Tuesday, 1 December 2009

The Cloud of real time for London 2012

I just read about an article about a "Cloud of real time information for London 2010". I wrote a bit in my blog in Spanish, there is an automatic translation here.

I won't write too much about it, I would prefer to you to go to the Cloud website or to the original article from TechCrunch or in . However, I would say that the project seems quite a challenge and I am looking forward to hearing more about it in the near future.

Saturday, 8 August 2009

DoS/DDoS news resources

Considering the hype about DoS and DDoS in the last days as consequence of attacks to Twitter, Facebook and LiveJournal I decided to include some of my information sources in this blog. I did some redesign of the right bar. I included some DoS and DDoS news, they are a set of news manually selected by me. I take the news from different sources and I apply some basic filtering and data-mining I come with them. They can be also accessed here if you want to include them in your RSS reader.

"Security news from Twitter" are posts about DoS/DDoS attacks collected from twitter. This is a little bit noisy with around 30-50 posts per day. Some of the posts are repeated or uninterested (from my perspective) but it works as a source for my tools that extract some information for them. The raw feeds are here and here.

Finally I included some general IT security news from twittsecurity. Twittsecurity is a bot that shares security news in Twitter. It searches and selects IT security news using a hybrid method (automatic and human assisted). Feel free to follow it.

Monday, 27 July 2009

Some Machine Learning Libraries

I've been doing some experiments using "machine learning" on several projects and I would like to talk a bit about them. For now all I am coding in Python, but also I'll comment on some Java and C++ libraries.

A simple to use is FANN (Fast Artificial Neural Network). It also has ports for Python and other languages (PHP, Java, Perl, etc.. Although the Python version of Python did not work for me for some reason).

For Support Vector Machines I used LIBSVM (A Library for Support Vector Machines). In the website you can even find a number of recommendations for using SVMs. Other libraries supporting SVM are PyML and MLPy (but for some reason the compilation did not work on my machine, so I used LIBSVM).

A very interesting library implementing a Naive Bayes Classifier is Orange. I have not tested but it looks good, plus, it has good documentation and links to various datasets.

If you are interested in Reinforcement Learning, Tiles is a library in Python (also in C + + and Lisp) that allows you to "transform" the inputs to a value function represented by an array of tiles. In general, to represent a state in high resolution tiles are better than just simple states.

If you want a "decision tree" you can use this that is included and explained in the book "Collective Intelligence". I think that the algorithm used is based on ID3.

And finally, mahout. This is an Apache Foundation project. For now is out of my reach to test it. I do not have the infrastructure or the need to use it. It is based on Hadoop and mapreduce concepts. Very interesting.

PS: If you want more resources about machine learning, these are my delicious bookmarks on the topic.

Thursday, 30 April 2009

Some NS-2 code to simulate DoS and DDoS attacks

This is some basic TCL code that used for some simulations. This code works on the NS-2 network simulator.

Simple simulation with flow monitors. It creates 4 nodes: 1 UDP source and 1 TCP source (FTP), 1 destination node and 1 transit node. It monitors the flows coming in and out from the queue in the link between the transit and destination node. It dumps the trace data to a flow file.

Ping Flood . It creates two nodes. Node 1 floods ping packets to Node 2. It could be useful to simulate Denial of Service attacks.

Simple DoS Attack. It creates a topology of 7 nodes. Two nodes generate valid traffic (one UDP and another TCP in the form of FTP). Another node generates and UDP DoS.

Tuesday, 28 April 2009

SPAM and the commerce of fear

A few days ago I commented that the spammers would soon begin sending mails about medication against the swine flu and replacing the old viagra SPAM. Shortly after, the US-CERT warned of phishing attacks using this new vector for social engineering and the SANS published a list of sites that could generate malware/phishing /scams (according to the particular domain names selected).

Well today I received my first flu-related SPAM. Also, visiting a news site I found this ad from Google Ads. The ads are not malware sites (at least these three do not appear to be, but try them at your own risk), but certainly they plan to profit from the people's fear.

Well, I think that we humans are quite predictable.

Wednesday, 1 April 2009

The big news today about Conficker ... is that there is no news

For the moment everything looks calm. Although it is almost April 1 throughout the whole world there is not yet any news about of the end of the world. Today, the media expected big problems as result from the spreading of the worm conficker and the new "payload" that would be activated.

More than a result of a large patch campaign, I think that the famous worm exploited a large media campaign that exaggerated and overestimated its effects. I expect this to be just another day in the life of a security research. Anyway, if something happens, I will be updating my twitter and my tumbr (this is Spanish only). In case of infection or pro-action against the worm, here are some resources.

Monday, 16 March 2009

The BBC, the botnet and other DDoS attacks

No doubt that the most commented DDoS news of the week were related to the botnet that the BBC hired. In fact it was the staff of one of its programs called Click. The program's goal was to demonstrate how easy it is to hire a botnet to perform criminal activities. The botnet was used to send SPAM to a especially set account and to launch a DDoS attack to security company website's specifically set for this purpose. Although the ethics of the action has been critiqued, the fact is that they have demonstrated how easy and cheap it is to hire such services.

In other news, Jose Nazario of Arbor Networks in hiss presentation at SOURCE Boston commented about the new "trends" in cyber crime. Nazario said that cyber criminals are not just selling kits for running malicious software on unprotected computers. Now they sell services for script-kiddies and criminals who are just not good enough to use the malware by themselves. The audio of the presentation here.

The DDoS attack to the torrent site Mininova continued during this week. Here you can see some trends in traffic that the attacks have generated.

Sunday, 8 March 2009

DDoS in March

To the surprise of some, the Pirate Bay website was under a DDoS attack earlier this week. Still no news about the intellectual authors. The site is stable for now.

According to an analysis of the anti-virus firm Sophos, the worm Confiker could start a DDoS attack to some sites, including Soutwest Airlines. The collateral damage would be a DoS due to the spread of the worm. The note on TechRepublic.

And the torrent's site Minova has been attacked by a DDoS. According to TorrentFreak the attack has reached the 2 Gbps peak. It seems to come from bot networks that appear to be in Germany and Argentina.

Tuesday, 10 February 2009

Feed Analysis

Well, this is post is more a plead for help than a real post.

I need to analyse a RSS feed that I have been generating by searching for twitts related to DoS and DDoS attacks. In order to do it soon and with not so much effort I would like to avoid programming something (may be using feed parser or XML_RSS). What I would like to do is:

  1. Get the average post per day, week and month
  2. Get the average for a specific week and month
  3. Get the all items for a specific date
  4. If possible, to graph the number of items by day, week and month

If somebody knows a webservice to do that, please let me know to my e-mail, by a comment here or just send me a twitt. I would really appreciate!

Friday, 23 January 2009

Practical Artificial Intelligence and Machine Learning

I gave this presentation yesterday in Ignite UK North in Leeds. It is about Artificial Intelligence and Machine Learning, it contains a little bit of theory, practical examples and some resources to dig a little bit more on the topic. It does not go very deep in details though.