{"title":"无线家庭网络中的行为分析","authors":"Kuai Xu, Feng Wang, Bin Wang","doi":"10.1109/CCNC.2010.5421571","DOIUrl":null,"url":null,"abstract":"In recent years, the low cost of wireless technologies and residential broadband networks have driven the wide deployment of wireless home networks (WHNs). The ubiquitous availability of WHNs enables users the access to the Internet from everywhere within their homes. However, it also opens the doors for the drive-by hackers that exploit open access home networks for Internet connections [1]. Previous work such as [2] and our own measurement studies have shown the existence of a large amount of open or un-encrypted access points in wireless residential networks. For example, our recent measurement experiment finds an average of 35% are open home wireless networks in six residential buildings. At the same time, Internet attackers actively explore vulnerable home computers and turn them into part of botnets for sending spams or launching distributed denial of service (DoS) attacks [3]. The existing wireless access pointers from commercial vendors such as Linksys and Netgear are mostly built with NAT solutions and stateful packet inspection firewalls [4]. These techniques are very useful to filter attacks with known patterns, however they lack the ability to detect novel attacks or existing attacks with new variations. Therefore, it is very important to develop behavior-oriented techniques that do not rely on signatures for detecting such attacks. In this short paper, we present a preliminary design of a behavior profiling system in WHNs for network security monitoring. Figure 1 illustrates a schematic architecture of the behavior profiling system that is deployed in a typical wireless home network. The goals of the proposed behavior profiling system are to i) actively learn the traffic patterns of wireless home networks, ii) detect anomalous behavior from inside networks as well as from the Internet. Based on network traffic patterns for each computer, the system builds baseline behavior profiles, and subsequently detects events of interest through behavior deviations. The contributions of this work are two-fold. First, we propose to build the behavior profiles for each computer in WHNs towards a deep understanding of the traffic patterns in wireless residential networks. Secondly, we present a systematic architecture that aims to detect anomalous behavior through real-time traffic profiling. The reminder of this short paper is organized as follows. Section II presents our behavior profiling methodology that Fig. 1. Behavior profiling system for wireless home networks.","PeriodicalId":172400,"journal":{"name":"2010 7th IEEE Consumer Communications and Networking Conference","volume":"1763 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-01-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Behavior Profiling and Analysis in Wireless Home Networks\",\"authors\":\"Kuai Xu, Feng Wang, Bin Wang\",\"doi\":\"10.1109/CCNC.2010.5421571\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In recent years, the low cost of wireless technologies and residential broadband networks have driven the wide deployment of wireless home networks (WHNs). The ubiquitous availability of WHNs enables users the access to the Internet from everywhere within their homes. However, it also opens the doors for the drive-by hackers that exploit open access home networks for Internet connections [1]. Previous work such as [2] and our own measurement studies have shown the existence of a large amount of open or un-encrypted access points in wireless residential networks. For example, our recent measurement experiment finds an average of 35% are open home wireless networks in six residential buildings. At the same time, Internet attackers actively explore vulnerable home computers and turn them into part of botnets for sending spams or launching distributed denial of service (DoS) attacks [3]. The existing wireless access pointers from commercial vendors such as Linksys and Netgear are mostly built with NAT solutions and stateful packet inspection firewalls [4]. These techniques are very useful to filter attacks with known patterns, however they lack the ability to detect novel attacks or existing attacks with new variations. Therefore, it is very important to develop behavior-oriented techniques that do not rely on signatures for detecting such attacks. In this short paper, we present a preliminary design of a behavior profiling system in WHNs for network security monitoring. Figure 1 illustrates a schematic architecture of the behavior profiling system that is deployed in a typical wireless home network. The goals of the proposed behavior profiling system are to i) actively learn the traffic patterns of wireless home networks, ii) detect anomalous behavior from inside networks as well as from the Internet. Based on network traffic patterns for each computer, the system builds baseline behavior profiles, and subsequently detects events of interest through behavior deviations. The contributions of this work are two-fold. First, we propose to build the behavior profiles for each computer in WHNs towards a deep understanding of the traffic patterns in wireless residential networks. Secondly, we present a systematic architecture that aims to detect anomalous behavior through real-time traffic profiling. The reminder of this short paper is organized as follows. Section II presents our behavior profiling methodology that Fig. 1. Behavior profiling system for wireless home networks.\",\"PeriodicalId\":172400,\"journal\":{\"name\":\"2010 7th IEEE Consumer Communications and Networking Conference\",\"volume\":\"1763 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-01-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 7th IEEE Consumer Communications and Networking Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CCNC.2010.5421571\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 7th IEEE Consumer Communications and Networking Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCNC.2010.5421571","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Behavior Profiling and Analysis in Wireless Home Networks
In recent years, the low cost of wireless technologies and residential broadband networks have driven the wide deployment of wireless home networks (WHNs). The ubiquitous availability of WHNs enables users the access to the Internet from everywhere within their homes. However, it also opens the doors for the drive-by hackers that exploit open access home networks for Internet connections [1]. Previous work such as [2] and our own measurement studies have shown the existence of a large amount of open or un-encrypted access points in wireless residential networks. For example, our recent measurement experiment finds an average of 35% are open home wireless networks in six residential buildings. At the same time, Internet attackers actively explore vulnerable home computers and turn them into part of botnets for sending spams or launching distributed denial of service (DoS) attacks [3]. The existing wireless access pointers from commercial vendors such as Linksys and Netgear are mostly built with NAT solutions and stateful packet inspection firewalls [4]. These techniques are very useful to filter attacks with known patterns, however they lack the ability to detect novel attacks or existing attacks with new variations. Therefore, it is very important to develop behavior-oriented techniques that do not rely on signatures for detecting such attacks. In this short paper, we present a preliminary design of a behavior profiling system in WHNs for network security monitoring. Figure 1 illustrates a schematic architecture of the behavior profiling system that is deployed in a typical wireless home network. The goals of the proposed behavior profiling system are to i) actively learn the traffic patterns of wireless home networks, ii) detect anomalous behavior from inside networks as well as from the Internet. Based on network traffic patterns for each computer, the system builds baseline behavior profiles, and subsequently detects events of interest through behavior deviations. The contributions of this work are two-fold. First, we propose to build the behavior profiles for each computer in WHNs towards a deep understanding of the traffic patterns in wireless residential networks. Secondly, we present a systematic architecture that aims to detect anomalous behavior through real-time traffic profiling. The reminder of this short paper is organized as follows. Section II presents our behavior profiling methodology that Fig. 1. Behavior profiling system for wireless home networks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
