[Nrg-l] NRG Resumes 22 Sept

Vijay Erramilli evijay at cs.bu.edu
Fri Sep 16 15:38:00 EDT 2005


Hi all,

Starting with this Thursday (22 Sept.), we will have NRGs every Thursday 
at 11am in the grad lounge. 
 
Parminder has volunteered to kick off NRG with his talk titled 

" PISA: Automatic Extraction of Traffic Signatures ", Appeared in 
Networking 2005

(http://www.research.avayalabs.com/user/ajita/pisa.pdf)

Once again,  NRG will take place on Thursday (Sept 22nd) at 11:00am in 
the grad lounge.

The abstract follows.

Vijay

Abstract:
Analysis of security attacks shows that an attack leaves its imprint or
signature in the attack packets. Traffic from Distributed Denial of
Service attacks and rapid worm spreads has the potential to yield
signatures. While all signatures may not be indicative of attacks, it is
useful to extract non-transient signatures that are carried by a
sufficient number of flows/packets/bytes. The number of packets/bytes in
the flows carrying the signature may be used for rate-limiting the flows,
providing for timely and automated response to both known and unknown
attacks. This paper proposes an efficient algorithm, PISA, which clusters
flows based on similarity in packet information and extracts signatures
from highbandwidth clusters. Extensive experiments on two weeks of real
attack data of 100 million packets yield about 1744
signatures. Additionally, PISA extracted the signature for the Blaster
worm connection attempts in a mix of traffic from a trans- Pacific
backbone link.

PISA: Automatic Extraction of Traffic Signatures, Parminder Chhabra, Ajita
John, and Huzur Saran, Networking 2005




More information about the Nrg-l mailing list