is539

Internet security final

[Paper] Bot hunter 내부 네트웍의 모든 트래픽을 감시하는 IDS를 두고 아래와 같은 봇 모델에 맞는 behavior를 검색함 Scan을 찾는 모듈 (SCADE)로  e1과 e5를 찾음 Payload를 보는 모듈 (SLADE)로 e2를 찾음 Signature engine으로 e2, e3, e4를 찾음 [Paper] BotMiner Protocol- and structure-independent botnet detection Key idea: horizontal correlation C-plane clustering: BPS,…

ISS539 Midterm

  Worm Virus v.s. Worm (Self-spreading) Worm history Morris worm Infected 6000 computers, 90% of them are not connected to the internet Code Red worm Attack web servers (buffer overflow) Epidemic Model Basic model Susceptible –> Removed Kermack-McKendric model Susceptible –> Infectious –> Removed Network Intrusion Delivering malicious payload Buffer…