaborative Cyber Security

  • 1. AGILIS: an on-line map reduce environmentfor collaborative security MIDLAB Middleware Laboratory Sapienza Università di Roma Dipartimento di Informatica e Sistemistica Roberto Baldoni UniversitàdegliStudidi Roma “La Sapienza” baldoni@dis.uniroma1.it, http://www.dis.uniroma1.it/~baldoni/ Prin Meeting - San Vito diCadore Joint Work with IBM Haifa in the contextofCoMiFin EU Project 14/2/2011
  • 2. Middleware Laboratory MIDLAB Focus and structure of the talk Requirements coming from the financial context; Collaborative event processing for Cyber Security Edge vs centralized event processing over the internet Agilis Esper Roberto Baldoni
  • 3. MIDLAB Middleware Laboratory Sapienza Università di Roma Dipartimento di Informatica e Sistemistica The case of the Financial Critical Infrastructure
  • 4. Middleware Laboratory MIDLAB The case of Collaborative Cyber Security in Financial Ecosystem "webification" of critical financial services, such as home banking, online trading, remote payments; Cross-domain interactions, spanning different organization boundaries are in place in financial contexts; Heterogeneous infrastructure systems such as telecommunication supply, banking, and credit card companies working on heterogeneous data; Roberto Baldoni
  • 5. Middleware Laboratory MIDLAB The case of Collaborative Cyber Security in Financial Ecosystem A payment card fraud (2008) 100 compromised payment cards used by a network of coordinated attackers retrieving cash from 130 different ATMs in 49 countries worldwide, totaling 9 million of US dollars. High degree of coordination, half an hour to be executed evade all the local monitoring techniques used for detecting anomalies in payment card usage patterns. The fraud has been detected only later, after aggregating all the information gathered locally by each financial institution involved in the payment card scam Roberto Baldoni
  • 6. Middleware Laboratory MIDLAB The case of Collaborative Cyber Security in Financial Ecosystem Distributed Denial Of Service Attack (2007, Northern Europe) render web-based financial services unreachable from legitimate users. DDoS attack targeted a credit card company and two DNS. Internet restored only after several trial-and-error activities carried out manually by network administrators of the attacked systems and of their Internet Service Providers (ISPs). Long preparation time (days), short attack time (seconds) Roberto Baldoni
  • 7.
  • 8. Use of Botnets (rented now with a credit card in a few minutes)
  • 9. Three examples of DDOS campaign in Cyberwarfare:
  • 12. Iran (in progress!). Stuxnet worm invaded Iran’s Supervisory Control and Data Acquisition systemsMcAfee report 2010 “in the crossfire: criticalinfrastructures in the ageof cyber war “ Roberto Baldoni
  • 13.
  • 15. loss of personal information about customers
  • 16. one out of five DDos attacks is accompanied with an extorsionMcAfee report 2010 “in the crossfire: criticalinfrastructures in the ageof cyber war “ Roberto Baldoni
  • 17. Middleware Laboratory MIDLAB The case of Collaborative Cyber Security in Financial Ecosystem Both previous attacks cannot be detected quickly through information available at the IT infrastructure of a single financial player (i.e., using local monitoring) Need of Information Sharing Exchange non-sensitive status information Set up of agreements Advantages of a global monitoring system Damage mitigation Quick reaction Roberto Baldoni
  • 18.
  • 20. Trust
  • 21. Legal IssuesLLYODS France Telecom UBS Internet AT&T SWIFT Unicredit EDF Events warnings Roberto Baldoni
  • 22. MIDLAB Middleware Laboratory Sapienza Università di Roma Dipartimento di Informatica e Sistemistica Collaborative event Processing for cyber security: The CoMiFin Project ApplicationLevel CollaborationLevel Internet level
  • 23. Middleware Laboratory MIDLAB Collaborative Cyber Security Platform Monitoring and reaction to threats (MitM, Stealty Scan , Phishing, …) Black/white lists distribution (for credit reputation, trust level, …) Anti-terrorism lists (with name check VAS) Anti money laundering monitoring Risk management support Some Requirements on the platform uneven workload along the time High throughput high computational power Large storage capabilities Timeliness Roberto Baldoni
  • 24.
  • 25. set of processing and data sharing services provided by the SR along with the data protection, privacy, isolation, trust, security, dependability, performance requirements.
  • 26. The contractalsocontainsthe hardware and software requirements a member has to provision in order to be admitted into the SR.
  • 28. each SR has a specic strategic objective to meet (e.g, large-scale stealthy scans detection, detecting Man-In-The-Middle attacks)
  • 30. highly flexible to accommodate the use of different technologies for the implementation of the processing and sharing within the SR (i.e., the implementation of the SR logic or functionality).Roberto Baldoni The notion of semantic room
  • 31.
