1 / 11

Volunteer-based Monitoring System

Volunteer-based Monitoring System. Min Gyung Kang KAIST. Overview. Emergence of new security threats Worms and viruses Need for global monitoring infrastructure. Overview. Global Network Monitoring Infrastructure DShield

lhughes
Télécharger la présentation

Volunteer-based Monitoring System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Volunteer-based Monitoring System Min Gyung Kang KAIST

  2. Overview • Emergence of new security threats • Worms and viruses • Need for global monitoring infrastructure

  3. Overview • Global Network Monitoring Infrastructure • DShield • collects firewall logs to generate blacklist of attackers trying to perform port scans • DOMINO • an architecture for distributed intrusion detection • P2P overlay of axis nodes and sets of volunteers • DIMES and NETI@home • research projects for gathering topology and traffic statistics data of the Internet

  4. Overview • Volunteer-based Monitoring System

  5. Challenges • Luring Participants • the most essential and difficult • reward for participation • Timeliness of Feedback • fast propagation speed of malware

  6. Challenges (cont’d) • Scalability • load balancing issues: • a large number of volunteers • input data to servers • Robustness of Architecture • robust against: • External attacks • System failure or maintenance downtime

  7. Challenges (cont’d) • Accuracy of Feedback • problem of frequent false alarms

  8. VMS Prototype • Agent (v0.1) • using raw socket interface on MS .NET • collecting flow information (srcIP, srcPort, dstIP, dstPort, procesName, numBytes, numPkts) • transmitting log files to the alarm center

  9. VMS Prototype • Alarm Center • single deployment • providing simple statistics based on volunteers’ flow info

  10. Future Work • Distributed Alarm Center Design • Scalability and Robustness • P2P overlay vs. pure hierarchy • PlanetLab as a Test Bed • Agent Improvement • simple and robust architecture • automatic update

  11. Future Work • Standardization • log file format • communication protocol

More Related