Đang chuẩn bị liên kết để tải về tài liệu:
Exploiting Underlying Structure for Detailed Reconstruction of an Internet-scale Event

Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ

In this paper, we propose a framework for unusual event detection. Our approach is motivated by the observation that, while it is unrealistic to obtain a large training data set for unusual events, it is conversely possible to do so for usual events, allowing the creation of a well-estimated model of usual events. In order to overcome the scarcity of training material for unusual events, we propose the use of Bayesian adaptation techniques [14], which adapt a usual event model to produce a number of unusual event models in an unsupervised manner. The proposed framework can thus be considered as a semi-supervised learning technique. In our framework, a new unusual event. | Exploiting Underlying Structure for Detailed Reconstruction of an Internet-scale Event Abhishek Kumar Georgia Institute of Technology akumar@cc.gatech.edu Vern Paxson ICSI vern@icir.org Nicholas Weaver ICSI nweaver@icsi.berkeley.edu Abstract Network telescopes that record packets sent to unused blocks of Internet address space have emerged as an important tool for observing Internet-scale events such as the spread of worms and the backscatter from flooding attacks that use spoofed source addresses. Current telescope analyses produce detailed tabulations of packet rates victim population and evolution over time. While such cataloging is a crucial first step in studying the telescope observations incorporating an understanding of the underlying processes generating the observations allows us to construct detailed inferences about the broader universe in which the Internetscale activity occurs greatly enriching and deepening the analysis in the process. In this work we apply such an analysis to the propagation of the Witty worm a malicious and well-engineered worm that when released in March 2004 infected more than 12 000 hosts worldwide in 75 minutes. We show that by carefully exploiting the structure of the worm especially its pseudo-random number generation from limited and imperfect telescope data we can with high fidelity extract the individual rate at which each infectee injected packets into the network prior to loss correct distortions in the telescope data due to the worm s volume overwhelming the monitor reveal the worm s inability to fully reach all of its potential victims determine the number of disks attached to each infected machine compute when each infectee was last booted to sub-second accuracy explore the who infected whom infection tree uncover that the worm specifically targeted hosts at a US military base and pinpoint Patient Zero the initial point of infection i.e. the IP address of the system the attacker used to unleash Witty. 1 Introduction .

TAILIEUCHUNG - Chia sẻ tài liệu không giới hạn
Địa chỉ : 444 Hoang Hoa Tham, Hanoi, Viet Nam
Website : tailieuchung.com
Email : tailieuchung20@gmail.com
Tailieuchung.com là thư viện tài liệu trực tuyến, nơi chia sẽ trao đổi hàng triệu tài liệu như luận văn đồ án, sách, giáo trình, đề thi.
Chúng tôi không chịu trách nhiệm liên quan đến các vấn đề bản quyền nội dung tài liệu được thành viên tự nguyện đăng tải lên, nếu phát hiện thấy tài liệu xấu hoặc tài liệu có bản quyền xin hãy email cho chúng tôi.
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.