Implications of Theoretic Derivations on Empirical Passive Measurements for Effective Cyber Threat Intelligence Generation
作者: Morteza Safaei Pour , Elias Bou-Harb
关键词: Darknet 、 Relation (database) 、 Context (language use) 、 Computer science 、 Computer security 、 Botnet 、 The Internet 、 IPv6 、 Intrusion detection system
摘要: Cyber space continues to be threatened by various debilitating attacks. In this context, executing passive measurements analyzing Internet-scale, one- way darknet traffic has proven an effective approach shed the light on Internet-wide maliciousness. While typically such are solely conducted from empirical perspective already deployed IP spaces using off-the-shelf Intrusion Detection Systems (IDS), their multidimensional theoretical foundations, relations and implications continue obscured. paper, we take a first step towards comprehending relation between attackers' behaviors, width of vantage points, probability detection minimum time. We perform stochastic modeling, derivation, validation, inter-correlation analysis parameters provide numerous insightful inferences, as most IDS suitable space, given activities in presence time/probability constraints. One outcomes suggests that widely-deployed Bro is ideal for inferring slow, stealthy probing leveraging measurements. Further, results do not recommend deploying Snort when available relatively small, which typical scenario darknets operated employed organizational sub-networks. concur generated derivations mathematical put forward first-of-akind formal accurate characterization darknet-centric notions, possess significant Internet This especially factual with advent evolving paradigms IPv6 deployments proliferation highly-distributed, orchestrated, large-scale botnets.
sci-hub.se 参考文章(18)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Philipp Trinius, Jan Gerrit Göbel, Towards Optimal Sensor Placement Strategies for Early Warning Systems Sicherheit. pp. 191- 204 ,(2010)
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Claude Fachkha, Elias Bou-Harb, Mourad Debbabi, On the inference and prediction of DDoS campaigns communications and mobile computing. ,vol. 15, pp. 1066- 1078 ,(2015) , 10.1002/WCM.2510
Derek Leonard, Zhongmei Yao, Xiaoming Wang, Dmitri Loguinov, Stochastic analysis of horizontal IP scanning international conference on computer communications. pp. 2077- 2085 ,(2012) , 10.1109/INFCOM.2012.6195589
Tyler Moore, The promise and perils of digital currencies International Journal of Critical Infrastructure Protection. ,vol. 6, pp. 147- 149 ,(2013) , 10.1016/J.IJCIP.2013.08.002
Elias Bou-Harb, Mourad Debbabi, Chadi Assi, On fingerprinting probing activities Computers & Security. ,vol. 43, pp. 35- 48 ,(2014) , 10.1016/J.COSE.2014.02.005
David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, Stefan Savage, Inferring Internet denial-of-service activity ACM Transactions on Computer Systems. ,vol. 24, pp. 115- 139 ,(2006) , 10.1145/1132026.1132027
W. Harrop, G. Armitage, Defining and Evaluating Greynets (Sparse Darknets) local computer networks. pp. 344- 350 ,(2005) , 10.1109/LCN.2005.46
Elias Bou-Harb, Mourad Debbabi, Chadi Assi, A novel cyber security capability Computer Networks. ,vol. 94, pp. 327- 343 ,(2016) , 10.1016/J.COMNET.2015.11.004