Detecting malicious clients in ISP networks using HTTP connectivity graph and flow information
作者: Marco Mellia , Ruben Torres , Pang-Ning Tan , Sabyasachi Saha , Antonio Nucci
关键词:
摘要: This paper considers an approach to identify previously undetected malicious clients in Internet Service Provider (ISP) networks by combining flow classification with a graph-based score propagation method. Our represents all HTTP communications between and servers as weighted, near-bipartite graph, where the nodes correspond IP addresses of while links are their interconnections, weighted according output flow-based classifier. We employ two-phase alternating algorithm on graph suspicious monitored network. Using symmetrized adjacency matrix its input, we show that our is less vulnerable towards inflating scores popular Web high in-degrees compared normalization used PageRank, widely Experimental results 4-hour network trace collected large service provider showed incorporating information into significantly improves precision algorithm.
computer.org
sci-hub.st 参考文章(22)
Kumar Chellapilla, Reid Andersen, Jack W. Stokes, Christian Seifert, WebCop: locating neighborhoods of malware on the web usenix conference on large scale exploits and emergent threats. pp. 5- 5 ,(2010)
Vinod Yegneswaran, Guofei Gu, Wenke Lee, Martin Fong, Phillip Porras, BotHunter: detecting malware infection through IDS-driven dialog correlation usenix security symposium. pp. 12- ,(2007)
Christopher Kruegel, Ralf Hund, Thorsten Holz, Gregoire Jacob, JACKSTRAWS: picking command and control connections from bot traffic usenix security symposium. pp. 29- 29 ,(2011)
Johannes Ullrich, Phillip Porras, Jian Zhang, Highly predictive blacklisting usenix security symposium. pp. 107- 122 ,(2008)
Guofei Gu, Wenke Lee, Junjie Zhang, BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic network and distributed system security symposium. ,(2008)
Roberto Perdisci, Guofei Gu, Wenke Lee, Junjie Zhang, BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection usenix security symposium. pp. 139- 154 ,(2008)
Mitsuaki Akiyama, Takeshi Yagi, Mitsutaka Itoh, Searching Structural Neighborhood of Malicious URLs to Improve Blacklisting 2011 IEEE/IPSJ International Symposium on Applications and the Internet. pp. 1- 10 ,(2011) , 10.1109/SAINT.2011.11
Prakash Mandayam Comar, Lei Liu, Sabyasachi Saha, Pang-Ning Tan, Antonio Nucci, Combining supervised and unsupervised learning for zero-day malware detection 2013 Proceedings IEEE INFOCOM. pp. 2022- 2030 ,(2013) , 10.1109/INFCOM.2013.6567003
Prakash Mandayam Comar, Lei Liu, Sabyasachi Saha, Antonio Nucci, Pang-Ning Tan, Weighted linear kernel with tree transformed features for malware detection Proceedings of the 21st ACM international conference on Information and knowledge management - CIKM '12. pp. 2287- 2290 ,(2012) , 10.1145/2396761.2398622
Lei Liu, Pang-Ning Tan, A Framework for Co-classification of Articles and Users in Wikipedia web intelligence. ,vol. 1, pp. 212- 215 ,(2010) , 10.1109/WI-IAT.2010.223