SlideShare a Scribd company logo

Thesis proposal

Download as PPTX, PDF
S
sharma_puneet
Education
1 of 13
A multilayer framework proposal to catch data exfiltration Puneet Sharma
Agenda  Introduction to the problem  What is data exfiltration?  Why is it more difficult to catch than regular network based intrusions?  Hardware based Trojans  Huawei case  Greek phone tapping case  Software based trojans  Rootkits  Proposed approach  Multiple stacks/layered detection  Parameters to watch  Challenges
What is data exfiltration?  Unauthorized extraction of data from a system  Can be locally or remotely initiated  Is hard to catch because:  May leave no fingerprint  Insider attack  Can go at great lengths to hide itself using kernel level device drivers
Hardware based trojans  Use cases:  Huawei case  Greek phone tapping case  Special challenges in catching HW Trojans  Special circuits with an extremely small footprint  Most come shipped with their own software  Most circuit based testing methods too expensive and impractical to check for each possible circuit flow
Rootkits and other Trojans  Device driver way to get in  Kernel mode access  Can hide processes  Can auto run on restart  Stuxnet: the most famous example
Multi layered approach • Hidden processes • New hardware insertion event Application layer • New device driver registration • Change in outgoing packet patterns Network layer • Connection to an unknown address • Change in the power consumption patterns • Change in the instruction set patterns Hardware layer
Justification for a multi stacked solution  No such thing as the perfect defense  Idea is to make it really hard for the attacker to avoid detection  Certain techniques on the network and application layer are state of the art, just never used together  Sophisticated hardware Trojans not just sections of mala fide circuits, but come with their own custom software
Parameters to monitor  New Hardware detection  New device driver registration  Sudden increase in packet size going out  Type of data going out  Key file hashes being changed
Parameters to monitor  Memory traces  CPU utilization  Hidden processes  Power pattern changes  Instruction set pattern changes
Relevance of parameters matrix Parameter/Alar Ways to monitor reliable reliable reliable m on its with a few with many own? other other alarms? alarms? New hardware lsusb, udevd, No Yes Yes detection udevadm, lshw New device Lspci, lsmod, No Yes Yes driver detection modprobe Increase in Wire shark, tcpdump No Yes Yes outgoing packet size Change in type Wireshark, tcpdump No No Yes of data going out Change in file tripwire No Yes Yes hashes
Relevance of parameters matrix Parameter/Alar Ways to monitor reliable reliable reliable m on its with a with many own? few other other alarms? alarms? Memory traces /proc file system No No Yes CPU utilization mpstat, top, sysstat No No Yes Hidden unhide, proc/exe Yes Yes Yes processes Power pattern Yes Yes Yes changes Instruction set Yes Yes Yes changes
Challenges  Most Metasploit exploits on windows  Exploits to test all alarms/parameters  Creating a hardware exploit which involves minimum user interaction  Detecting the system parameters on windows
Thank you

Recommended

Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N Nessus
Utkarsh Verma
 
JPJ1432 Automatic Test Packet Generation
JPJ1432 Automatic Test Packet GenerationJPJ1432 Automatic Test Packet Generation
JPJ1432 Automatic Test Packet Generation
chennaijp
 
Packet capturing
Packet capturingPacket capturing
Packet capturing
PankajSingh1035
 
Packet sniffing
Packet sniffingPacket sniffing
Packet sniffing
Tanmay 'Unsinkable'
 
IEEE 2014 JAVA NETWORKING PROJECTS Automatic test packet generation
IEEE 2014 JAVA NETWORKING PROJECTS Automatic test packet generationIEEE 2014 JAVA NETWORKING PROJECTS Automatic test packet generation
IEEE 2014 JAVA NETWORKING PROJECTS Automatic test packet generation
IEEEGLOBALSOFTSTUDENTPROJECTS
 
Firewall Penetration Testing
Firewall Penetration TestingFirewall Penetration Testing
Firewall Penetration Testing
Chirag Jain
 
