Upgrade to Pro — share decks privately, control downloads, hide ads and more …

BoT2013 海量資料時代的網路分析

Allen Own
September 12, 2013
Technology
4
540

BoT2013 海量資料時代的網路分析

Allen Own

September 12, 2013
Tweet

More Decks by Allen Own

See All by Allen Own
NPO 要知道的資訊安全
allenown
1
210
20140714 SITCON Camp 揭開駭客的神祕面紗
allenown
2
570
PHPConf 2013 - 矛盾大對決
allenown
32
24k
PHPConf 2013 - 我的密碼沒加密,你的呢?
allenown
6
770
The Internet is (NOT) safe - WebConf Taiwan 2013
allenown
58
11k

Other Decks in Technology

See All in Technology
BPStudyの200回を中心にIT業界を振り返る。そしてこれから
haru860
3
390
成長をサポートするピープルマネジメントのやり方
sioncojp
8
1k
Cloud Service Mesh に触れ合う
phaya72
1
160
実例で紹介するRAG導入時の知見と精度向上の勘所
yamahiro
5
1.6k
【NW X Security JAWS#3】L3-4:AWS環境のIPv6移行に向けて知っておきたいこと
shotashiratori
1
610
One engineer company with Ruby on Rails
rstankov
2
420
いつか使うかも貯金してたらめちゃめちゃ機能が増えてた話
riyaamemiya
0
610
チームでロジカルシンキングに改めて向き合っている話 〜学習環境と実践⽅法〜
sansantech
PRO
3
3.2k
ゼロから始めるVue.jsコミュニティ貢献 / first-vuejs-community-contribution-link-and-motivation
lmi
1
150
コードファーストの考え方。 Amplify Gen2から学ぶAWS次世代のWeb開発体験
yoshiitaka
1
310
Babylon.jsと色々なものを組み合わせる:ブラウザのAPIやガジェットや2D描画ライブラリなど / Babylon.js 勉強会 vol.3
you
PRO
0
160
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
4
37k

Featured

See All Featured
The Pragmatic Product Professional
lauravandoore
26
5.8k
The Illustrated Children's Guide to Kubernetes
chrisshort
32
46k
Become a Pro
speakerdeck
PRO
12
4.6k
Building an army of robots
kneath
300
41k
The World Runs on Bad Software
bkeepers
PRO
61
6.7k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
21
6.4k
Design by the Numbers
sachag
274
18k
Making Projects Easy
brettharned
109
5.5k
Web Components: a chance to create the future
zenorocha
306
41k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
20
1.7k
5 minutes of I Can Smell Your CMS
philhawksworth
199
19k
Optimizing for Happiness
mojombo
370
69k

Transcript

  1. 海量資料時代的網路分析 BoT2013ୋʞ̨֣ᝄਜBotnetਈ಻ၾԣطҦஔ޼ীึ ॽख͍ Allen Own [email protected]

  2. Who Am I ॽख͍ (Allen Own) [email protected] DEVCORE Ꮦ˃੒ဧੂБڗ CHROOT

    ϓࡰ HITCON ̨ᝄᎡ܄ϋึਓᐼ̜ NISRA ༟τྠඟ௴፬ɛ ༟τҦঐږ޷ᆤᘩᒄϋڿࠏ

  3. ආБִ݁ఊЗeΆุഃသீ಻༊ਖ਼ࣩ ΂Άุeኪஔʿִ݁ఊЗᑺࢪʿᚥਪ ༟ৃτΌӻ୕޼Ӻʿක೯ ၣ༩τΌ஝ྌܔໄ Ꭱ܄ҸᏘ˓جeᎡ܄৛ᔳ ҸᏘ೻όeܝژ೻όක೯ၾ޼Ӻ EC-Council Certified Ethical Hacker

