Paste DigestIbrahim M. El-Sayed

Mahmoud Raouf

Outline• Introduction

o Incident handling

o News

o The Spark

• Projecto Goal

o How

o Extendibility

o Performance

o Simplicity

• Conclusiono Results

o Challenges

o Futuristic Vision

IntroductionIncident Handling

“Computer security incident management involves

the monitoring and detection of security events on a

computer or computer network, and the execution of

proper responses to those events.” - "ISO

17799|ISO/IEC 17799:2005(E)"

Introduction• News

o Sony Pictures Entertainment Hack

o Anonymous #OpEgypt

Introduction• The Spark

o Collect

o Analyze

o Correlate

o Notify

Idea

“A live channel that monitors, analyzes and

notifies the posts of the cyber attacks on pasting

websites“

Pastebin Server

Script

3 Seconds

Database

Pastebin File

How?

Demo

Extendibility• Class diagram

• Extend to other websites

• Extend weight function

Performance• Pattern matching

o Regex matching

o Knuth–Morris–Pratt algorithm O(N+M)

• 50000 chars

• Built in method: 0.000952557316432 sec

• KMP: 9.10658855941e-07

• Threading

Simplicity

Simplicity

Simplicity

Simplicity

Conclusion• Results

Conclusion• Challenges

o Getting blocked

o Encoding

o False positives

Conclusion• To-Do

o Upgrade the database for archiving

o Correlating different pasting websites together

o Why storing everything?

o Availability

o Notifying with emails

• Vision

Acknowledgment

Ahmed Hassan

Ahmed Alaa

Questions