John McHugh
Citation
John McHugh. "Monitoring your network for fun and prophet[sic]". Talk or presentation, 3, May, 2007.
Abstract
Routine acquisition and aggregation of network data offers an opportunity to understand some of the forces that drive the internet. It also offers an opportunity to detect and understand a variety of phenomena that are related to overtly questionable or malicious activities on the part of network users and abusers. Carried out on a smaller scale, if offers an opportunity to perform passive monitoring on the activities on your own network, including the detection of spyware and other forms of compromise. By monitoring the unoccupied portions of an organization's address space, scanning and other activities that are often precursors to attacks can be identified. In this talk, I will summarize a variety of large and small scale observations that have resulted from such monitoring activities. Key to this work is the choice of suitable abstractions for the representation of both data and analysis results. The talk will also consider some of the issues associated with the management of the quantities of the data involved as well as techniques for analyzing the data and presenting the analysis results. These techniques aid system managers in better understanding the activities that routinely occur on their networks and provide a baseline against which changes in behavior, whether benign or malicious can be evaluated.
Electronic downloads
- Berkeley.pdf · application/pdf · 3881 kbytes
| Citation formats |
- HTML
John McHugh. <a href="http://www.truststc.org/pubs/256.html" ><i>Monitoring your network for fun and prophet[sic]</i></a>, Talk or presentation, 3, May, 2007.
- Plain text
John McHugh. "Monitoring your network for fun and prophet[sic]". Talk or presentation, 3, May, 2007.
- BibTeX
@presentation{McHugh07_MonitoringYourNetworkForFunProphetsic, author = {John McHugh}, title = {Monitoring your network for fun and prophet[sic]}, day = {3}, month = {May}, year = {2007}, abstract = {Routine acquisition and aggregation of network data offers an opportunity to understand some of the forces that drive the internet. It also offers an opportunity to detect and understand a variety of phenomena that are related to overtly questionable or malicious activities on the part of network users and abusers. Carried out on a smaller scale, if offers an opportunity to perform passive monitoring on the activities on your own network, including the detection of spyware and other forms of compromise. By monitoring the unoccupied portions of an organization's address space, scanning and other activities that are often precursors to attacks can be identified. In this talk, I will summarize a variety of large and small scale observations that have resulted from such monitoring activities. Key to this work is the choice of suitable abstractions for the representation of both data and analysis results. The talk will also consider some of the issues associated with the management of the quantities of the data involved as well as techniques for analyzing the data and presenting the analysis results. These techniques aid system managers in better understanding the activities that routinely occur on their networks and provide a baseline against which changes in behavior, whether benign or malicious can be evaluated.}, URL = {http://www.truststc.org/pubs/256.html} }
Posted by Alvaro Cardenas on 3 May 2007.
Groups: trustseminar
For additional information, see the
Publications FAQ or
contact webmaster at www truststc org.
Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.