chg: [workshot-0] merge PTS19 changes - introduce DDoS

docs/workshop/0-introduction/d4-introduction.tex

@@ -8,6 +8,8 @@
 \usetikzlibrary{shapes,arrows}
 \usepackage{transparent}
 \usepackage{fancyvrb}
+\usepackage{tabularx}
+\usepackage{ulem}
 \usepackage{listings}
 \definecolor{main}{RGB}{47, 161, 219}
 %\definecolor{textcolor}{RGB}{128, 128, 128}
@@ -15,10 +17,10 @@
 \definecolor{textcolor}{RGB}{85, 87, 83}
 \title{D4 Project}
 \subtitle{Open and collaborative network monitoring}
-\author{Alexandre Dulaunoy - Sami Mokaddem}
+\author{TEAM CIRCL}
 \titlegraphic{\includegraphics[scale=0.20]{d4-logo.pdf}}
-\institute{Team CIRCL \\ \url{https://www.d4-project.org/}}
+\institute{\url{https://www.d4-project.org/}}
-\date{2019/03/29}
+\date{2019/09/23}
 
 \begin{document}
     \begin{frame}
@@ -54,28 +56,99 @@
 \begin{frame}
         \frametitle{(short) History}
  \begin{itemize}
-        \item D4 Project (co-funded under INEA CEF EU program) started - 1st November 2018
+        \item D4 Project (co-funded under INEA CEF EU program) started - \textbf{1st November 2018}
-        \item D4 encapsulation protocol version 1 published  - 1st December 2018
+        \item D4 encapsulation protocol version 1 published  - \textbf{1st December 2018}
-        \item v0.1 release of the D4 core\footnote{\url{https://www.github.com/D4-project/d4-core}} including a server and simple D4 C client - 21st January 2018
+        \item v0.1 release of the D4 core\footnote{\url{https://www.github.com/D4-project/d4-core}} including a server and simple D4 C client - \textbf{21st January 2019}
-        \item First version of a golang D4 client\footnote{\url{https://www.github.com/D4-project/d4-goclient/}} running on ARM, MIPS, PPC and x86 - January 2018
+        \item First version of a golang D4 client\footnote{\url{https://www.github.com/D4-project/d4-goclient/}} running on ARM, MIPS, PPC and x86 - \textbf{January 2019}
+        \item First Analyzers - \textbf{Spring 2019}
+        \item Client Generator - \textbf{Summer 2019}
  \end{itemize}
 \end{frame}
 
+
+\begin{frame}
+        \frametitle{(short) History}
+\begin{center}
+\resizebox{!}{100pt}{%
+  \begin{tabularx}{\linewidth}%
+    {>{\setlength\hsize{0.6\hsize}\raggedright}X%
+     >{\setlength\hsize{0.4\hsize}\raggedright}X}
+
+\hline
+Release                          & Date          \tabularnewline
+\hline
+AIL-framework-v1.5 & Apr. 26, 2019  \tabularnewline
+...  & \tabularnewline
+AIL-framework-v2.1 & Aug. 14, 2019  \tabularnewline
+analyzer-d4-balboa-v0.1          & Aug. 19, 2019 \tabularnewline
+analyzer-d4-passivedns-v0.1      & Apr. 5, 2019  \tabularnewline
+analyzer-d4-passivessl-0.1       & Apr. 25, 2019 \tabularnewline
+analyzer-d4-pibs-v0.1            & Apr. 8, 2019  \tabularnewline
+BGP-Ranking-1.0                  & Apr. 25, 2019 \tabularnewline
+BGP-Ranking-1.1                  & Aug. 19, 2019 \tabularnewline
+d4-core-v0.1                     & Jan. 25, 2019 \tabularnewline
+d4-core-v0.2                     & Feb. 14, 2019 \tabularnewline
+d4-core-v0.3                     & Apr. 8, 2019  \tabularnewline
+d4-goclient-v0.1                 & Feb. 14, 2019 \tabularnewline
+d4-goclient-v0.2                 & Apr. 8, 2019  \tabularnewline
+d4-sensor-generator-v0.1         & Aug. 22, 2019 \tabularnewline
+d4-server-packer-0.1             & Apr. 25, 2019 \tabularnewline
+IPASN-History-1.0                & Apr. 25, 2019 \tabularnewline
+IPASN-History-1.1                & Aug. 19, 2019 \tabularnewline
+sensor-d4-tls-fingerprinting-0.1 & Apr. 25, 2019 \tabularnewline 
+\hline
+
+\end{tabularx}%
+}
+\end{center}
+
+see \url{https://github.com/D4-Project}
+\end{frame}
+
 \begin{frame}
 \frametitle{D4 Overview}
         \includegraphics[scale=0.38]{../../diagram/d4-overview.png}
 \end{frame}
 
