Detecting stealthy attacks: Efficient monitoring of suspicious activities on computer networks
نویسندگان
چکیده
It may take weeks or months before a stealthy attack is detected. As networks scale up in size and speed, monitoring for such attempts is increasingly a challenge; collection and inspection of individual packets is difficult as the volume and the rate of traffic rise. This paper presents an efficient method to overcome such a challenge. Data reduction has become an integral part of passive network monitoring, which could be motivated as long as it preserves the required level of precision. This paper examines the feasibility of employing traffic sampling together with a simple, but a systematic, data fusion technique for monitoring; and whether the design of the network affects on non-sampling error. Proposed approach is capable of monitoring for stealthy suspicious activities using 10%20% size sampling rates without degrading the quality of detections.
منابع مشابه
Effective monitoring of slow suspicious activites on computer networks
Slow and suspicious malicious activities on modern computer networks are increasingly hard to detect. An attacker may take days, weeks or months to complete an attack life cycle. A particular challenge is to monitor for stealthy attempts deliberately designed to stay beneath detection thresholds. This doctoral research presents a theoretical framework for effective monitoring of such activities...
متن کاملDetecting Active Bot Networks Based on DNS Traffic Analysis
Abstract—One of the serious threats to cyberspace is the Bot networks or Botnets. Bots are malicious software that acts as a network and allows hackers to remotely manage and control infected computer victims. Given the fact that DNS is one of the most common protocols in the network and is essential for the proper functioning of the network, it is very useful for monitoring, detecting and redu...
متن کاملDetecting Bot Networks Based On HTTP And TLS Traffic Analysis
Abstract— Bot networks are a serious threat to cyber security, whose destructive behavior affects network performance directly. Detecting of infected HTTP communications is a big challenge because infected HTTP connections are clearly merged with other types of HTTP traffic. Cybercriminals prefer to use the web as a communication environment to launch application layer attacks and secretly enga...
متن کاملPoster: CompareView - A Provenance Verification Framework for Detecting Rootkit-Based Malware
Using rootkit mechanisms to hide malware presence is pervasive in today’s computer attacks. We propose the CompareView framework, a host-based solution to detect stealthy outbound traffic generated by rootkit-based malware. Using a lightweight cryptographic protocol, our CompareView framework compares the views of outbound network packets at different layers of the host network stack and verify...
متن کاملBeeID: intrusion detection in AODV-based MANETs using artificial Bee colony and negative selection algorithms
Mobile ad hoc networks (MANETs) are multi-hop wireless networks of mobile nodes constructed dynamically without the use of any fixed network infrastructure. Due to inherent characteristics of these networks, malicious nodes can easily disrupt the routing process. A traditional approach to detect such malicious network activities is to build a profile of the normal network traffic, and then iden...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Computers & Electrical Engineering
دوره 47 شماره
صفحات -
تاریخ انتشار 2015