Network security management with traffic pattern clustering
作者: Tao-Wei Chiou , Shi-Chun Tsai , Yi-Bing Lin
DOI: 10.1007/S00500-013-1218-0
关键词: Spectral clustering 、 Domain (software engineering) 、 Big data 、 Cluster analysis 、 Denial-of-service attack 、 Network security management 、 Campus network 、 Airfield traffic pattern 、 Computer science 、 Data mining 、 Network security 、 Artificial intelligence 、 Machine learning
摘要: Profiling network traffic pattern is an important approach for tackling security problem. Based on campus infrastructure, we propose a new method to identify randomly generated domain names and pinpoint the potential victim groups. We characterize normal with so called popular 2gram (2 consecutive characters in word) distinguish between active nonexistent names. also track destination IPs of sources analyze their similarity connection uncover anomalous group behaviors. apply Hadoop technique deal big data classify clients as victims or not spectral clustering method.
nctu.edu.tw
springer.com
acm.org参考文章(20)
Roberto Perdisci, David Dagon, Manos Antonakakis, Nick Feamster, Wenke Lee, Building a dynamic reputation system for DNS usenix security symposium. pp. 18- 18 ,(2010)
Roberto Perdisci, David Dagon, Manos Antonakakis, Nick Feamster, Wenke Lee, Notos: Building a Dynamic Reputation System for DNS ,(2010)
Roberto Perdisci, David Dagon, Yacin Nadji, Manos Antonakakis, Nikolaos Vasiloglou, Wenke Lee, Saeed Abu-Nimeh, From throw-away traffic to bots: detecting the rise of DGA-based malware usenix security symposium. pp. 24- 24 ,(2012)
Susan Anderson-Freed, Sartaj Sahni, Ellis Horowitz, Fundamentals of Data Structures in C ,(2008)
Yoav Freund, Llew Mason, The Alternating Decision Tree Learning Algorithm international conference on machine learning. pp. 124- 133 ,(1999)
Leyla Bilge, Engin Kirda, Christopher Kruegel, Marco Balduzzi, EXPOSURE : Finding malicious domains using passive DNS analysis network and distributed system security symposium. ,(2011)
Hyunsang Choi, Heejo Lee, Identifying botnets by capturing group activities in DNS traffic Computer Networks. ,vol. 56, pp. 20- 33 ,(2012) , 10.1016/J.COMNET.2011.07.018
Ugo Fiore, Francesco Palmieri, Aniello Castiglione, Alfredo De Santis, Network anomaly detection with the restricted Boltzmann machine Neurocomputing. ,vol. 122, pp. 13- 23 ,(2013) , 10.1016/J.NEUCOM.2012.11.050
Francesco Palmieri, Ugo Fiore, A nonlinear, recurrence-based approach to traffic classification Computer Networks. ,vol. 53, pp. 761- 773 ,(2009) , 10.1016/J.COMNET.2008.12.015
Richard Kemmerer, Christopher Kruegel, Giovanni Vigna, Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Your botnet is my botnet: analysis of a botnet takeover computer and communications security. pp. 635- 647 ,(2009) , 10.1145/1653662.1653738