Behavioral Service Graphs: A Big Data Approach for Prompt Investigation of Internet-Wide Infections
作者: Elias Bou-Harb , Mark Scanlon , Claude Fackha
DOI: 10.1109/NTMS.2016.7792437
关键词:
摘要: The task of generating network-based evidence to support network forensic investigation is becoming increasingly prominent. Undoubtedly, such significantly imperative as it not only can be used diagnose and respond various network-related issues (i.e., performance bottlenecks, routing issues, etc.) but more importantly, leveraged infer further investigate security intrusions infections. In this context, paper proposes a proactive approach that aims at accurate actionable related groups compromised machines. envisioned guide investigators promptly pinpoint malicious for possible immediate mitigation well empowering digital specialists examine those machines using auxiliary collected data or extracted artifacts. On one hand, the promptness successfully achieved by monitoring correlating perceived probing activities, which are typically very first signs an infection misdemeanors. other generated based on anomaly inference fuses big behavioral analytics in conjunction with formal graph theoretical concepts. We evaluate proposed global capability operations center. empirical evaluations, employ 80 GB real darknet traffic, indeed demonstrates accuracy, effectiveness simplicity evidence.
forensicsandsecurity.com参考文章(20)
Evan Cooke, Michael Bailey, Farnam Jahanian, Richard Mortier, None, The dark oracle: perspective-aware unused and unreachable address discovery networked systems design and implementation. pp. 8- 8 ,(2006)
Alessandro Guarino, Digital Forensics as a Big Data Challenge ISSE 2013 Securing Electronic Business Processes. pp. 197- 203 ,(2013) , 10.1007/978-3-658-03371-2_17
Paul C. van Oorschot, Evangelos Kranakis, David Whyte, DNS-based Detection of Scanning Worms in an Enterprise Network. network and distributed system security symposium. ,(2005)
David Moore, Colleen Shannon, Geoffrey M Voelker, Stefan Savage, Network Telescopes: Technical Report ,(2004)
Reza Hassanzadeh, Richi Nayak, Douglas Stebila, Analyzing the effectiveness of graph metrics for anomaly detection in online social networks web information systems engineering. pp. 624- 630 ,(2012) , 10.1007/978-3-642-35063-4_45
Joseph B. Kruskal, On the shortest spanning subtree of a graph and the traveling salesman problem Proceedings of the American Mathematical Society. ,vol. 7, pp. 48- 50 ,(1956) , 10.1090/S0002-9939-1956-0078686-7
Kenta Ozeki, Tomoki Yamashita, Spanning Trees: A Survey Graphs and Combinatorics. ,vol. 27, pp. 1- 26 ,(2011) , 10.1007/S00373-010-0973-2
Emmanuel S. Pilli, R.C. Joshi, Rajdeep Niyogi, Network forensic frameworks: Survey and research challenges Digital Investigation. ,vol. 7, pp. 14- 27 ,(2010) , 10.1016/J.DIIN.2010.02.003
Elias Bou-Harb, Mourad Debbabi, Chadi Assi, Behavioral analytics for inferring large-scale orchestrated probing events international conference on computer communications. pp. 506- 511 ,(2014) , 10.1109/INFCOMW.2014.6849283
Elias Bou-Harb, Mourad Debbabi, Chadi Assi, On fingerprinting probing activities Computers & Security. ,vol. 43, pp. 35- 48 ,(2014) , 10.1016/J.COSE.2014.02.005