Fecha de grabación: 19/06/2015
Visto: 11 veces

IEEE Distinguished Lecturer by Prof. Ying-Dar

If computer forensics is to identify, preserve, recover, and analyze who did what on a computer, network forensics is to do the same on a network. Compared to network forensics, which has wider forensics targets on devices (e.g., switches, routers, access points, firewalls, gateways) and packets between them, traffic forensics focuses on packets alone. When these devices are black boxes and do not have storage to record what happened, which are often true, traffic forensics then approximates network forensics. In this talk, we present a series of technologies and tools we developed to capture, replay, classify, detect, and analyze traffic. From the architectures of a beta site embedded into an operational campus network with live traffic, to replay captured traffic with stateless or stateful replayers in wired or wireless environments, we build the basic infrastructure and tools to play with real traffic. A case study is reported to see how effective the accumulated packet traces are in triggering bugs in products under development. Then we present another class of techniques leveraging the domain knowledge of existing products to classify traffic into various applications or malicious intrusions and malware. A classified PCAP library, associated techniques, and their evaluation are illustrated. With these integrated, a case study is reported to redefine security criteria with functionality, robustness, performance, and stability testing, in order to complement existing criteria such as Common Criteria, ICSA, and NSS. As sources of intrusions are often malware carried in application payloads, collect, analyze, and detect malware are the essential ways to build the defense lines. Thus, we present the mechanisms to collect and analyze active and passive malware through honeypot and P2P, respectively. At the end, we present detection mechanisms for traditional malware, Android malware, and Advanced Persistent Threat (APT).

serie: 2015
Prof. Ying-Dar

Archivos adjuntos
No hay archivos adjuntos

Vídeos de la misma serie
ANUDI
15 abr. 2015
El servicio de referencia
Clase de recuperación del día 27 de marzo.
8 abr. 2015
El significado histórico de la Segunda República
La historiografía sobre la segunda república española en paz, guerra y exilio
10 feb. 2015
Video Presentación Zero Courses QS Awards
Zero Courses, QS Awards
16 dic. 2015