ISC/CAIDA Data Collaboration Workshop

ISC and CAIDA hosted a Data Collaboration Workshop on Oct 22, 2012 (by invitation only) in Baltimore, MD, co-located with the MAAWG 26th general meeting.

Co-located with the MAAWG 26th general meeting
Date: October 22 (Mon), 2012
Place: Hilton Hotel, Baltimore, MD

Announcement

The ISC/CAIDA Data Collaboration workshop is a venue for:

Showcasing novel case studies of network and security data analysis and data sharing
Discussing data synthesis techniques and technologies
In-person networking between data providers and recipients in research and operations
SIE data contributors to hear and discuss how their shared data is providing value
Learning how open-source SIE technology can be incorporated into collaborative research data collection and sharing efforts

Topics to be discussed include:

Introduction to SIE and NMSG (Concepts, Toolkit, Methods, and Design needed to create your own security data redistribution network)
Demos and tutorials on how to implement Passive DNS Replication sensor, darknet sensors, spam sensors
Case studies of SIE data and DNSDB usage (research and operational)

Registration

Attendees will be asked to submit brief, informal abstracts for presentations, or expressions of interest in moderating a discussion topic or breakout roundtable. Each attendee is expected to actively participate as well as provide input, writing, and/or feedback on the report we'll publish within 6 weeks after the workshop.

Registration for the ISC-CAIDA workshop is closed.

Workshop Agenda

October 22 (Monday)

Place: Hilton Hotel, Baltimore, MD

09:00 - 9:15 Introductions
- Merike Kaeo (Double Shot Security), Introductions (15 min)
9:15 - 9:45
- Eric Ziegast (ISC), Build your own SIE (30 min)
10:00 - 10:15
- David Dagon (Georgia Institute of Technology), Teaching NMSG - lessons learned from a tutorial (15 min)
10:15 - 10:45
- Paul Vixie (ISC), Implications of SIE (30 min)
10:45 - 11:00 break
11:00 - 12:00
- Robert Edmonds (ISC), Sorted String Tables: ISC mtbl and ISC dnstable (60 min)
12:00 - 13:30 working lunch
13:30 - 15:20 DNS I
- Damon McCoy (George Mason University), Manufacturing Compromise: The Emergence of Exploit-as-a-Service (25 min)
- Roberto Perdisci (University of Georgia), FluxBuster (20 min)
- Casey Deccio (Sandia National Laboratories), Qualitative DNS Measurement Perspectives (20 min)
- John Heidemann (USC/Information Sciences Institute), Broadening DNS Research (20 min)
15:10 - 16:00 Network Analysis
- Ed Stoner (CERT/CC), Network Threat Detection and Event Correlation (25 min)
- David Plonka (University of Wisconsin-Madison), Rendezvous-based analysis, measurement and threat detection (25 min)
16:00 - 16:45 DNS II
- David Dagon (Georgia Institute of Technology), DNS Path Measurement (20 min)
- John-Paul Verkamp (University of Indiana), Rebuilding zone files from passive DNS data (20 min)
16:45 - 17:30 Security Data Flea Market
- Discussion (45 min)
17:30 Adjourn

Additional Content

ISC/CAIDA Data Collaboration Workshop : Talk Abstracts

This page contains names, talk abstracts (if presenting), and topic keywords for workshop participants as they were submitted. Participants are encouraged to read these ahead of time to anticipate workshop discussion.

ISC/CAIDA Data Collaboration Workshop: Participants

This page contains the list of participants of the ISC/CAIDA Data Collaboration Workshop on October 22, 2012.

/workshops/isc-caida/1210/slides/isc1210_redmonds/

Sorted String Tables: ISC mtbl and ISC dnstable

Robert Edmonds ()

22 October 2012

Introduction

"Sorted String Table" data structure:

The Google SSTable file format is used internally to store Bigtable data. An SSTable provides a persistent, ordered immutable map from keys to values, where both keys and values are arbitrary byte strings. Operations are provided to look up the value associated with a specified key, and to iterate over all key/value pairs in a specified key range.