Attack Session Extraction and Replay from Real Traffic - PowerPoint PPT Presentation

1 / 1
About This Presentation
Title:

Attack Session Extraction and Replay from Real Traffic

Description:

One kind of the VA tools sends the data traffic to request the system services ... In fact, the real attacks are difficult to find out. ... – PowerPoint PPT presentation

Number of Views:30
Avg rating:3.0/5.0
Slides: 2
Provided by: pachin
Category:

less

Transcript and Presenter's Notes

Title: Attack Session Extraction and Replay from Real Traffic


1
Attack Session Extraction and Replay from Real
Traffic
Advisor Ying-Dar Lin???????
Student Chi-Chung Lo?????
Abstract
The tools of vulnerability assessment (VA) can
be used to check the system security. One kind of
the VA tools sends the data traffic to request
the system services and waits the responses of
the services. Analyzing the responses of the
service, the VA tool can find out the
vulnerability of the system. However, this tool
can not totally find out the real vulnerability
of the system since the systems maybe not
intruded when attacking by VA. Therefore, we need
to use the real attacks to test the system
vulnerability. In fact, the real attacks are
difficult to find out. Therefore, this work
proposes an attack session extraction system,
which has the three key points. First, the attack
session extraction system replays the recorded
traffic to IDP products and is got alarm logs.
Second, the attack session extraction system
finds out the critical packets which are made
alarm by the IDP products according to the alarm
logs. The first two points of the attack session
extraction system can find out the same network
features of packets and merge with a set as a
connection of network attacks. However, a network
attack maybe have many attackers or single
attacker but multi connections. Therefore, this
work analyzed the attacks and designed the third
key point. The third key point is using the
packet payload similarity to find out the attacks
that have the multi attackers. The 83 of the
extracted attacks have low variation. The 71 of
the low variation attacks can be verified as
completeness and purity. By the help of attack
session extraction, this work can extract the
complete attacks and also use the extracted
attacks to compare the different between the VA
tools and real attacks
Attack session extraction system
  • Key ideas of attack session extraction system
  • Record and Replay the network traffic to IDP
    products
  • Find out the anchor packet by IDP logs
  • Associating packets to the connection by anchor
    packet
  • Payload similarity for DDoS session association
  • Variation comparison for multi-connections
    session association
  • Key results of attack session extraction system
  • 83 extracted attacks have low variation
  • 46 have no variation
  • 87 extracted attacks are complete and pure

Definition of similarity variation
15 extracted attacks from real traffic
Cumulative distribution of variation
Purity of extracted attacks from Session
extraction system
Completeness of extracted attacks from Session
extraction system
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Attack Session Extraction and Replay from Real Traffic" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!