使用时态PageRank从网络流元数据中提取命令和控制网络入侵

2016 26th International Telecommunication Networks and Applications Conference (ITNAC) Pub Date : 2016-12-01 DOI:10.1109/ATNAC.2016.7878792

Latchman Singh, A. Cheng

{"title":"使用时态PageRank从网络流元数据中提取命令和控制网络入侵","authors":"Latchman Singh, A. Cheng","doi":"10.1109/ATNAC.2016.7878792","DOIUrl":null,"url":null,"abstract":"Malicious network intrusions which exfiltrate data from computer networks are extremely damaging for organisations and governments worldwide. Combating these network intrusions and large-scale cyber-attacks requires mining and analysis of large volumes of computer network data. We present a statistical filtering and temporal PageRank technique that improves the probability of discovering network intrusions. The technique filters out benign network data such that the data remaining is more pertinent and likely to contain malicious command and control (C2) traffic. We then propose a novel application of Google's PageRank algorithm by incorporating temporal analysis and evaluating a time-series of page rankings for identifying C2 like traffic. Two case studies using data collected at the gateway of an enterprise network and at the Internet backbone are presented to support our technique.","PeriodicalId":317649,"journal":{"name":"2016 26th International Telecommunication Networks and Applications Conference (ITNAC)","volume":"88 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Distilling command and control network intrusions from network flow metadata using temporal PageRank\",\"authors\":\"Latchman Singh, A. Cheng\",\"doi\":\"10.1109/ATNAC.2016.7878792\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Malicious network intrusions which exfiltrate data from computer networks are extremely damaging for organisations and governments worldwide. Combating these network intrusions and large-scale cyber-attacks requires mining and analysis of large volumes of computer network data. We present a statistical filtering and temporal PageRank technique that improves the probability of discovering network intrusions. The technique filters out benign network data such that the data remaining is more pertinent and likely to contain malicious command and control (C2) traffic. We then propose a novel application of Google's PageRank algorithm by incorporating temporal analysis and evaluating a time-series of page rankings for identifying C2 like traffic. Two case studies using data collected at the gateway of an enterprise network and at the Internet backbone are presented to support our technique.\",\"PeriodicalId\":317649,\"journal\":{\"name\":\"2016 26th International Telecommunication Networks and Applications Conference (ITNAC)\",\"volume\":\"88 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 26th International Telecommunication Networks and Applications Conference (ITNAC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ATNAC.2016.7878792\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 26th International Telecommunication Networks and Applications Conference (ITNAC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ATNAC.2016.7878792","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

从计算机网络中窃取数据的恶意网络入侵对世界各地的组织和政府造成了极大的破坏。打击这些网络入侵和大规模网络攻击需要挖掘和分析大量的计算机网络数据。我们提出了一种统计过滤和时间PageRank技术，提高了发现网络入侵的概率。该技术过滤掉良性的网络数据，使剩余的数据更相关，并且可能包含恶意的命令和控制(C2)流量。然后，我们提出了谷歌的PageRank算法的一种新应用，通过结合时间分析和评估时间序列的页面排名来识别C2类流量。本文给出了两个案例研究，使用在企业网络网关和Internet骨干网收集的数据来支持我们的技术。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Distilling command and control network intrusions from network flow metadata using temporal PageRank

Malicious network intrusions which exfiltrate data from computer networks are extremely damaging for organisations and governments worldwide. Combating these network intrusions and large-scale cyber-attacks requires mining and analysis of large volumes of computer network data. We present a statistical filtering and temporal PageRank technique that improves the probability of discovering network intrusions. The technique filters out benign network data such that the data remaining is more pertinent and likely to contain malicious command and control (C2) traffic. We then propose a novel application of Google's PageRank algorithm by incorporating temporal analysis and evaluating a time-series of page rankings for identifying C2 like traffic. Two case studies using data collected at the gateway of an enterprise network and at the Internet backbone are presented to support our technique.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 26th International Telecommunication Networks and Applications Conference (ITNAC)

自引率

0.00%

发文量