Session Details

Network Security Workshop (Security WG)

ObjectivesTo raise the security awareness and knowledge within APAN community - To exchange experience and knowledge in network security technologies and issues, and - To cooperate with other international security efforts to raise security awareness, capabilities and interoperation globally. Security related topics includes protection of the physical, intellectual, and electronic assets of the APAN and other network, including its security policies, network access controls, malware protection, network administration, auditing, and transaction security.
Target AudienceResearchers, Scientists, Network Engineers, Students
No. of Participants50
Seating ArrangementClassroom
Video ConferencingAvailable
Date: Tuesday 2017-02-14
Time: 09:00 - 10:00
Location: Gulmohar
Session Chair(s): Yoshiaki Kasahara, Kyushu University
    1Security Dynamics Inference in Cyberspace: A data-driven Approach
    V Anil Kumar, CSIR Fourth Paradigm Institute, Bangalore, India
    The focus of this presentation is certain fine-grain network measurements that we carried out over two major Internet Service Providers (ISPs) of India during the past several months for cyber security dynamics inference, and the subsequent analysis of the resulting data. The talk will begin by briefly discussing a special class of raw network traffic called ‘unsolicited traffic’ or ‘Internet background radiations’, and their potential origin. Our measurement framework, which is a combination of passive network monitoring and active TCP responders, to capture and validate such traffic will be covered in detail along with its design and deployment details. We will look at the volume and protocol level characteristics of such traffic observed for a period of one month and analyze it in detail. The core of our result is several millions of validated malicious TCP connections that originate from almost all part of the cyberspace along with certain inferences from these TCP connections. The results typically consists of information extracted from the raw packets such as the geographical location of malicious connection originator, their identity in the form of validated source IP address, daily breakup of such connections and trend analysis. We will discuss the benefits of capturing and analyzing these non-productive and largely neglected traffic from a security perspective and highlight the need for a larger measurement framework consisting of multiple smaller measurement points.
    2Botnets: A Double Edge Sword (remote presentation)
    Shankar Karuppayah, Technische Universitat Darmstadt
    Prof. Sureswaran Ramadass, IUMWS, Malaysia
    This presentation provides a brief history of Botnets and Botnet activities. It also talks about how botnets are used in the "wild", ie the Internet. The presentations also covers how Botnets communicate with one another.
    3How the Internet survey tools could affect network security monitoring? - (PDF)
    Tatsuya Mori, Waseda University, Japan
    Darknet is a passive measurement system that monitors traffic destined to unused IP address space. Darknets have been widely deployed as tools to detect malicious activities such as propagating worms. On the other hand, recent advance of Internet-scale survey traffic originating from legitimate hosts could overwhelm the traffic that was originally supposed to be monitored with a darknet. Based on this observation, we posed the following research question: “Can the Internet-scale survey traffic become noise when we analyze darknet traffic?” To answer the question, we developed a framework that can discriminates between Internet-scale survey traffic originating from legitimate hosts and other traffic potentially associated with malicious activities. It leverages two intrinsic characteristics of Internet-scale survey traffic: a network-level property and some form of footprint explicitly indicated by surveyors. When we analyzed the darknet traffic using our framework, we saw that Internet-scale traffic can be noise. We also demonstrated that the discrimination of survey traffic exposes hidden traffic anomalies, which are invisible without using our technique.