Cisco Blogs


Cisco Blog > Security

Big Data in Security – Part V: Anti-Phishing in the Cloud

TRACIn the last chapter of our five part Big Data in Security series, expert Data Scientists Brennan Evans and Mahdi Namazifar join me to discuss their work on a cloud anti-phishing solution.

Phishing is a well-known historical threat. Essentially, it’s social engineering via email and it continues to be effective and potent. What is TRAC currently doing in this space to protect Cisco customers?

Brennan: One of the ways that we have traditionally confronted this threat is through third-party intelligence in the form of data feeds. The problem is that these social engineering attacks have a high time dependency. If we solely rely on feeds, we risk delivering data to our customers that may be stale so that solution isn’t terribly attractive.  This complicates another issue with common approaches with a lot of the data sources out there:  many attempt to enumerate the solution by listing compromised hosts and  in practice each vendor seems to see just a small slice of the problem space, and as I just said, oftentimes it’s too late.

We have invested a lot of time in looking at how to avoid the problem of essentially being an intelligence redistributor and instead look at the problem firsthand using our own rich data sources – both external and internal – and really develop a system that is more flexible, timely, and robust in the types of attacks it can address.

Mahdi: In principle, we have designed and built prototypes around Cisco’s next generation phishing detection solution.  To address the requirements for both an effective and efficient phishing detection solution, our design is based on Big Data and machine learning.  The Big Data technology allows us to dig into a tremendous amount of data that we have for this problem and extract predictive signals for the phishing problem. Machine learning algorithms, on the other hand, provide the means for using the predictive signals, captured from historical data, to build mathematical models for predicting the probability of a URL or other content being phishing.

Phishing

Read More »

Tags: , , , , , , , , , , , ,

Guest Blog: Migrating High Density University Networks to 802.11ac

Editor’s Note: This is a guest post by Joe Rogers, Associate Director of Network Engineering for the University of South Florida (USF). Hear Joe speak about his experiences with next-generation wireless in high density environments on next Tuesday’s webinar:  “Migrating Enterprise Networks to 802.11ac” at 10am PST (Dec 17) (Register here)

Joe RogersJoe Rogers is the Associate Director of Network Engineering for the University of South Florida.  He is a graduate of USF’s Computer Science and Engineering program and has worked as a network engineer at USF for the past 20 years.  He is currently responsible for all aspects of USF’s network which provides connectivity to over 100k devices across three campuses.  He’s held a CCIE routing and switching certification since 1999.  When not working, he’s an avid mountain biker (if you can call it “mountain” biking when you live in Florida).

—–

Universities face some of the most complex design challenges in wireless networking.  Our user population is highly mobile, bandwidth-hungry, and often simultaneously using at least two wireless devices in rooms with hundreds of their classmates.  The wireless network isn’t simply a convenience to them.  It’s critical to their educational success as many of the students are taking tests or working on assignments across the network.

At the University of South Florida, we support over 20,000 concurrent wireless users on our network of over 4,000 access points.  We have more than 90,000 unique devices registered this semester.  Our biggest challenge is designing the wireless network for the device densities in our large classrooms and popular study areas.  In these locations, we often have a thousand devices in a few hundred square feet of space.

We heavily rely on band select to place as many devices as possible on 5Ghz where more channels are available.  Unfortunately many devices such as older tablets and smart phones simply don’t have an 802.11a/n radio.  So we must carefully RF engineer the environment with smaller cells to provide the necessary coverage density. Read More »

Tags: , , , , , , , , , , , , , , , , , , , , ,

Congratulations to 2013 IEEE-SA International Award Recipient Andrew Myles

ieeeEarlier this week, the IEEE Standards Association (IEEE-SA) announced the winners of the 2013 IEEE-SA Awards to honor standards development contributions. We are pleased to announce that Andrew Myles, Engineering Technical Lead at Cisco has been awarded the IEEE 802 SA International award for his extraordinary contribution to establishing IEEE-SA as a world-class leader in standardization.  Andrew has long been involved in IEEE-SA and led a long term initiative (2005-2013) in IEEE 802 to defend and promote IEEE 802 standards globally.