Data Mining and Intrusion Detection
Data Mining and Intrusion Detection Data Mining and Intrusion Detection
Data Mining and Intrusion Detection
amiable_indian
 
automatic test packet generation
automatic test packet generationautomatic test packet generation
automatic test packet generation
swathi78
 

Recommended

Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N Nessus
Utkarsh Verma
 
JPJ1432 Automatic Test Packet Generation
JPJ1432 Automatic Test Packet GenerationJPJ1432 Automatic Test Packet Generation
JPJ1432 Automatic Test Packet Generation
chennaijp
 
Packet capturing
Packet capturingPacket capturing
Packet capturing
PankajSingh1035
 
Packet sniffing
Packet sniffingPacket sniffing
Packet sniffing
Tanmay 'Unsinkable'
 
IEEE 2014 JAVA NETWORKING PROJECTS Automatic test packet generation
IEEE 2014 JAVA NETWORKING PROJECTS Automatic test packet generationIEEE 2014 JAVA NETWORKING PROJECTS Automatic test packet generation
IEEE 2014 JAVA NETWORKING PROJECTS Automatic test packet generation
IEEEGLOBALSOFTSTUDENTPROJECTS
 
Firewall Penetration Testing
Firewall Penetration TestingFirewall Penetration Testing
Firewall Penetration Testing
Chirag Jain
 
Data Mining and Intrusion Detection
Data Mining and Intrusion Detection Data Mining and Intrusion Detection
Data Mining and Intrusion Detection
amiable_indian
 
automatic test packet generation
automatic test packet generationautomatic test packet generation
automatic test packet generation
swathi78
 
Application of machine learning and cognitive computing in intrusion detectio...
Application of machine learning and cognitive computing in intrusion detectio...Application of machine learning and cognitive computing in intrusion detectio...
Application of machine learning and cognitive computing in intrusion detectio...
Mahdi Hosseini Moghaddam
 
ATPG flow chart
ATPG flow chart ATPG flow chart
ATPG flow chart
Minh Anh Nguyen
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
n|u - The Open Security Community
 
Automatic test packet generation
Automatic test packet generationAutomatic test packet generation
Automatic test packet generation
tusharjadhav2611
 
Firewalls
FirewallsFirewalls
Firewalls
Sonali Parab
 
Intrusion Detection
Intrusion DetectionIntrusion Detection
Intrusion Detection
Gregory Hanis
 
Wireshark network analysing software
Wireshark network analysing softwareWireshark network analysing software
Wireshark network analysing software
dharmesh nakum
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
Programmer
 
Network monotoring
Network monotoringNetwork monotoring
Network monotoring
Programmer
 
Intrusion Detection
Intrusion DetectionIntrusion Detection
Intrusion Detection
butest
 
Packet Sniffer
Packet Sniffer Packet Sniffer
Packet Sniffer
vilss
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection tools
vishalgohel12195
 
Snort
SnortSnort
Snort
Rahul Jain
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection Systems
Omar Shaya
 
Windows 7 firewall & its configuration
Windows 7 firewall & its configurationWindows 7 firewall & its configuration
Windows 7 firewall & its configuration
Soban Ahmad
 
Practical real-time intrusion detection using machine learning approaches
Practical real-time intrusion detection using machine learning approachesPractical real-time intrusion detection using machine learning approaches
Practical real-time intrusion detection using machine learning approaches
Full Stack Developer at Electro Mizan Andisheh
 
Network based file carving
Network based file carvingNetwork based file carving
Network based file carving
GTKlondike
 
Nmap & Network sniffing
Nmap & Network sniffingNmap & Network sniffing
Nmap & Network sniffing
Mukul Sahu
 
Wireshark
WiresharkWireshark
Wireshark
Deris Stiawan
 
How to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall AuditHow to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall Audit
keyuradmin
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshell
Yahia Kandeel
 
