Peer Based Tracking using Multi-Tuple Indexing for Network Traffic Analysis and Malware Detection
作者: Matthew Hagan , BooJoong Kang , Kieran McLaughlin , Sakir Sezer
关键词:
摘要: Traditional firewalls, Intrusion Detection Systems(IDS) and network analytics tools extensively use the ‘flow’ connection concept, consisting of five ‘tuples’ source destination IP, ports protocol type, for classification management activities. By analysing flows, information can be obtained from TCP/IP fields packet content to give an understanding what is being transferred within a single connection. As networks have evolved incorporate more connections greater bandwidth, particularly “always on” IoT devices video data streaming, so too malicious threats, whose communication methods increased in sophistication. result, concept 5 tuple flow isolation unable detect such threats behaviours. This due factors as length time required understand traffic behaviour, which cannot accomplished by observing To alleviate this issue, paper proposes additional, two types associate multiple communications, with generated metadata used profile individual connnection behaviour. proposed approach enables advanced linking different behaviours, developing clearer picture activities been taking place over prolonged period time. demonstrate capability approach, expert system rule set has developed presence multi-peered ZeuS botnet, communicates making hosts, thus undetectable standard IDS systems isolation. Finally, solution based, implementation operates realtime does not require post-processing other research solutions. aims possible applications next generation firewalls acquire additional traffic.
sci-hub.se 参考文章(10)
Vinod Yegneswaran, Guofei Gu, Wenke Lee, Martin Fong, Phillip Porras, BotHunter: detecting malware infection through IDS-driven dialog correlation usenix security symposium. pp. 12- ,(2007)
Guofei Gu, Wenke Lee, Junjie Zhang, BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic network and distributed system security symposium. ,(2008)
Cristian Estan, George Varghese, New directions in traffic measurement and accounting Proceedings of the First ACM SIGCOMM Workshop on Internet Measurement - IMW '01. ,vol. 32, pp. 323- 336 ,(2001) , 10.1145/505202.505212
John Hurley, Antonio Munoz, Sakir Sezer, ITACA: Flexible, scalable network analysis international conference on communications. pp. 1069- 1073 ,(2012) , 10.1109/ICC.2012.6363995
Pratik Narang, Subhajit Ray, Chittaranjan Hota, Venkat Venkatakrishnan, PeerShark: Detecting Peer-to-Peer Botnets by Tracking Conversations ieee symposium on security and privacy. pp. 108- 115 ,(2014) , 10.1109/SPW.2014.25
W. Strayer, Robert Walsh, Carl Livadas, David Lapsley, Detecting Botnets with Tight Command and Control local computer networks. pp. 195- 202 ,(2006) , 10.1109/LCN.2006.322100
Dominik Herrmann, Rolf Wendolsky, Hannes Federrath, Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier ieee international conference on cloud computing technology and science. pp. 31- 42 ,(2009) , 10.1145/1655008.1655013
Erik Hjelmvik, Wolfgang John, Breaking and Improving Protocol Obfuscation Chalmers University of Technology. ,(2010)
Ahmad Azab, Mamoun Alazab, Mahdi Aiash, Machine Learning Based Botnet Identification Traffic trust, security and privacy in computing and communications. pp. 1788- 1794 ,(2016) , 10.1109/TRUSTCOM.2016.0275
J. Morris Chang, Di Zhuang, PeerHunter: Detecting peer-to-peer botnets through community behavior analysis ieee conference dependable and secure computing. pp. 493- 500 ,(2017) , 10.1109/DESEC.2017.8073832