SlideShare ist ein Scribd-Unternehmen logo

Thesis proposal

Als PPTX, PDF herunterladen
S
sharma_puneet
Bildung
1 von 13
A multilayer framework proposal to catch data exfiltration Puneet Sharma
Agenda  Introduction to the problem  What is data exfiltration?  Why is it more difficult to catch than regular network based intrusions?  Hardware based Trojans  Huawei case  Greek phone tapping case  Software based trojans  Rootkits  Proposed approach  Multiple stacks/layered detection  Parameters to watch  Challenges
What is data exfiltration?  Unauthorized extraction of data from a system  Can be locally or remotely initiated  Is hard to catch because:  May leave no fingerprint  Insider attack  Can go at great lengths to hide itself using kernel level device drivers
Hardware based trojans  Use cases:  Huawei case  Greek phone tapping case  Special challenges in catching HW Trojans  Special circuits with an extremely small footprint  Most come shipped with their own software  Most circuit based testing methods too expensive and impractical to check for each possible circuit flow
Rootkits and other Trojans  Device driver way to get in  Kernel mode access  Can hide processes  Can auto run on restart  Stuxnet: the most famous example
Multi layered approach • Hidden processes • New hardware insertion event Application layer • New device driver registration • Change in outgoing packet patterns Network layer • Connection to an unknown address • Change in the power consumption patterns • Change in the instruction set patterns Hardware layer
Justification for a multi stacked solution  No such thing as the perfect defense  Idea is to make it really hard for the attacker to avoid detection  Certain techniques on the network and application layer are state of the art, just never used together  Sophisticated hardware Trojans not just sections of mala fide circuits, but come with their own custom software
Parameters to monitor  New Hardware detection  New device driver registration  Sudden increase in packet size going out  Type of data going out  Key file hashes being changed
Parameters to monitor  Memory traces  CPU utilization  Hidden processes  Power pattern changes  Instruction set pattern changes
Relevance of parameters matrix Parameter/Alar Ways to monitor reliable reliable reliable m on its with a few with many own? other other alarms? alarms? New hardware lsusb, udevd, No Yes Yes detection udevadm, lshw New device Lspci, lsmod, No Yes Yes driver detection modprobe Increase in Wire shark, tcpdump No Yes Yes outgoing packet size Change in type Wireshark, tcpdump No No Yes of data going out Change in file tripwire No Yes Yes hashes
Relevance of parameters matrix Parameter/Alar Ways to monitor reliable reliable reliable m on its with a with many own? few other other alarms? alarms? Memory traces /proc file system No No Yes CPU utilization mpstat, top, sysstat No No Yes Hidden unhide, proc/exe Yes Yes Yes processes Power pattern Yes Yes Yes changes Instruction set Yes Yes Yes changes
Challenges  Most Metasploit exploits on windows  Exploits to test all alarms/parameters  Creating a hardware exploit which involves minimum user interaction  Detecting the system parameters on windows
Thank you

Empfohlen

Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N Nessus
Utkarsh Verma
 
JPJ1432 Automatic Test Packet Generation
JPJ1432 Automatic Test Packet GenerationJPJ1432 Automatic Test Packet Generation
JPJ1432 Automatic Test Packet Generation
chennaijp
 
Packet capturing
Packet capturingPacket capturing
Packet capturing
PankajSingh1035
 
Packet sniffing
Packet sniffingPacket sniffing
Packet sniffing
Tanmay 'Unsinkable'
 
IEEE 2014 JAVA NETWORKING PROJECTS Automatic test packet generation
IEEE 2014 JAVA NETWORKING PROJECTS Automatic test packet generationIEEE 2014 JAVA NETWORKING PROJECTS Automatic test packet generation
IEEE 2014 JAVA NETWORKING PROJECTS Automatic test packet generation
IEEEGLOBALSOFTSTUDENTPROJECTS
 
Firewall Penetration Testing
Firewall Penetration TestingFirewall Penetration Testing
Firewall Penetration Testing
Chirag Jain
 