Firewalls-Intro
Firewalls-IntroFirewalls-Intro
Firewalls-Intro
Aparna Bulusu
 

More Related Content

What's hot

Intrusion Detection
Intrusion DetectionIntrusion Detection
Intrusion Detection
butest
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection Systems
Omar Shaya
 
Practical real-time intrusion detection using machine learning approaches
Practical real-time intrusion detection using machine learning approachesPractical real-time intrusion detection using machine learning approaches
Practical real-time intrusion detection using machine learning approaches
Full Stack Developer at Electro Mizan Andisheh
 
Network based file carving
Network based file carvingNetwork based file carving
Network based file carving
GTKlondike
 
How to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall AuditHow to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall Audit
keyuradmin
 

What's hot (20)

Application of machine learning and cognitive computing in intrusion detectio...
Application of machine learning and cognitive computing in intrusion detectio...Application of machine learning and cognitive computing in intrusion detectio...
Application of machine learning and cognitive computing in intrusion detectio...
 
ATPG flow chart
ATPG flow chart ATPG flow chart
ATPG flow chart
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
 
Automatic test packet generation
Automatic test packet generationAutomatic test packet generation
Automatic test packet generation
 
Firewalls
FirewallsFirewalls
Firewalls
 
Intrusion Detection
Intrusion DetectionIntrusion Detection
Intrusion Detection
 
Wireshark network analysing software
Wireshark network analysing softwareWireshark network analysing software
Wireshark network analysing software
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Network monotoring
Network monotoringNetwork monotoring
Network monotoring
 
Intrusion Detection
Intrusion DetectionIntrusion Detection
Intrusion Detection
 
Packet Sniffer
Packet Sniffer Packet Sniffer
Packet Sniffer
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection tools
 
Snort
SnortSnort
Snort
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection Systems
 
Windows 7 firewall & its configuration
Windows 7 firewall & its configurationWindows 7 firewall & its configuration
Windows 7 firewall & its configuration
 
Practical real-time intrusion detection using machine learning approaches
Practical real-time intrusion detection using machine learning approachesPractical real-time intrusion detection using machine learning approaches
Practical real-time intrusion detection using machine learning approaches
 
Network based file carving
Network based file carvingNetwork based file carving
Network based file carving
 
Nmap & Network sniffing
Nmap & Network sniffingNmap & Network sniffing
Nmap & Network sniffing
 
Wireshark
WiresharkWireshark
Wireshark
 
How to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall AuditHow to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall Audit
 

Similar to Thesis proposal

6.Resource Exhaustion
6.Resource Exhaustion6.Resource Exhaustion
6.Resource Exhaustion
phanleson
 
Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...
Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...
Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...
Brian Brazil
 
Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?
Dmitry Evteev
 
Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)
Tim Wright
 
Gigamon Systems
Gigamon SystemsGigamon Systems
Gigamon Systems
gigamon
 
Distributed Systems: scalability and high availability
Distributed Systems: scalability and high availabilityDistributed Systems: scalability and high availability
Distributed Systems: scalability and high availability
Renato Lucindo
 
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
centralohioissa
 

Similar to Thesis proposal (20)

Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshell
 
Firewalls-Intro
Firewalls-IntroFirewalls-Intro
Firewalls-Intro
 
Real World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleReal World Application Threat Modelling By Example
Real World Application Threat Modelling By Example
 
Day4
Day4Day4
Day4
 
6.Resource Exhaustion
6.Resource Exhaustion6.Resource Exhaustion
6.Resource Exhaustion
 
Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...
Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...
Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...
 
Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?
 
