On correlating network traffic for cyber threat intelligence: A Bloom filter approach
作者: Adil Atifi , Elias Bou-Harb
DOI: 10.1109/IWCMC.2017.7986317
关键词:
摘要: Internet and organizational network security is still threatened by devastating malicious activities. Given the continuous escalation of such attacks in terms their frequency, sophistication stealthiness, it paramount importance to generate effective cyber threat intelligence that aims at inferring, attributing, characterizing mitigating misdemeanors. Nevertheless, imperative tasks are partially impeded lack correlation approaches can produce prompt accurate actionable investigating various traffic sources. To this end, paper proposes a simple yet approach generically correlate for purposes. The uniquely exploits Bloom filters infer similarities between analyzed while eliminating false negatives managing very low measurable positive rate. We demonstrate effectiveness proposed empirically evaluating using 10 GB real darknet data close 15 thousand malware samples. outcome rendered hundreds inferred attributed Internet-scale infections, which we corroborate third-party publicly accessible repositories. envision could be leveraged as an component complex information event management systems provide metrics would aid comprehending activities incidents.
sci-hub.se 参考文章(26)
Evan Cooke, Michael Bailey, Farnam Jahanian, Richard Mortier, None, The dark oracle: perspective-aware unused and unreachable address discovery networked systems design and implementation. pp. 8- 8 ,(2006)
David Moore, Colleen Shannon, Geoffrey M Voelker, Stefan Savage, Network Telescopes: Technical Report ,(2004)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Ke Wang, Janak J. Parekh, Salvatore J. Stolfo, Anagram: A Content Anomaly Detector Resistant to Mimicry Attack Lecture Notes in Computer Science. pp. 226- 248 ,(2006) , 10.1007/11856214_12
M. Naor, M. Yung, Universal one-way hash functions and their cryptographic applications Proceedings of the twenty-first annual ACM symposium on Theory of computing - STOC '89. pp. 33- 43 ,(1989) , 10.1145/73007.73011
Christian Rossow, Amplification Hell: Revisiting Network Protocols for DDoS Abuse network and distributed system security symposium. ,(2014) , 10.14722/NDSS.2014.23233
Andrei Broder, Michael Mitzenmacher, Network Applications of Bloom Filters: A Survey Internet Mathematics. ,vol. 1, pp. 485- 509 ,(2004) , 10.1080/15427951.2004.10129096
Elias Bou-Harb, Mourad Debbabi, Chadi Assi, A Statistical Approach for Fingerprinting Probing Activities availability, reliability and security. pp. 21- 30 ,(2013) , 10.1109/ARES.2013.9
Elias Bou-Harb, Nour-Eddine Lakhdari, Hamad Binsalleeh, Mourad Debbabi, None, Multidimensional investigation of source port 0 probing Digital Investigation. ,vol. 11, pp. S114- S123 ,(2014) , 10.1016/J.DIIN.2014.05.012
Yousra Chabchoub, Christine Fricker, Philippe Robert, Improving the detection of on-line vertical port scan in IP traffic conference on risks and security of internet and systems. pp. 1- 6 ,(2012) , 10.1109/CRISIS.2012.6378945