Data Mining and Intrusion Detection
Data Mining and Intrusion Detection Data Mining and Intrusion Detection
Data Mining and Intrusion Detection
amiable_indian
 
automatic test packet generation
automatic test packet generationautomatic test packet generation
automatic test packet generation
swathi78
 

Empfohlen

Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N Nessus
Utkarsh Verma
 
JPJ1432 Automatic Test Packet Generation
JPJ1432 Automatic Test Packet GenerationJPJ1432 Automatic Test Packet Generation
JPJ1432 Automatic Test Packet Generation
chennaijp
 
Packet capturing
Packet capturingPacket capturing
Packet capturing
PankajSingh1035
 
Packet sniffing
Packet sniffingPacket sniffing
Packet sniffing
Tanmay 'Unsinkable'
 
IEEE 2014 JAVA NETWORKING PROJECTS Automatic test packet generation
IEEE 2014 JAVA NETWORKING PROJECTS Automatic test packet generationIEEE 2014 JAVA NETWORKING PROJECTS Automatic test packet generation
IEEE 2014 JAVA NETWORKING PROJECTS Automatic test packet generation
IEEEGLOBALSOFTSTUDENTPROJECTS
 
Firewall Penetration Testing
Firewall Penetration TestingFirewall Penetration Testing
Firewall Penetration Testing
Chirag Jain
 
Data Mining and Intrusion Detection
Data Mining and Intrusion Detection Data Mining and Intrusion Detection
Data Mining and Intrusion Detection
amiable_indian
 
automatic test packet generation
automatic test packet generationautomatic test packet generation
automatic test packet generation
swathi78
 
Application of machine learning and cognitive computing in intrusion detectio...
Application of machine learning and cognitive computing in intrusion detectio...Application of machine learning and cognitive computing in intrusion detectio...
Application of machine learning and cognitive computing in intrusion detectio...
Mahdi Hosseini Moghaddam
 
ATPG flow chart
ATPG flow chart ATPG flow chart
ATPG flow chart
Minh Anh Nguyen
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
n|u - The Open Security Community
 
Automatic test packet generation
Automatic test packet generationAutomatic test packet generation
Automatic test packet generation
tusharjadhav2611
 
Firewalls
FirewallsFirewalls
Firewalls
Sonali Parab
 
Intrusion Detection
Intrusion DetectionIntrusion Detection
Intrusion Detection
Gregory Hanis
 
Wireshark network analysing software
Wireshark network analysing softwareWireshark network analysing software
Wireshark network analysing software
dharmesh nakum
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
Programmer
 
Network monotoring
Network monotoringNetwork monotoring
Network monotoring
Programmer
 
Intrusion Detection
Intrusion DetectionIntrusion Detection
Intrusion Detection
butest
 
Packet Sniffer
Packet Sniffer Packet Sniffer
Packet Sniffer
vilss
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection tools
vishalgohel12195
 
Snort
SnortSnort
Snort
Rahul Jain
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection Systems
Omar Shaya
 
Windows 7 firewall & its configuration
Windows 7 firewall & its configurationWindows 7 firewall & its configuration
Windows 7 firewall & its configuration
Soban Ahmad
 
Practical real-time intrusion detection using machine learning approaches
Practical real-time intrusion detection using machine learning approachesPractical real-time intrusion detection using machine learning approaches
Practical real-time intrusion detection using machine learning approaches
Full Stack Developer at Electro Mizan Andisheh
 
Network based file carving
Network based file carvingNetwork based file carving
Network based file carving
GTKlondike
 
Nmap & Network sniffing
Nmap & Network sniffingNmap & Network sniffing
Nmap & Network sniffing
Mukul Sahu
 
Wireshark
WiresharkWireshark
Wireshark
Deris Stiawan
 
How to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall AuditHow to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall Audit
keyuradmin
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshell
Yahia Kandeel
 
Firewalls-Intro
Firewalls-IntroFirewalls-Intro
Firewalls-Intro
Aparna Bulusu
 

Weitere ähnliche Inhalte

Was ist angesagt?