    Computer Hacking Forensic Investigator

  4. 2013/07/19 (五) ~ 20 (六) 中央研究院 ⼈人⽂文社會科學館

  5. None

  6. What is Big Data?

  7. None
  8. None
  9. None

  10. Big Data Big data[1][2] is the term for a collection

    of data sets so large and complex that it becomes difficult to process using on-hand database management tools or traditional data processing applications. The challenges include capture, curation, storage, [3] search, sharing, transfer, analysis,[4] and visualization. The trend to larger data sets is due to the additional information derivable from analysis of a single large set of related data, as compared to separate smaller sets with the same total amount of data, allowing correlations to be found to "spot business trends, determine quality of research, prevent diseases, link legal citations, combat crime, and determine real-time roadway traffic conditions."[5][6][7]

  11. How Big Data fights back against APTs and Malware? http://www.seculert.com/blog/2013/05/how-big-

    data-fights-back-against-apts-and-malware.html http://info.umbrella.com/infographic-using-big-data- for-malware-protection.html

  12. What is Big Data?

  13. What is Big Data? BIG

  14. How about... 9TB?

  15. How about... 9TB?

  16. Internet Census 2012 http://internetcensus2012.bitbucket.org/ While playing around with the Nmap

    Scripting Engine (NSE) we discovered an amazing number of open embedded devices on the Internet. Many of them are based on Linux and allow login to standard BusyBox with empty or default credentials. We used these devices to build a distributed port scanner to scan all IPv4 addresses. These scans include service probes for the most common ports, ICMP ping, reverse DNS and SYN scans. We analyzed some of the data to get an estimation of the IP address usage.

  17. Internet Census 2012 http://internetcensus2012.bitbucket.org/download/ internet_census_2012.torrent Decompressing all data results in

    9TB of raw logfiles, but this code can also be used to recompress the data into gzip files. The gziped dataset should be ~1.5TB.
  18. None
  19. None

  20. Hilbert Browser http://internetcensus2012.bitbucket.org/hilbert/ index.html

  21. We prepared 26TB. Special thanks to GD.

  22. None

  23. We spent 2 months to decompress parts of zpaq files.

  24. None

  25. How to use?

  26. How to use? ANS: Use your force.

  27. None

  28. grep -e "Apache/2.2.3" *

  29. grep -e "Apache/2.2.3" * 1MBJOUFYU3VMFT

  30. But... it took 15 minutes... (one single file)

  31. Search Faster!

  32. None

  33. elasticsearch http://www.elasticsearch.org/ flexible and powerful PQFOTPVSDF, distributed real- time search

    and analytics engine for the cloud. Case Study: Fog Creek, Stack Overflow, SoundCloud, StumbleUpon, Github, foursquare, Wordpress, salesforce
  34. None

  35. You Know, for Search.

  36. I'm too lazy to code.

  37. None

  38. logstash http://logstash.net logstash is a tool for managing events and

    logs. You can use it to collect logs, parse them, and store them for later use (like, for searching). Speaking of searching, logstash comes with a web interface for searching and drilling into all of your logs. *UJTGVMMZGSFFBOEGVMMZPQFOTPVSDF
  39. None
  40. None

  41. It works!

  42. I need stronger UI/UX!

  43. None

  44. Kibana http://kibana.org Kibana is an PQFOTPVSDF (MIT License), browser based

    interface to Logstash and ElasticSearch. Once you have those in place, Kibana is a breeze to install and configure (really, I swear). And as you'll see below, none too hard to operate. Check out the screenshots for an idea of what Kibana is all about.
  45. None
  46. None
  47. None
  48. None
  49. None

  50. LIVE DEMO

  51. "OBMZTJTPG *OUFSOFU$FOTVT 4FBSDILOPXOWVMOFSBCMFTFSWFST BQQMJDBUJPOT "OBMZ[F*1BDUJWJUJFT %FUFDUCPUOFUBDUJWJUJFT 'JOETQFDJGJDEPNBJOIPTUT

  52. 2"

  53. 5IBOLT 翁浩正 Allen Own [email protected]