Team for Research in
Ubiquitous Secure Technology

Monitoring your network for fun and prophet[sic]
John McHugh

Citation
John McHugh. "Monitoring your network for fun and prophet[sic]". Talk or presentation, 3, May, 2007.

Abstract
Routine acquisition and aggregation of network data offers an opportunity to understand some of the forces that drive the internet. It also offers an opportunity to detect and understand a variety of phenomena that are related to overtly questionable or malicious activities on the part of network users and abusers. Carried out on a smaller scale, if offers an opportunity to perform passive monitoring on the activities on your own network, including the detection of spyware and other forms of compromise. By monitoring the unoccupied portions of an organization's address space, scanning and other activities that are often precursors to attacks can be identified. In this talk, I will summarize a variety of large and small scale observations that have resulted from such monitoring activities. Key to this work is the choice of suitable abstractions for the representation of both data and analysis results. The talk will also consider some of the issues associated with the management of the quantities of the data involved as well as techniques for analyzing the data and presenting the analysis results. These techniques aid system managers in better understanding the activities that routinely occur on their networks and provide a baseline against which changes in behavior, whether benign or malicious can be evaluated.

Electronic downloads

Citation formats  
  • HTML
    John McHugh. <a
    href="http://www.truststc.org/pubs/256.html"
    ><i>Monitoring your network for fun and
    prophet[sic]</i></a>, Talk or presentation,  3,
    May, 2007.
  • Plain text
    John McHugh. "Monitoring your network for fun and
    prophet[sic]". Talk or presentation,  3, May, 2007.
  • BibTeX
    @presentation{McHugh07_MonitoringYourNetworkForFunProphetsic,
        author = {John McHugh},
        title = {Monitoring your network for fun and prophet[sic]},
        day = {3},
        month = {May},
        year = {2007},
        abstract = {Routine acquisition and aggregation of network
                  data offers an opportunity to understand some of
                  the forces that drive the internet. It also offers
                  an opportunity to detect and understand a variety
                  of phenomena that are related to overtly
                  questionable or malicious activities on the part
                  of network users and abusers. Carried out on a
                  smaller scale, if offers an opportunity to perform
                  passive monitoring on the activities on your own
                  network, including the detection of spyware and
                  other forms of compromise. By monitoring the
                  unoccupied portions of an organization's address
                  space, scanning and other activities that are
                  often precursors to attacks can be identified. In
                  this talk, I will summarize a variety of large and
                  small scale observations that have resulted from
                  such monitoring activities. Key to this work is
                  the choice of suitable abstractions for the
                  representation of both data and analysis results.
                  The talk will also consider some of the issues
                  associated with the management of the quantities
                  of the data involved as well as techniques for
                  analyzing the data and presenting the analysis
                  results. These techniques aid system managers in
                  better understanding the activities that routinely
                  occur on their networks and provide a baseline
                  against which changes in behavior, whether benign
                  or malicious can be evaluated.},
        URL = {http://www.truststc.org/pubs/256.html}
    }
    

Posted by Alvaro Cardenas on 3 May 2007.
Groups: trustseminar
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.