Intrusion Detection
Intrusion DetectionIntrusion Detection
Intrusion Detection
butest
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection Systems
Omar Shaya
 
Practical real-time intrusion detection using machine learning approaches
Practical real-time intrusion detection using machine learning approachesPractical real-time intrusion detection using machine learning approaches
Practical real-time intrusion detection using machine learning approaches
Full Stack Developer at Electro Mizan Andisheh
 
Network based file carving
Network based file carvingNetwork based file carving
Network based file carving
GTKlondike
 
How to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall AuditHow to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall Audit
keyuradmin
 

Was ist angesagt? (20)

Application of machine learning and cognitive computing in intrusion detectio...
Application of machine learning and cognitive computing in intrusion detectio...Application of machine learning and cognitive computing in intrusion detectio...
Application of machine learning and cognitive computing in intrusion detectio...
 
ATPG flow chart
ATPG flow chart ATPG flow chart
ATPG flow chart
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
 
Automatic test packet generation
Automatic test packet generationAutomatic test packet generation
Automatic test packet generation
 
Firewalls
FirewallsFirewalls
Firewalls
 
Intrusion Detection
Intrusion DetectionIntrusion Detection
Intrusion Detection
 
Wireshark network analysing software
Wireshark network analysing softwareWireshark network analysing software
Wireshark network analysing software
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Network monotoring
Network monotoringNetwork monotoring
Network monotoring
 
Intrusion Detection
Intrusion DetectionIntrusion Detection
Intrusion Detection
 
Packet Sniffer
Packet Sniffer Packet Sniffer
Packet Sniffer
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection tools
 
Snort
SnortSnort
Snort
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection Systems
 
Windows 7 firewall & its configuration
Windows 7 firewall & its configurationWindows 7 firewall & its configuration
Windows 7 firewall & its configuration
 
Practical real-time intrusion detection using machine learning approaches
Practical real-time intrusion detection using machine learning approachesPractical real-time intrusion detection using machine learning approaches
Practical real-time intrusion detection using machine learning approaches
 
Network based file carving
Network based file carvingNetwork based file carving
Network based file carving
 
Nmap & Network sniffing
Nmap & Network sniffingNmap & Network sniffing
Nmap & Network sniffing
 
Wireshark
WiresharkWireshark
Wireshark
 
How to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall AuditHow to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall Audit
 

Ähnlich wie Thesis proposal

6.Resource Exhaustion
6.Resource Exhaustion6.Resource Exhaustion
6.Resource Exhaustion
phanleson
 
Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...
Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...
Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...
Brian Brazil
 
Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?
Dmitry Evteev
 
Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)
Tim Wright
 
Gigamon Systems
Gigamon SystemsGigamon Systems
Gigamon Systems
gigamon
 
Distributed Systems: scalability and high availability
Distributed Systems: scalability and high availabilityDistributed Systems: scalability and high availability
Distributed Systems: scalability and high availability
Renato Lucindo
 
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
centralohioissa
 

Ähnlich wie Thesis proposal (20)

Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshell
 
Firewalls-Intro
Firewalls-IntroFirewalls-Intro
Firewalls-Intro
 
Real World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleReal World Application Threat Modelling By Example
Real World Application Threat Modelling By Example
 
Day4
Day4Day4
Day4
 
6.Resource Exhaustion
6.Resource Exhaustion6.Resource Exhaustion
6.Resource Exhaustion
 
Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...
Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...
Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...
 
Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?
 
