1 / 15

Large Grain Internet Traffic Analysis

Large Grain Internet Traffic Analysis. Definition/Clarification. Looking at internet traffic for a huge network (like the entire Internet) Focusing on the big picture of the traffic. There are too many packets to analyze like on a small network. Reasoning.

keagan
Download Presentation

Large Grain Internet Traffic Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Large Grain Internet Traffic Analysis

  2. Definition/Clarification Looking at internet traffic for a huge network (like the entire Internet) Focusing on the big picture of the traffic. There are too many packets to analyze like on a small network.

  3. Reasoning • Understanding the layout of a network shows important “core” nodes to attack/defend. • Attacks on part of a large network are likely to be performed on another part of the network. This can help focus protective measures. • Larger data sets can lead to better predictions for future attacks. • Improve the quality of routers

  4. How do you Analyze a giant network? • Two primary techniques • Botnet Technique • A large set of users monitor a subset of the network. • Combine that data to create a dataset for the network. • Begging Technique • ISPs have network data for their networks. • Ask for their data (or sanitized versions of it).

  5. Techniques Flow Analyzers (Flowscan) • Use protocols and usage analysis to detect attacks • Information is taken from the router and the analysis is done offline. Traffic Volume Analyzers • Detect Threats in real time by checking for abnormal amounts of traffic. NetViewer (not that popular) • Visualizes header data by size, destination, byte count, flow count, etc. • Uses visual analysis like scene change analysis and motion prediction Darknets

  6. http://www.caida.org/tools/utilities/flowscan/analysis.xml

  7. http://www.arbornetworks.com/research.html

  8. Who does the analysis? Attackers • Find important nodes, weakened nodes. • Takes a lot of resources to monitor a big network. Students/Researchers • Huge data sets to be used to support their claims. • Projects can be shown to have a large effect if implemented. • Fun projects (map the entire Internet) Defenders • Identify Attackers and Attack Types • Increase network stability

  9. Applications

  10. Mapping the internet • Several Internet mapping projects out there. • The Opte project (next slide: 2005) • Started with a single computer approach and could scan the entire Internet in a day. • Now uses a distributed approach, a slower scan produces a better image so it still takes a while but has a better picture. • Not really that useful, just cool. http://opte.org/maps/ Img Source:http://blyon.com/blyon-cdn/opte/maps/static/1069646562.LGL.2D.700x700.png

  11. Analysis from several ISPs (2009)

  12. If they currently have tools that monitor for hijacking of their routes or thosebelonging to their customers

  13. Atlas • http://atlas.arbor.net/ • Arbor is a security company that works for many different ISPs around the globe. • Atlas is a traffic analysis service using data from those ISPs. • While the consumer gets the majority of information (specific attacks and payloads), there is still some information online.

  14. Questions?

More Related