Network Security and Analysis with Python
-
Upload
pycontw -
Category
Technology
-
view
923 -
download
1
Transcript of Network Security and Analysis with Python
![Page 1: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/1.jpg)
NETWORK SECURITY AND ANALYSISWITH PYTHON
Lee Yang Peng
Dunman High School
Singapore
![Page 2: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/2.jpg)
![Page 3: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/3.jpg)
![Page 4: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/4.jpg)
![Page 5: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/5.jpg)
![Page 6: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/6.jpg)
![Page 7: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/7.jpg)
![Page 8: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/8.jpg)
![Page 9: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/9.jpg)
DEEP Packet InspectionSearching if anything in the packet is suspicious
![Page 10: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/10.jpg)
![Page 11: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/11.jpg)
![Page 12: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/12.jpg)
![Page 13: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/13.jpg)
![Page 14: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/14.jpg)
ANALYTICS
Motivation: Helping Deep Packet Inspection
An initial experimental study
Then I conducted experiments on them to determine their effectiveness
![Page 15: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/15.jpg)
![Page 16: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/16.jpg)
HEURISTICS FOR ANALYTICS
Detecting Constant Fields and Enumeration fields to learn about protocol format
Constant: Bytes that do not change data in all packets in a single protocol.
For example: {‘x00’} appears all the time. Or {‘x00’, ‘x01’, ‘x02’} in sequence
Enums: Bytes at fixed positions that changes only slightly or has a limited number of values.
For example: At position 5, only contains values within {‘x00’, ‘x01’, ‘x02’}
![Page 17: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/17.jpg)
![Page 18: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/18.jpg)
Constant fields in protocol headers:
Maybe…
Paddings
Protocol Version
Reserved Fields
![Page 19: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/19.jpg)
![Page 20: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/20.jpg)
![Page 21: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/21.jpg)
![Page 22: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/22.jpg)
Where pi is the probability of each value
occurring
![Page 23: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/23.jpg)
![Page 24: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/24.jpg)
13 May 2015
![Page 25: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/25.jpg)
![Page 26: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/26.jpg)
Ethernet TCP UDP
IPv4 IPv6 ICMP
IGMP(v3) ARP SMB
NBNS LLMNR DNS
SCTP OSPF
![Page 28: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/28.jpg)
![Page 29: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/29.jpg)
• Collected data unable to simulate randomness of a
real network
• False positives will be observed
• For consistency, will mark these as incorrect during
my evaluation
![Page 30: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/30.jpg)
![Page 31: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/31.jpg)
![Page 32: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/32.jpg)
![Page 33: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/33.jpg)
![Page 34: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/34.jpg)
• Manual analysis of the protocol header was compared against ground
truth from protocol documentation
• Mark every byte in protocol header as {Constant, Not Constant}, and
{Enum, Not Enum}
• Accuracy = (True Positives + True Negatives) / Total Header Length
• Entered these data into a table
![Page 35: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/35.jpg)
Protocol Accuracy (Constants) Accuracy (Enums)
TCP 100% 95%
IPv4 90% 95%
Ethernet 100% 100%
IPv6 97.5% 92.5%
DNS / NetBIOS-NS / LLMNR 41.7% 91.6%
ARP 50.0% 62.5%
ICMP 100% 100%
UDP 100% 100%
OSPF 30% 80%
IGMP Version 3 50% 62.5%
SCTP 100% 100%
SMB 62.5% 84.4%
Average Accuracy 76.8% 88.6%
![Page 36: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/36.jpg)
LIMITATIONS
• Is only useful for analyzing a single protocol
• Heuristics to detect higher level fields such as dependencies and sequence numbers are not yet implemented
![Page 37: Network Security and Analysis with Python](https://reader033.fdocuments.us/reader033/viewer/2022042604/588875751a28ab34788b5545/html5/thumbnails/37.jpg)