110 likes | 131 Vues
Volunteer-based Monitoring System. Min Gyung Kang KAIST. Overview. Emergence of new security threats Worms and viruses Need for global monitoring infrastructure. Overview. Global Network Monitoring Infrastructure DShield
E N D
Volunteer-based Monitoring System Min Gyung Kang KAIST
Overview • Emergence of new security threats • Worms and viruses • Need for global monitoring infrastructure
Overview • Global Network Monitoring Infrastructure • DShield • collects firewall logs to generate blacklist of attackers trying to perform port scans • DOMINO • an architecture for distributed intrusion detection • P2P overlay of axis nodes and sets of volunteers • DIMES and NETI@home • research projects for gathering topology and traffic statistics data of the Internet
Overview • Volunteer-based Monitoring System
Challenges • Luring Participants • the most essential and difficult • reward for participation • Timeliness of Feedback • fast propagation speed of malware
Challenges (cont’d) • Scalability • load balancing issues: • a large number of volunteers • input data to servers • Robustness of Architecture • robust against: • External attacks • System failure or maintenance downtime
Challenges (cont’d) • Accuracy of Feedback • problem of frequent false alarms
VMS Prototype • Agent (v0.1) • using raw socket interface on MS .NET • collecting flow information (srcIP, srcPort, dstIP, dstPort, procesName, numBytes, numPkts) • transmitting log files to the alarm center
VMS Prototype • Alarm Center • single deployment • providing simple statistics based on volunteers’ flow info
Future Work • Distributed Alarm Center Design • Scalability and Robustness • P2P overlay vs. pure hierarchy • PlanetLab as a Test Bed • Agent Improvement • simple and robust architecture • automatic update
Future Work • Standardization • log file format • communication protocol