Source author record

Polina Zilberman

Polina Zilberman appears in the imported research catalog. Authorship, coauthor and topic links are available while profile ownership is still unclaimed.

ResearcherUnclaimed source record

Cryptography and Security Networking and Internet Architecture

Catalog footprint

What is connected

2works

2topics

3close collaborators

Actions

Connect this record

Open graph Browse works

Inspect adjacent papers, topics, institutions and collaborators without losing the researcher page.

Building this map preview

BZPEER is loading the nearby papers, people, topics and institutions for this page.

preprint2020arXiv

ATHAFI: Agile Threat Hunting And Forensic Investigation

Attackers rapidly change their attacks to evade detection. Even the most sophisticated Intrusion Detection Systems that are based on artificial intelligence and advanced data analytic cannot keep pace with the rapid development of new attacks. When standard detection mechanisms fail or do not provide sufficient forensic information to investigate and mitigate attacks, targeted threat hunting performed by competent personnel is used. Unfortunately, many organization do not have enough security analysts to perform threat hunting tasks and today the level of automation of threat hunting is low. In this paper we describe a framework for agile threat hunting and forensic investigation (ATHAFI), which automates the threat hunting process at multiple levels. Adaptive targeted data collection, attack hypotheses generation, hypotheses testing, and continuous threat intelligence feeds allow to perform simple investigations in a fully automated manner. The increased level of automation will significantly boost the analyst's productivity during investigation of the harshest cases. Special Workflow Generation module adapts the threat hunting procedures either to the latest Threat Intelligence obtained from external sources (e.g. National CERT) or to the likeliest attack hypotheses generated by the Attack Hypotheses Generation module. The combination of Attack Hypotheses Generation and Workflows Generation enables intelligent adjustment of workflows, which react to emerging threats effectively.

preprint2016arXiv

Floware: Balanced Flow Monitoring in Software Defined Networks

OpenFlow is a protocol implementing Software Defined Networking, a new networking paradigm, which segregates packet forwarding and accounting (performed on switches) from the routing decisions and advanced protocols (executed on a central controller). This segregation increases agility and flexibility of a networking infrastructure and reduces its operational expenses. OpenFlow controllers expose standard interfaces to facilitate variety of networking applications. In particular, a monitoring application can use these interfaces to push into the OpenFlow switches rules that collect traffic flow statistics at different aggregation levels. The aggregation level determines the monitoring accuracy and the induced network overhead. In this paper, we propose Floware an OpenFlow application that allows discovery and monitoring of active flows at any required aggregation level. Floware balances the monitoring overhead among many switches in order to reduce its negative effect on network performance. In addition, Floware integrates with monitoring systems based on legacy protocols such as NetFlow. We demonstrate the application with soft switches emulated in Mininet, the Floodlight controller, and the NetFlow Analyzer as a legacy network analysis and intrusion detection system. Evaluation results demonstrate the positive impact of balanced monitoring.