 \begin{frame}
-        \frametitle{Roadmap (next 2 months)}
+\frametitle{D4 Overview - Connecting Sensor Networks}
+        \includegraphics[scale=0.46]{../../diagram/mixing-d4-1.pdf}
+        {\tiny \url{https://d4-project.org/2019/06/17/sharing-between-D4-sensors.html}}
+\end{frame}
+
+\begin{frame}
+        \frametitle{What to do with it}
         \begin{itemize}
-                \item Passive DNS analyzer (alpha version released)
+                \item Passive DNS collection
-                \item Passive SSL collector and analyzer
+                \item Passive SSL collection
-                \item Backscatter DDoS traffic analyzer
+                \item AIL collection  
-                \item {\bf Default server} (blackhole monitoring or Passive DNS collector) at CIRCL for organisations willing to contribute without running their own D4 server
+                \item Correlations, CTI
+                \item DDoS Detection 
         \end{itemize}
 \end{frame}
 
+\begin{frame}
+\frametitle{D4 Overview: DDoS}
+        \includegraphics[width=\textwidth]{../../diagram/theconversation.pdf}
+        {\tiny \url{https://d4-project.org/2019/08/29/state-of-the-art-DDoS.html}}
+\end{frame}
+
+\begin{frame}
+        \frametitle{Roadmap - output}
+
+                  CIRCL hosts a server instance for organisations willing to
+                  contribute to a public dataset without running their own D4 server:
+                  \begin{itemize}
+                  \item [\checkmark] Blackhole DDoS
+                  \item [\checkmark] Passive DNS 
+                  \item [\checkmark] Passive SSL 
+                  \item Gene\footnote{\url{https://github.com/0xrawsec/gene}} / WHIDS\footnote{\url{https://github.com/0xrawsec/whids}} (sysmon)
+                  \item BGP mapping 
+                  \item egress filtering mapping
+                  \item Radio-Spectrum monitoring: 802.11, BLE, \sout{GSM}, etc. 
+                  \end{itemize}
+\end{frame}
+
 
 \begin{frame}
         \frametitle{D4 encapsulation protocol}
@@ -130,7 +203,7 @@
 \end{frame}
 
 \begin{frame}
-    \frametitle{D4-core server}
+    \frametitle{D4 server}
    \begin{itemize}
            \item D4 core server\footnote{\url{https://github.com/D4-project/d4-core}} is a complete server to handle clients (sensors) including the decapsulation of the D4 protocol, control of sensor registrations, management of decoding protocols and dispatching to adequate decoders/analysers.
            \item D4 server is written in Python 3.6 and runs on standard GNU/Linux distribution.
@@ -189,14 +262,9 @@ After the stream is processed depending of the type using dedicated worker.
         \end{itemize}
 \end{frame}
 
-\begin{frame}
-        \frametitle{D4 server - type 254 - implementation}
-        \includegraphics[scale=0.3]{d4-worker-2.png}
-\end{frame}
-
 \begin{frame}
         \frametitle{D4 server - management interface}
-The D4 server provides a web interface to manage D4 sensors, sessions and analyzer.
+The D4 server provides a {\bf web interface} to manage D4 sensors, sessions and analyzer.
         \begin{itemize}
 \item Get Sensors status, errors and statistics
 \item Get all connected sensors
@@ -209,32 +277,30 @@ The D4 server provides a web interface to manage D4 sensors, sessions and analyz
 
 \begin{frame}
         \frametitle{D4 server - main interface}
-        \includegraphics[scale=0.18]{d4-5.png}
+        \includegraphics[width=\textwidth]{./d4-5.png}
 \end{frame}
 
 \begin{frame}
         \frametitle{D4 server - server management}
-        \includegraphics[scale=0.18]{d4-2.png}
+        \includegraphics[width=\textwidth]{./d4-2.png}
 \end{frame}
 
 \begin{frame}
         \frametitle{D4 server - server management}
-        \includegraphics[scale=0.18]{d4-3.png}
+        \includegraphics[width=\textwidth]{./d4-3.png}
 \end{frame}
 
 \begin{frame}
         \frametitle{D4 server - sensor overview}
-        \includegraphics[scale=0.18]{d4-1.png}
+        \includegraphics[width=\textwidth]{./d4-1.png}
 \end{frame}
 
 
 \begin{frame}
         \frametitle{D4 server - sensor management}
-        \includegraphics[scale=0.18]{d4-4.png}
+        \includegraphics[width=\textwidth]{./d4-4.png}
 \end{frame}
 
-
-
 \begin{frame}
         \frametitle{}
         {\center Use-case: migrating a legacy network capture model into a D4 network sensor