large grain internet traffic analysis n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Large Grain Internet Traffic Analysis PowerPoint Presentation
Download Presentation
Large Grain Internet Traffic Analysis

Loading in 2 Seconds...

play fullscreen
1 / 15

Large Grain Internet Traffic Analysis - PowerPoint PPT Presentation


  • 100 Views
  • Uploaded on

Large Grain Internet Traffic Analysis. Definition/Clarification. Looking at internet traffic for a huge network (like the entire Internet) Focusing on the big picture of the traffic. There are too many packets to analyze like on a small network. Reasoning.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Large Grain Internet Traffic Analysis' - keagan


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
definition clarification
Definition/Clarification

Looking at internet traffic for a huge network (like the entire Internet)

Focusing on the big picture of the traffic. There are too many packets to analyze like on a small network.

reasoning
Reasoning
  • Understanding the layout of a network shows important “core” nodes to attack/defend.
  • Attacks on part of a large network are likely to be performed on another part of the network. This can help focus protective measures.
  • Larger data sets can lead to better predictions for future attacks.
  • Improve the quality of routers
how do you analyze a giant network
How do you Analyze a giant network?
  • Two primary techniques
  • Botnet Technique
    • A large set of users monitor a subset of the network.
    • Combine that data to create a dataset for the network.
  • Begging Technique
    • ISPs have network data for their networks.
    • Ask for their data (or sanitized versions of it).
techniques
Techniques

Flow Analyzers (Flowscan)

  • Use protocols and usage analysis to detect attacks
  • Information is taken from the router and the analysis is done offline.

Traffic Volume Analyzers

  • Detect Threats in real time by checking for abnormal amounts of traffic.

NetViewer (not that popular)

  • Visualizes header data by size, destination, byte count, flow count, etc.
  • Uses visual analysis like scene change analysis and motion prediction

Darknets

who does the analysis
Who does the analysis?

Attackers

  • Find important nodes, weakened nodes.
  • Takes a lot of resources to monitor a big network.

Students/Researchers

  • Huge data sets to be used to support their claims.
  • Projects can be shown to have a large effect if implemented.
  • Fun projects (map the entire Internet)

Defenders

  • Identify Attackers and Attack Types
  • Increase network stability
mapping the internet
Mapping the internet
  • Several Internet mapping projects out there.
  • The Opte project (next slide: 2005)
  • Started with a single computer approach and could scan the entire Internet in a day.
  • Now uses a distributed approach, a slower scan produces a better image so it still takes a while but has a better picture.
  • Not really that useful, just cool.

http://opte.org/maps/

Img Source:http://blyon.com/blyon-cdn/opte/maps/static/1069646562.LGL.2D.700x700.png

slide13
If they currently have tools that monitor for hijacking of their routes or thosebelonging to their customers
atlas
Atlas
  • http://atlas.arbor.net/
  • Arbor is a security company that works for many different ISPs around the globe.
  • Atlas is a traffic analysis service using data from those ISPs.
  • While the consumer gets the majority of information (specific attacks and payloads), there is still some information online.