We want to congratulate Andrew on this tremendous recognition. The work of Andrew and others  contributors develop and promote high quality, efficient and effective IEEE standards.  This enables the Internet and the supporting network components to be the premiere platforms for innovation and borderless commerce they are today. These standards in turn are reflected in our products and solutions for our customers.  As we develop technological innovation for our customers, in parallel, we continue to drive global standards deployment. The results are the best innovative solutions that can solve and better our customers’ network environments. Read More »

Tags: , , , , , , , , ,

IPv6-Centric Networking: Innovation Without Constraints

Over the last several months, I’ve been pleased to invite Mark Townsley, Cisco Fellow and recognized expert on Internet Protocol (IP), to discuss IPv6 as a key enabler of the Internet of Everything (IoE). In his series of guest blogs, Mark has explained the basics of IPv6 and why it is important (“Demystifying IPv6”), and discussed some of the technical challenges of moving to this latest version of IP (“Moving to IPv6: Rebuilding the Heart of the Internet Without Missing a Beat”). In this installment, Mark takes a look into the future at some of the things IPv6 will make possible. I’m particularly excited about this, because the unlimited addressing scheme of IPv6 is what will enable the exponential growth of connections among people, process, data, and things that will drive $14.4 trillion in IoE private-sector value over the next decade, and dramatically impact our daily lives. This is Mark’s third and final blog on IPv6.

 

townsleyIn my last blog, I explored various ways that IPv4 and IPv6 can coexist on the same network —each vital during the global IPv6 transition period, which began in earnest after the World IPv6 Launch last year. Today, I want to highlight new network deployments and designs that I like to call “IPv6-centric.” These architectures go beyond the more conservative approach of a congruent dual-stack IP network. Instead, they are designed and operated from the ground up with IPv6 at the base. While these networks can accommodate IPv4, IPv6 takes center stage.

 

IPv6-Centric Mobile Networks: Beginning last month, T-Mobile and Metro PCS users in the United States running the latest version of Android software are now provisioned with IPv6 by default, with no IPv4 address from the ISP network. Traffic to IPv6-enabled destinations such as Google, Facebook, Yahoo!, and Wikipedia will simply use IPv6. Traffic to non-IPv6-enabled sites will be translated to IPv4 after traversing the ISP network. If there are any remaining applications on the device that simply do not know how to handle IPv6, the Android device itself performs and IPv4-to-IPv6 translation internally, so the access network doesn’t see IPv4 at all.

“4G speeds and IoE are driving ‘scale-up’ and ‘scale-out’ in mobile networks. The scarcity of globally routable IPv4 addresses forces a series of compromises that an IPv6-only infrastructure alleviates, providing a solid bedrock to build upon.”

—    Cameron Byrne, T-Mobile Wireless, USA

Read More »

Tags: , , , , , ,

Big Data in Security – Part IV: Email Auto Rule Scoring on Hadoop

TRACFollowing part three of our Big Data in Security series on graph analytics, I’m joined by expert data scientists Dazhuo Li and Jisheng Wang to talk about their work in developing an intelligent anti-spam solution using modern machine learning approaches on Hadoop.

What is ARS and what problem is it trying to solve?

Dazhuo: From a high-level view, Auto Rule Scoring (ARS) is the machine learning system for our anti-spam system. The system receives a lot of email and classifies whether it’s spam or not spam. From a more detailed view, the system has hundreds of millions of sample email messages and each one is tagged with a label. ARS extracts features or rules from these messages, builds a classification model, and predicts whether new messages are spam or not spam. The more variety of spam and ham (non-spam) that we receive the better our system works.

Jisheng: ARS is also a more general large-scale supervised learning use case. Assume you have tens (or hundreds) of thousands of features and hundreds of millions (or even billions) of labeled samples, and you need them to train a classification model which can be used to classify new data in real time.

Spam

Read More »

Tags: , , , , , , , , , , , , , , , ,