Detect Malicious Attacks from Entire TCP Communication Process
作者: Peng Fang , Liusheng Huang , Xinyuan Zhang , Hongli Xu , Shaowei Wang
DOI: 10.1007/978-3-319-70139-4_88
关键词:
摘要: Malicious attack identification plays an essential role in network security monitoring. Current popular technologies are mainly to select a closely related set of attributes from packet header for fingerprinting malicious attacks. Those methods not effective enough because attacks can be disguised as normal applications and we cannot observe their characteristics only the packer’s header. In this paper, will employ generated entire TCP communication process identify A challenging point our method is how choose right up 248 properties flows low proportion wide variety real-world viruses analyzed samples, such extortion virus WannaCry. The experiment results demonstrate that proposed fingerprint but also accurately types virus.
springer.com
sci-hub.se 参考文章(17)
Andrew W. Moore, Konstantina Papagiannaki, Toward the Accurate Identification of Network Applications Lecture Notes in Computer Science. pp. 41- 54 ,(2005) , 10.1007/978-3-540-31966-5_4
Denis Zuev, Andrew Moore, Michael Crogan, Discriminators for use in flow-based classification ,(2013)
Huan Liu, Lei Yu, Feature selection for high-dimensional data: a fast correlation-based filter solution international conference on machine learning. pp. 856- 863 ,(2003)
Edouard Lagache, Ken Keys, K. C. Claffy, David Moore, Ryan Koga, The CoralReef Software Suite as a Tool for System and Network Administrators usenix large installation systems administration conference. pp. 133- 144 ,(2001)
George H. John, Pat Langley, Estimating continuous distributions in Bayesian classifiers uncertainty in artificial intelligence. pp. 338- 345 ,(1995)
Amine Boukhtouta, Nour-Eddine Lakhdari, Serguei A Mokhov, Mourad Debbabi, None, Towards Fingerprinting Malicious Traffic Procedia Computer Science. ,vol. 19, pp. 548- 555 ,(2013) , 10.1016/J.PROCS.2013.06.073
Sean R Eddy, None, Biological Sequence Analysis: Probabilistic Models of Proteins and Nucleic Acids ,(1998)
Andrew W. Moore, Denis Zuev, Internet traffic classification using bayesian analysis techniques measurement and modeling of computer systems. ,vol. 33, pp. 50- 60 ,(2005) , 10.1145/1064212.1064220
Laurent Bernaille, Renata Teixeira, Ismael Akodkenou, Augustin Soule, Kave Salamatian, Traffic classification on the fly ACM SIGCOMM Computer Communication Review. ,vol. 36, pp. 23- 26 ,(2006) , 10.1145/1129582.1129589