Abstract. With large scale botnets emerging as one of the major current threats, the automatic detection of botnet traffic is of high importance for service providers and large campus network monitoring. Faced with high speed network connections, detecting botnets must be efficient and accurate. This paper proposes a novel approach for this task, where NetFlow related data is correlated and a host dependency model is leveraged for advanced data mining purposes. We extend the popular linkage analysis algorithm PageRank [27] with an additional clustering process in order to efficiently detect stealthy botnets using peer-to-peer communication infrastructures and not exhibiting large volumes of traffic. The key conceptual component in our approach is to analyze communication behavioral patterns and to infer potential botnet activities.
Abstract-Botnets are a major threat of the current Internet. Understanding the novel generation of botnets relying on peerto-peer networks is crucial for mitigating this threat. Nowadays, botnet traffic is mixed with a huge volume of benign traffic due to almost ubiquitous high speed networks. Such networks can be monitored using IP flow records but their forensic analysis form the major computational bottleneck. We propose in this paper a distributed computing framework that leverages a host dependency model and an adapted PageRank [1] algorithm. We report experimental results from an open-source based Hadoop cluster [2] and highlight the performance benefits when using real network traces from an Internet operator.
This paper proposes RiskRank as a joint measure of cyclical and cross-sectional systemic risk. RiskRank is a general-purpose aggregation operator that concurrently accounts for risk levels for individual entities and their interconnectedness. The measure relies on the decomposition of systemic risk into sub-components that are in turn assessed using a set of risk measures and their relationships. For this purpose, motivated by the development of the Choquet integral, we employ the RiskRank function to aggregate risk measures, allowing for the integration of the interrelation of different factors in the aggregation process. The use of RiskRank is illustrated through a real-world case in a European setting, in which we show that it performs well in out-of-sample analysis. In the example, we provide an estimation of systemic risk from country-level risk and cross-border linkages.
International audienceCurrent monitoring of IP flow records is challenged by the required analysis of large volume of flow records. Finding essential information is equivalent to searching for a needle in a haystack. This analysis can reach from simple counting of basic flow level statistics to complex data mining techniques. Some key target objectives are for instance the identification of malicious traffic as well as tracking the cause of observed flow related events. This paper investigates the usage of link analysis based methods for ranking IP flow records. We leverage the well known HITS algorithm in the context of flow level dependency graphs. We assume a simple dependency model that can be build in the context of large scale IP flow record data. We apply our approach on several datasets, ranging from ISP captured flow records up to forensic packet captures from a real world intrusion
This paper describes a new approach to identify relevant flow records in large scale flow dataset. We propose a method that leverages the well known page rank algorithm in order to extract the most relevant flows. We introduce a dependency relation that uses a simple and efficient causal relationship. The strength of this dependency is determined by time related information. We have tested our method on datasets coming from our campus network.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.