RiskRank: Security risk ranking for IP flow records

Wang, Shaonan; State, Radu; Ourdane, Mohamed; Engel, Thomas

doi:10.1109/cnsm.2010.5691334

Cited by 10 publications

(11 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We use three categories of flow information to formulate this likelihood: timing information, source and destination addresses, and a correlation among flows. The intuition behind the timing information is that a flow is more likely to be the cause of other flows if these flows started shortly after it [2]. Moreover, two flows can exhibit high correlation because a causal relationship exists between them [4].…”

Section: Flow Causalitymentioning

confidence: 99%

“…To evaluate the effectiveness, we perform our risk computation on both these datasets and show that our method assigns high risk scores to the victims and attackers which are involved in the attacks. To evaluate the efficiency, we measure the elapsed time for our approach and two other recent models based on PageRank and HITS [2]. All the experiments were conducted on an iMac PC with 2.00GHz Intel Core 2 Duo processor and 4GB RAM running Ubuntu 12.04 LTS.…”

Section: Experimental Environmentmentioning

confidence: 99%

“…Therefore, there is an interdependency relationship between network flows and hosts with respect to the assessment of their risk scores. The idea of employing link analysis techniques, such as PageRank and HITS [1], for detecting relevant flows has been recently proposed [2]. However, in such an approach the risk scores of hosts and flows are evaluated separately, without considering their interdependency.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Interdependent Security Risk Analysis of Hosts and Flows

Rezvani

Sekulic

Ignjatović

et al. 2015

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Detection of high risk hosts and flows continues to be a significant problem in security monitoring of high throughput networks. A comprehensive risk assessment method should take into account the risk propagation among risky hosts and flows. In this paper this is achieved by introducing two novel concepts. The first is an interdependency relationship among the risk scores of a network flow and its source and destination hosts. In one hand, the risk score of a host depends on risky flows such a host initiates and is targeted by. On the other hand, the risk score of a flow depends on the risk scores of its source and destination hosts. The second concept, which we call flow provenance, represents risk propagation among network flows which takes into account the likelihood that a particular flow is caused by other flows. Based on these two concepts, we develop an iterative algorithm for computing the risk score of hosts and network flows. We give a rigorous proof that our algorithm rapidly converges to unique risk estimates, and provide its extensive empirical evaluation using two real-world datasets. Our evaluation shows that our method is effective in detecting high risk hosts and flows and is sufficiently efficient to be deployed in high throughput networks.Index Terms-network risk assessment, flow provenance, risk propagation. ! • M. Rezvani, V. Sekulic, A. Ignjatovic and S. Jha are with

show abstract

Section: Flow Causalitymentioning

confidence: 99%

Section: Experimental Environmentmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Interdependent Security Risk Analysis of Hosts and Flows

Rezvani

Sekulic

Ignjatović

et al. 2015

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

show abstract

“…This work is related to our previous one [37] but the construction of the dependency does not need any prior knowledge about potential risks in this paper.…”

mentioning

confidence: 96%

“…The closest related work is [25], which is based on random walk and clustering techniques to isolate interaction subgraphs related to P2P communications. Our previous work has leveraged link analysis algorithms on flow dependency graphs [35,36] and host dependency graphs [37] for tracing the root cause flow records corresponding to the malicious traffic. They help to select PageRank as the much suitable algorithm for this paper.…”

Section: Related Workmentioning

confidence: 99%

BotTrack: Tracking Botnets Using NetFlow and PageRank

Jérôme

Wang

State

et al. 2011

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. With large scale botnets emerging as one of the major current threats, the automatic detection of botnet traffic is of high importance for service providers and large campus network monitoring. Faced with high speed network connections, detecting botnets must be efficient and accurate. This paper proposes a novel approach for this task, where NetFlow related data is correlated and a host dependency model is leveraged for advanced data mining purposes. We extend the popular linkage analysis algorithm PageRank [27] with an additional clustering process in order to efficiently detect stealthy botnets using peer-to-peer communication infrastructures and not exhibiting large volumes of traffic. The key conceptual component in our approach is to analyze communication behavioral patterns and to infer potential botnet activities.

show abstract

When Harry Met Tinder: Security Analysis of Dating Apps on Android

Kim

Lee

et al. 2018

Secure IT Systems

View full text Add to dashboard Cite

RiskRank: Security risk ranking for IP flow records

Cited by 10 publications

References 18 publications

Interdependent Security Risk Analysis of Hosts and Flows

Interdependent Security Risk Analysis of Hosts and Flows

BotTrack: Tracking Botnets Using NetFlow and PageRank

When Harry Met Tinder: Security Analysis of Dating Apps on Android

Contact Info

Product

Resources

About