Opened 5 years ago

Closed 5 years ago

#1254 closed (fixed)

ARCCN Demorpheus: Shellcode Detection in High-Speed Network Channels

Reported by: hdempsey@bbn.com Owned by: peter.stickney@bbn.com
Priority: major Milestone:
Component: GPO Version: SPIRAL6
Keywords: GEC20 Cc: VAntonenko@arccn.ru
Dependencies:

Description (last modified by hdempsey@bbn.com)

Demo description paragraph (three sentence minimum):

ARCCN demo for Gaivoronsky.

In this presentation we propose an approach and hybrid shellcode detection method, aimed at early detection and filtering of unknown 0-days exploits at the network level. The proposed approach allows us to summarize capabilities of shellcode detection algorithms developed over the last ten years into an optimal classifier. The proposed approach allows us to reduce total false-positives rate to almost zero, provides full coverage of shellcode classes detected by individual classifiers, and significantly increases total throughput of detectors. Evaluation with shellcode datasets, including Metasploit Framework plain-text, encrypted and obfuscated shellcodes, benign Windows and Linux binaries, random (normal) data and multimedia shows that hybrid data-flow classifier significantly boosts analysis throughput for benign data - up to 45 times faster than linear combination of classifiers, and almost 1.5 times faster for shellcode datasets. We also give a tool demonstration.

List of equipment that will need AC connections (e.g. laptop, switch, monitor):

1 laptop, 1 monitor

Just put in the number of connections needed if your demo description already lists equipment.

Total number of wired network connections (sum standard IP and VLAN connections):

Number of wired layer 2 VLANs (if any): Specify VLAN number, if known, approximate bandwidth, and whether tagged or untagged.

Number of wireless network connections (include required bandwidth if significant):

1

Number of static addresses needed (if any):

Monitor (y/n, specify VGA or DVI):

1

Specify resolution only if your software has resolution restrictions.

Number of posters (max size poster boards are 30" x 40"):

none

Special requests: Include any specific network connectivity needs (e.g. VLANs to a particular GENI location, projects you'd like to be near, etc.)

Change History (5)

comment:1 Changed 5 years ago by hdempsey@bbn.com

Cc: VAntonenko@arccn.ru added

comment:2 Changed 5 years ago by hdempsey@bbn.com

Description: modified (diff)

ACCN Simplifying and automating enterprise networks administration with SDN/OpenFlow

ARCCN NFV Platform.

and ARCCN Demorpheus are all sharing a monitor.

(That is only two people, because one person has two experiments.)

Please co-locate.

comment:3 Changed 5 years ago by peter.stickney@bbn.com

Status: newaccepted

Thank you for your demo request. We will update this ticket when the resources have been confirmed.

comment:4 Changed 5 years ago by peter.stickney@bbn.com

We can now confirm that the resources you requested will be available for you on Demo Night. See you in Davis!

comment:5 Changed 5 years ago by peter.stickney@bbn.com

Resolution: fixed
Status: acceptedclosed

Thanks for joining us in Davis this year. We hope everything worked as you expected. Don't hesitate to offer any suggestions.

Please feel free to update / append the wiki page for the Demo Night here:

http://groups.geni.net/geni/wiki/GEC20Agenda/EveningDemoSession

Note: See TracTickets for help on using tickets.