摘要: The task of generating network-based evidence to support network forensic investigation is becoming increasingly prominent. Undoubtedly, such significantly imperative as it not only can be used diagnose and respond various network-related issues (i.e., performance bottlenecks, routing issues, etc.) but more importantly, leveraged infer further investigate security intrusions infections. In this context, paper proposes a proactive approach that aims at accurate actionable related groups compromised machines campaigns). envisioned guide investigators promptly pinpoint malicious for possible immediate mitigation well empowering digital specialists examine those using auxiliary collected data or extracted artifacts. On one hand, the promptness successfully achieved by monitoring correlating perceived probing activities, which are typically very first signs an infection misdemeanors. other generated based on anomaly inference fuses behavioral analytics in conjunction with formal graph theoretic concepts. We evaluate proposed two deployment scenarios, namely, enterprise edge engine global capability operations center model. empirical evaluation employs 10GB real botnet traffic 80GB darknet indeed demonstrates accuracy, effectiveness simplicity evidence.
ucd.ie
core.ac.uk
markscanlon.co
acm.org参考文章(43)
Evan Cooke, Michael Bailey, Farnam Jahanian, Richard Mortier, None, The dark oracle: perspective-aware unused and unreachable address discovery networked systems design and implementation. pp. 8- 8 ,(2006)
Alessandro Guarino, Digital Forensics as a Big Data Challenge ISSE 2013 Securing Electronic Business Processes. pp. 197- 203 ,(2013) , 10.1007/978-3-658-03371-2_17
Paul C. van Oorschot, Evangelos Kranakis, David Whyte, DNS-based Detection of Scanning Worms in an Enterprise Network. network and distributed system security symposium. ,(2005)
David Moore, Colleen Shannon, Geoffrey M Voelker, Stefan Savage, Network Telescopes: Technical Report ,(2004)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Jonathon Shlens, A Tutorial on Principal Component Analysis. arXiv: Learning. ,(2014)
Reza Hassanzadeh, Richi Nayak, Douglas Stebila, Analyzing the effectiveness of graph metrics for anomaly detection in online social networks web information systems engineering. pp. 624- 630 ,(2012) , 10.1007/978-3-642-35063-4_45
Stuart Staniford, James A. Hoagland, Joseph M. McAlerney, Practical automated detection of stealthy portscans Journal of Computer Security. ,vol. 10, pp. 105- 136 ,(2002) , 10.3233/JCS-2002-101-205
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Riyad Alshammari, A. Nur Zincir-Heywood, Can encrypted traffic be identified without port numbers, IP addresses and payload inspection? Computer Networks. ,vol. 55, pp. 1326- 1350 ,(2011) , 10.1016/J.COMNET.2010.12.002