1 / 6

Questions on “Data Reduction for the Scalable Automated Analysis of Distributed Darknet Traffic”

Questions on “Data Reduction for the Scalable Automated Analysis of Distributed Darknet Traffic”. Yao Zhao. Hybrid Architecture. IMS + HMS IMS Proxy back to HMS Detectable by delay. Filtering with First Payload. Only use hash of the payload

hyatt-booker
Download Presentation

Questions on “Data Reduction for the Scalable Automated Analysis of Distributed Darknet Traffic”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Questions on “Data Reduction for the Scalable Automated Analysis of Distributed Darknet Traffic” Yao Zhao

  2. Hybrid Architecture • IMS + HMS • IMS Proxy back to HMS • Detectable by delay

  3. Filtering with First Payload • Only use hash of the payload • A little bit change in the first payload will escape • Polymorphic worms

  4. Collaboration Works? • The IDS collaboration paper tells that collaboration helps much • This paper tries to say collaboration of darknet doesn’t make much sense.

  5. Duration of Event • Figure 8 • Obtained from one honeypot host • Heavy tail? • Long durations • A single /17 darknet block need to handle from 40,000 to 200,000 simultaneous connections • But session <> infection session

  6. Different Scale of Darknets

More Related