Creating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case studyCreating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case study
 
Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)
 
Low cost multi-sensor IDS system
Low cost multi-sensor IDS systemLow cost multi-sensor IDS system
Low cost multi-sensor IDS system
 
Tech 101: Understanding Firewalls
Tech 101: Understanding FirewallsTech 101: Understanding Firewalls
Tech 101: Understanding Firewalls
 
Enchaning system effiency through process scanning
Enchaning system effiency through process scanningEnchaning system effiency through process scanning
Enchaning system effiency through process scanning
 
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure InfrastructuresPLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
 
Gigamon Systems
Gigamon SystemsGigamon Systems
Gigamon Systems
 
Thinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionThinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and Prevention
 
Distributed Systems: scalability and high availability
Distributed Systems: scalability and high availabilityDistributed Systems: scalability and high availability
Distributed Systems: scalability and high availability
 
Cartographer, or Building A Next Generation Management Framework
Cartographer, or Building A Next Generation Management FrameworkCartographer, or Building A Next Generation Management Framework
Cartographer, or Building A Next Generation Management Framework
 
Co se skrývá v datovém provozu? - Pavel Minařík
Co se skrývá v datovém provozu? - Pavel MinaříkCo se skrývá v datovém provozu? - Pavel Minařík
Co se skrývá v datovém provozu? - Pavel Minařík
 
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
 
Backtrack Manual Part8
Backtrack Manual Part8Backtrack Manual Part8
Backtrack Manual Part8
 

Recently uploaded

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 

Recently uploaded (20)

Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural ResourcesEnergy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 

Thesis proposal

  • 1. A multilayer framework proposal to catch data exfiltration Puneet Sharma
  • 2. Agenda  Introduction to the problem  What is data exfiltration?  Why is it more difficult to catch than regular network based intrusions?  Hardware based Trojans  Huawei case  Greek phone tapping case  Software based trojans  Rootkits  Proposed approach  Multiple stacks/layered detection  Parameters to watch  Challenges
  • 3. What is data exfiltration?  Unauthorized extraction of data from a system  Can be locally or remotely initiated  Is hard to catch because:  May leave no fingerprint  Insider attack  Can go at great lengths to hide itself using kernel level device drivers
  • 4. Hardware based trojans  Use cases:  Huawei case  Greek phone tapping case  Special challenges in catching HW Trojans  Special circuits with an extremely small footprint  Most come shipped with their own software  Most circuit based testing methods too expensive and impractical to check for each possible circuit flow
  • 5. Rootkits and other Trojans  Device driver way to get in  Kernel mode access  Can hide processes  Can auto run on restart  Stuxnet: the most famous example
  • 6. Multi layered approach • Hidden processes • New hardware insertion event Application layer • New device driver registration • Change in outgoing packet patterns Network layer • Connection to an unknown address • Change in the power consumption patterns • Change in the instruction set patterns Hardware layer
  • 7. Justification for a multi stacked solution  No such thing as the perfect defense  Idea is to make it really hard for the attacker to avoid detection  Certain techniques on the network and application layer are state of the art, just never used together  Sophisticated hardware Trojans not just sections of mala fide circuits, but come with their own custom software
  • 8. Parameters to monitor  New Hardware detection  New device driver registration  Sudden increase in packet size going out  Type of data going out  Key file hashes being changed
  • 9. Parameters to monitor  Memory traces  CPU utilization  Hidden processes  Power pattern changes  Instruction set pattern changes
  • 10. Relevance of parameters matrix Parameter/Alar Ways to monitor reliable reliable reliable m on its with a few with many own? other other alarms? alarms? New hardware lsusb, udevd, No Yes Yes detection udevadm, lshw New device Lspci, lsmod, No Yes Yes driver detection modprobe Increase in Wire shark, tcpdump No Yes Yes outgoing packet size Change in type Wireshark, tcpdump No No Yes of data going out Change in file tripwire No Yes Yes hashes
  • 11. Relevance of parameters matrix Parameter/Alar Ways to monitor reliable reliable reliable m on its with a with many own? few other other alarms? alarms? Memory traces /proc file system No No Yes CPU utilization mpstat, top, sysstat No No Yes Hidden unhide, proc/exe Yes Yes Yes processes Power pattern Yes Yes Yes changes Instruction set Yes Yes Yes changes
  • 12. Challenges  Most Metasploit exploits on windows  Exploits to test all alarms/parameters  Creating a hardware exploit which involves minimum user interaction  Detecting the system parameters on windows