Creating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case studyCreating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case study
 
Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)
 
Low cost multi-sensor IDS system
Low cost multi-sensor IDS systemLow cost multi-sensor IDS system
Low cost multi-sensor IDS system
 
Tech 101: Understanding Firewalls
Tech 101: Understanding FirewallsTech 101: Understanding Firewalls
Tech 101: Understanding Firewalls
 
Enchaning system effiency through process scanning
Enchaning system effiency through process scanningEnchaning system effiency through process scanning
Enchaning system effiency through process scanning
 
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure InfrastructuresPLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
 
Gigamon Systems
Gigamon SystemsGigamon Systems
Gigamon Systems
 
Thinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionThinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and Prevention
 
Distributed Systems: scalability and high availability
Distributed Systems: scalability and high availabilityDistributed Systems: scalability and high availability
Distributed Systems: scalability and high availability
 
Cartographer, or Building A Next Generation Management Framework
Cartographer, or Building A Next Generation Management FrameworkCartographer, or Building A Next Generation Management Framework
Cartographer, or Building A Next Generation Management Framework
 
Co se skrývá v datovém provozu? - Pavel Minařík
Co se skrývá v datovém provozu? - Pavel MinaříkCo se skrývá v datovém provozu? - Pavel Minařík
Co se skrývá v datovém provozu? - Pavel Minařík
 
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
 
Backtrack Manual Part8
Backtrack Manual Part8Backtrack Manual Part8
Backtrack Manual Part8
 

Kürzlich hochgeladen

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 

Kürzlich hochgeladen (20)

Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 

Thesis proposal

  • 1. A multilayer framework proposal to catch data exfiltration Puneet Sharma
  • 2. Agenda  Introduction to the problem  What is data exfiltration?  Why is it more difficult to catch than regular network based intrusions?  Hardware based Trojans  Huawei case  Greek phone tapping case  Software based trojans  Rootkits  Proposed approach  Multiple stacks/layered detection  Parameters to watch  Challenges
  • 3. What is data exfiltration?  Unauthorized extraction of data from a system  Can be locally or remotely initiated  Is hard to catch because:  May leave no fingerprint  Insider attack  Can go at great lengths to hide itself using kernel level device drivers
  • 4. Hardware based trojans  Use cases:  Huawei case  Greek phone tapping case  Special challenges in catching HW Trojans  Special circuits with an extremely small footprint  Most come shipped with their own software  Most circuit based testing methods too expensive and impractical to check for each possible circuit flow
  • 5. Rootkits and other Trojans  Device driver way to get in  Kernel mode access  Can hide processes  Can auto run on restart  Stuxnet: the most famous example
  • 6. Multi layered approach • Hidden processes • New hardware insertion event Application layer • New device driver registration • Change in outgoing packet patterns Network layer • Connection to an unknown address • Change in the power consumption patterns • Change in the instruction set patterns Hardware layer
  • 7. Justification for a multi stacked solution  No such thing as the perfect defense  Idea is to make it really hard for the attacker to avoid detection  Certain techniques on the network and application layer are state of the art, just never used together  Sophisticated hardware Trojans not just sections of mala fide circuits, but come with their own custom software
  • 8. Parameters to monitor  New Hardware detection  New device driver registration  Sudden increase in packet size going out  Type of data going out  Key file hashes being changed
  • 9. Parameters to monitor  Memory traces  CPU utilization  Hidden processes  Power pattern changes  Instruction set pattern changes
  • 10. Relevance of parameters matrix Parameter/Alar Ways to monitor reliable reliable reliable m on its with a few with many own? other other alarms? alarms? New hardware lsusb, udevd, No Yes Yes detection udevadm, lshw New device Lspci, lsmod, No Yes Yes driver detection modprobe Increase in Wire shark, tcpdump No Yes Yes outgoing packet size Change in type Wireshark, tcpdump No No Yes of data going out Change in file tripwire No Yes Yes hashes
  • 11. Relevance of parameters matrix Parameter/Alar Ways to monitor reliable reliable reliable m on its with a with many own? few other other alarms? alarms? Memory traces /proc file system No No Yes CPU utilization mpstat, top, sysstat No No Yes Hidden unhide, proc/exe Yes Yes Yes processes Power pattern Yes Yes Yes changes Instruction set Yes Yes Yes changes
  • 12. Challenges  Most Metasploit exploits on windows  Exploits to test all alarms/parameters  Creating a hardware exploit which involves minimum user interaction  Detecting the system parameters on windows