Computer and Network Security cX5opyright 2TTT V. X. aewman ...

needmorebaitΔίκτυα και Επικοινωνίες

20 Νοε 2013 (πριν από 3 χρόνια και 7 μήνες)

66 εμφανίσεις

          

   





   
 
   

   

     
     
   
 


 



 



CG
CG
HUB
bus
star
dual bus
ring




     
    
    


 









 







 
 






 
 

 
  
 

          
  










 
 

     





   

 

 
   



layer i+1
layer i
layer i-1
provides services
obtains services

 

 









  












  






 




 
  



  



  






 


 


- electrical, mechanical modulation/detection
- common formatting, utilities
- session managment
- underlying OS security
- interoperation
- multiple applications
6- Presentation
5 - Session
4 - Transport
7 - Application
- per-packet OH if datagram service
- higher level entities are treated same
2 - Link - only useful for immediate neighbors
1 - Physical
3 - Network
OSI Reference Architecture Layers
- end-to-end, process-to-process
- host identification only

 
 

protocol A
protocol B
protocol C




















 


 








 
  

application
presentation
session
transport
network
datalink
physical
SH
SH
SH
NH
SH
NH
DH
DT
SH
NH
DH
DT
PH
PT
TH
TH
TH
TH



 
 
 



application
presentation
session
transport
network
datalink
physical
relay
dl dl
p p'
relay
application
presentation
session
transport
network
datalink
physical
relay
p p
dl
p p'
n n
dl'
chainedend-to-end
repeaterhost bridge router host

 

 



  
 


 

  

   
  

  

 
TCP
ARP
RARP
DHCP
UDP
IGMP
ICMP
RIP
IP
OSPF
medium access
telnet
FTP
MIME
SMTP
SNMP
BGP

 

  
      


 



 




 




 






 


      
  
  
  


  
   
 
    

   






  

     
  
    


 


       
    
   



     
   
   
   
 
   

          
  
    
     





 



  

 





  

 



  



 


 

 

 


 




      
   
  
  
    

 
    
    
  
  
    

  
      

  
       

 
  
         

  
    
       

  
    
       


 
           
   
  
 
     
  
  
    
   

     
    
  

  
   
 
    
    
      
   
     
  
  





      
     


 


  
 

  




 
      
    
  
    
    
      
     

    
        
   
   
  
     

      
   
 

 




 









   





  



 
  

    


 
      
   

  
 

   






  

  



 

   


 

 




  

     
        




















      















  



 


Symbols
Event Space Trace data E1 E2 E3 E4 E5 E6 ...
Reduced trace s1 s2 s3 s4 s5 s6 ...
Normal BehaviorsKnown
Attacks
Anomalies
observed
actual
future
Normal Behaviors
FSM
FSM Generation
Learning
Monitoring
Trace Data
Reduced
Trace
01100000010000000100000101000Trace Anomaly Signal:
# Anomalies in last M behaviors:...44333444556665
Alarm Levels:11000111112221
Window Size, M
Thresholds
Word Length
Behavior Space
Feature Selection and Mapping
Key:Derived sets, data, operationsSelected Parameters

 



 





 








 



Time of observation
Number of distinct behaviors observed
Learning what is normal


Time of monitoring
Number of anomalies in last K events
Normal behavior
Attack 1
...
Attack N
T2
T1


Time of monitoring
Number of anomalies in last K events
T2
T1
Attack


    

 
  
  
 

 


   
           


 
      

      

        

     
      
     
   
    
        


      
          
          
      