  • 32. Deploymentof the semanticroomthrough the federationofcomputing and storagecapabilities at eachmember
  • 33. Eachmemberbrings a private cloudto federate
  • 35. Deploymentof the semanticroom on a third party cloud provider
  • 36. The third party ownsallcomputing and storagecapabilities
  • 37. HybridapproachApplication Level Collaboration Level Internet Level Roberto Baldoni
  • 38. Middleware Laboratory MIDLAB Data Management problems in the semantic room Jurisdiction and regulation (Where and how will data be governed?) Ownership of Data (Who owns the data in the semantic room?) Data Portability Data anonymization Data Retention/Permanence (What happens to data over time?) Security and Privacy (How is data secure and protected?) Reliability, Liability and Quality of Service of the partner of the semantic room Government Surveillance (How much data can the government get from a semantic room?) …………………. Roberto Baldoni
  • 39. Middleware Laboratory MIDLAB contract A specific collaborative platform: CoMiFin Architecture Roberto Baldoni
  • 40. Middleware Laboratory MIDLAB IBM System S [ICDCS 06] high cost of ownership Centralized data management No cooperative approach Cooperative Intrusion Detection Systems (e.g. Dshiels) Correlation among local warnings High cost of ownership Obscure data management Related work Roberto Baldoni
  • 41. MIDLAB Middleware Laboratory Sapienza Università di Roma Dipartimento di Informatica e Sistemistica Preventing Stealthy Scan Through centralized processing ApplicationLevel CollaborationLevel Internet level
  • 42. Middleware Laboratory MIDLAB Collaborative Stealthy scan Attacker performs port scanning simultaneously at multiple sites trying to identify TCP/UDP ports that have been left open. Those ports can then be used as the attack vectors Added value of collaboration: Ability to identify an attacker trying to conceal his/her activity by accessing only a small number of ports within each individual domain Action taken: black list IP addresses update historical records Roberto Baldoni
  • 43.
  • 44. Originating from a particular source IP address, and
  • 45.
  • 46. Use of real trace (e.g., ITOC US Army) Roberto Baldoni
  • 47.
  • 48. Analyze the sequence of SYN, ACK, RST packets in the three-way TCP handshake. Specifically, in normal activities the following sequence is verified (i) SYN, (ii) SYN-ACK, (iii) ACK.
  • 49. In the presence of a SYN port scan, the connection looks like the following: (i) SYN, (ii) SYN-ACK, (iii) RST (or nothing)
  • 50. For a given IP address, if the number of incomplete connections is higher than a certain threshold T, we can conclude that the IP address is likely carrying out malicious port scanning activities. Roberto Baldoni
  • 51.
  • 52. Example of semantic room for stealthy scan: Ingredients EPL Query EPL Query EPL Query EPL Query EPL Query Subscriber Middleware Laboratory MIDLAB Branch j Branch 1 Esper CEP Engine Gateway POJOs I/O socket I/O socket adapter Input Streams sniffer Main Engine ... Output Streams Branch N POJOs Gateway I/O socket suspected IPs adapter Scanner list sniffer Roberto Baldoni
  • 53. Middleware Laboratory MIDLAB Example of semantic room for stealthy scan: Ingredients Roberto Baldoni
  • 54.
  • 56. MIDLAB Middleware Laboratory Sapienza Università di Roma Dipartimento di Informatica e Sistemistica Preventing Stealthy Scan through edge processing ApplicationLevel CollaborationLevel Internet level
  • 57.
  • 58. High-level language for processing logic: Jaql (SQL-like, supports flows)
  • 60. Distributed file system for long-term storage: HDFS
  • 61. Agilis consists of a distributed network of processing and storage elements hosted on a cluster of machines (also geographycally dispersed) Roberto Baldoni
  • 62. Middleware Laboratory MIDLAB Data Dissemination: Agilis Re-define InputFormat, OutputFormat TaskTracker TaskTracker Job Tracker Jaql query HDFS Adapter WXS Adapter Map-Reduce (Hadoop) Jaql Interpreter Gateway TaskTracker Cat 1 Cat 2 Distributed In-Memory Store (WXS) Storage container AGILIS Jaql Adapter Storage container Distributed File System (HDFS) Roberto Baldoni
  • 63. Middleware Laboratory MIDLAB Example of semantic room for stealthy scan: architecture Roberto Baldoni
  • 64. Middleware Laboratory MIDLAB Collaborative Stealthy scan detection with Agilis Detection ofstealtyscan Roberto Baldoni
  • 65. Middleware Laboratory MIDLAB Demo: Done at Haifa IBM Research LAB (2009) Simple and homemade attacks artificial traces Simple stealty scan detection algorithm 8 Linux Machines on a LAN, each of which with 2GB of RAM and 20GB of disk space One machine was hosting all the management processes (JT, XS Catalogue) Each of the remaining 7 hosts modeled a single SR participant DMZ web server under attack TT and XS data server Scenarios: Single intruding host that generated a series of TCP/SYN requests targeting a fixed set of 300 unique ports on each the 7 attacked servers requests injected at constant rate of 10, 20, and 30 req/server/sec ratio of attack to legitimate traffic 1:5 blacklisting threshold: 20,000 requests and 1000 unique port processing window: 4 minutes Results: No overload Detection latency 700 sec, 430 sec, 330 sec Roberto Baldoni
  • 66.
  • 67. Real TCP dumpsJoint work with Giorgia Lodi and Leonardo Aniello Roberto Baldoni
  • 68.