A novel cyber security capability
作者: Elias Bou-Harb , Mourad Debbabi , Chadi Assi
DOI: 10.1016/J.COMNET.2015.11.004
关键词:
摘要: This paper presents a new approach to infer worldwide malware-infected machines by solely analyzing their generated probing activities. In contrary other adopted methods, the proposed does not rely on symptoms of infection detect compromised machines. allows inference malware at very early stages contamination. The aims detecting whether are infected or as well pinpointing exact type/family. latter insights allow network security operators diverse organizations, Internet service providers and backbone networks promptly clients' in addition effectively providing them with tailored anti-malware/patch solutions. To achieve intended goals, exploits darknet space initially filters out misconfiguration traffic targeting such using probabilistic model. Subsequently, employs statistical methods large-scale activities perceived dark space. Consequently, correlated samples leveraging fuzzy hashing entropy based techniques. is empirically evaluated recent 60 GB real 65 thousand samples. results concur that rationale exploiting for detection indeed promising. Further, results, which were validated publically available data resources, demonstrate extracted inferences exhibit noteworthy accuracy can generate significant cyber could be used effective mitigation.
sci-hub.se 参考文章(46)
Evan Cooke, Michael Bailey, Farnam Jahanian, Richard Mortier, None, The dark oracle: perspective-aware unused and unreachable address discovery networked systems design and implementation. pp. 8- 8 ,(2006)
Paul C. van Oorschot, Evangelos Kranakis, David Whyte, DNS-based Detection of Scanning Worms in an Enterprise Network. network and distributed system security symposium. ,(2005)
Vinod Yegneswaran, Guofei Gu, Wenke Lee, Martin Fong, Phillip Porras, BotHunter: detecting malware infection through IDS-driven dialog correlation usenix security symposium. pp. 12- ,(2007)
Zakir Durumeric, Michael Bailey, J Alex Halderman, None, An internet-wide view of internet-wide scanning usenix security symposium. pp. 65- 78 ,(2014)
M. Zubair Rafique, Juan Caballero, FIRMA: Malware Clustering and Network Signature Generation with Mixed Network Behaviors recent advances in intrusion detection. pp. 144- 163 ,(2013) , 10.1007/978-3-642-41284-4_8
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Stuart E. Schechter, Jaeyeon Jung, Arthur W. Berger, Fast Detection of Scanning Worm Infections recent advances in intrusion detection. pp. 59- 81 ,(2004) , 10.1007/978-3-540-30143-1_4
Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, David Watson, None, The Internet Motion Sensor - A Distributed Blackhole Monitoring System. network and distributed system security symposium. ,(2005)
Stuart Staniford, James A. Hoagland, Joseph M. McAlerney, Practical automated detection of stealthy portscans Journal of Computer Security. ,vol. 10, pp. 105- 136 ,(2002) , 10.3233/JCS-2002-101-205
M. Ford, J. Stevens, J. Ronan, Initial Results from an IPv6 Darknet13 international conference on image and signal processing. pp. 13- 13 ,(2006) , 10.1109/ICISP.2006.14