公開分享的文件

 

從AlphaGo的設計淺談資安領域的異常分析流程

駭客越來越聰明,總是能想到很多怪招入侵系統,我們需要很多有智慧的工具幫助我們抵禦資安攻擊,快速解決資安事件。2016最強的AI圍棋系統,曾打敗多位世界知名的棋王,其中使用的分析流程,值得我們思考如何應用在資安上。

https://www.slideshare.net/raymond0820/alphago-73533047

 

............................................................................................................

 

Paper Review 

review of "An Empirical Study of HTTP-based Financial Botnets"

https://www.slideshare.net/raymond0820/paper-review-about-botnet 

............................................................................................................

ViewNetFlow 

一個修改之前大大的簡單程式,透過netflow收集網路資訊,以web介面了解每個IP的packet,flow,byte等

https://github.com/Raymond0820/viewnetflow

............................................................................................................

A Network Behavior-Based Botnet Detection Mechanism Using PSO and K-means 

In today's world, Botnet has become one of the greatest threats to network security. Network attackers, or Botmasters, use Botnet to launch the Distributed Denial of Service (DDoS) to paralyze large-scale websites or steal confidential data from infected computers. They also employ "phishing" attacks to steal sensitive information (such as users' accounts and passwords), send bulk email advertising, and/or conduct click fraud. Even though detection technology has been much improved and some solutions to Internet security have been proposed and improved, the threat of Botnet still exists. Most of the past studies dealing with this issue used either packet contents or traffic flow characteristics to identify the invasion of Botnet. However, there still exist many problems in the areas of packet encryption and data privacy, simply because Botnet can easily change the packet contents and flow characteristics to circumvent the Intrusion Detection System (IDS). This study combines Particle Swarm Optimization (PSO) and K-means algorithms to provide a solution to remedy those problems and develop, step by step, a mechanism for Botnet detection. First, three important network behaviors are identified: long active communication behavior (ActBehavior), connection failure behavior (FailBehavior), and network scanning behavior (ScanBehavior). These behaviors are defined according to the relevant prior studies and used to analyze the communication activities among the infected computers. Second, the features of network behaviors are extracted from the flow traces in the network layer and transport layer of the network equipment. Third, PSO and K-means techniques are used to uncover the host members of Botnet in the organizational network. This study mainly utilizes the flow traces of a campus network as an experiment. The experimental findings show that this proposed approach can be employed to detect the suspicious Botnet members earlier than the detection application systems. In addition, this proposed approach is easy to implement and can be further used and extended in the campus dormitory network, home networks, and the mobile 3G network. 

http://dl.acm.org/citation.cfm?id=2676869

............................................................................................................

Predict User Anomaly Using Collaborative Filtering and IP Blacklist

In cyberspace, we always look for effective and efficient detectors that can spot attacks or malicious behavior as soon as possible. What if we can identify some highly-possible malicious behavior in a very early stage to prevent systems or networks from a disaster even if the judgment may not be so mature? In this paper, we propose a method which uses Collaborative Filtering as its foundation to detect malicious behavior in its early stage. As an anomaly detection approach, we put more effort on reducing the false negatives while keeping the false positives at an acceptable level. The collaborative filtering approach uses similar patterns that happened in the past to decide what could be safe or dangerous at the current time. Our method analyzes the network flow data to detect users' anomalous symptoms, and then adjusts their network speed according to our anomaly judgment in order to prevent what could be more serious consequence in a later stage. In a small-scale experiment, the prediction result of the proposed method reaches the perfect 100% accuracy. Furthermore, we are able to increase the calculation speed simply by adding more nodes.

http://www.iadisportal.org/digital-library/predict-user-anomaly-using-collaborative-filtering-and-ip-blacklist 

............................................................................................................

Mahout資料分析基礎入門 

Mahout是hadoop上scalable machine learning工具,也是bigdata分析的解決方案。
這場talk會分享 hadoop與mahout環境快速建立的建議,避免還沒操作到mahout就在架環境時GG的困境,也會簡單介紹 recommendation,cluster,frequent pattern,...等原理,並搭配一些範例分享如何透過mahout來實作。

http://www.slideshare.net/raymond0820/hadoopcon2014mahout

............................................................................................................

DataMining網路流量分析工具 

除了透過MRTG、NTOP、等工具外,難道沒有Data Mining based的網路流量分析工具可以用嗎?好吧,那我們用一些opensource工具,建立一個這樣的工具,幫助網管人員輕鬆看到更多的網路資訊 

ps:
此工具主要針對LAN底下之user device做網路流量的分析
對Server的網路流量分析部份目前還在研究中  

http://www.slideshare.net/raymond0820/flowdm-public 

............................................................................................................

利用資料探勘技術以監控異常網路使用行為 

網路問題越來越多,對整個組織造成極大的損失,因此對網路流量持續監控十分重要。本文提出的方法架構整合現有技術來達成此目標,透過OLAP了解整個網路流量的面向,並用列資料庫技術提升速度,透過資料採礦技術及持續性稽核概念以自動分析取得關鍵性資訊。在本研究中使用個案學校網路設備的log紀錄,利用分群技術,從中找出可疑的群組,並逐一針對該群組中的IP進行檢視,證實透過本研究之方法,可以有效且迅速的找出異常的網路使用者。

https://drive.google.com/file/d/0B4duTb8maZpSRHFkMG5wVWtwWDg/view?usp=sharing

2014-04-12 00:00:13發表 2018-05-24 20:42:19修改   

數據分析
程式開發
計算機組織與結構
資料結構與演算法
Database and MySql
manage tool
windows
unix-like
linux service
network
network layer3
network layer2
network WAN
network service
作業系統
數位鑑識
資訊安全解決方案
資訊安全威脅
Cisco security
Cisco network
Cisco layer3
Cisco layer2



  登入      [牛的大腦] | [單字我朋友] Powered by systw.net