Flow Level Data Mining of DNS Query Streams for Email Worm Detection
作者: Nikolaos Chatzis , Radu Popescu-Zeletin
DOI: 10.1007/978-3-540-88181-0_24
关键词:
摘要: Email worms remain a major network security concern, as they increasingly attack systems with intensity using more advanced social engineering tricks. Their extremely high prevalence clearly indicates that current defence mechanisms are intrinsically incapable of mitigating email worms, and thereby reducing unwanted traffic traversing the Internet. In this paper we study effect have on flow-level characteristics DNS query streams user machine generates. We propose method based unsupervised learning time series analysis to early detect local name server, which is located topologically near infected machine. evaluate our against an worm stream dataset consists 68 instances show it exhibits remarkable accuracy in detecting various instances.
springer.com
sci-hub.st 参考文章(22)
Antonio Pescapè, Alberto Dainotti, Giorgio Ventre, Wavelet-based Detection of DoS Attacks. global communications conference. ,(2006)
Finding Groups in Data John Wiley & Sons, Inc.. ,(1990) , 10.1002/9780470316801
Kihun Chong, Ha Yoon Song, Sam H. Noh, Traffic characterization of the web server attacks of worm viruses international conference on computational science. pp. 703- 712 ,(2003) , 10.1007/3-540-44862-4_76
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Cristian Estan, George Varghese, Stefan Savage, Sumeet Singh, The EarlyBird System for Real-time Detection of Unknown Worms ,(2005)
Lambert Schaelicke, Thomas Slabach, Branden Moore, Curt Freeland, Characterizing the Performance of Network Intrusion Detection Sensors recent advances in intrusion detection. pp. 155- 172 ,(2003) , 10.1007/978-3-540-45248-5_9
Niels Provos, Thorsten Holz, Virtual Honeypots: From Botnet Tracking to Intrusion Detection ,(2007)
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Eamonn Keogh, Shruti Kasetty, On the Need for Time Series Data Mining Benchmarks: A Survey and Empirical Demonstration Data Mining and Knowledge Discovery. ,vol. 7, pp. 349- 371 ,(2003) , 10.1023/A:1024988512476
Anthony Bagnall, Chotirat “Ann” Ratanamahatana, Eamonn Keogh, Stefano Lonardi, Gareth Janacek, A Bit Level Representation for Time Series Data Mining with Shape Based Similarity Data Mining and Knowledge Discovery. ,vol. 13, pp. 11- 40 ,(2006) , 10.1007/S10618-005-0028-0