{"title":"网络监控的更好的架构和新的安全应用","authors":"M. Reiter","doi":"10.1109/ICDCS.2009.85","DOIUrl":null,"url":null,"abstract":"Busy networks today cannot afford to log all traffic traversing them, and consequently many network-monitoring applications make due with coarse traffic summaries. In this talk we will describe an approach we have developed to improve the fidelity of these traffic summaries, by coordinating the monitoring performed by the network's routers so as to achieve network-wide monitoring goals while respecting each router's processing constraints. We will also describe our use of traffic summaries to detect a variety of stealthy network abuses—e.g., file-sharing traffic masquerading on other application ports, \"hit-list\" scans and malware propagation, data exfiltration by spyware, and botnet command-and-control traffic—and even to identify the origin of epidemic malware spreads.","PeriodicalId":387968,"journal":{"name":"2009 29th IEEE International Conference on Distributed Computing Systems","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2009-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Better Architectures and New Security Applications for Network Monitoring\",\"authors\":\"M. Reiter\",\"doi\":\"10.1109/ICDCS.2009.85\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Busy networks today cannot afford to log all traffic traversing them, and consequently many network-monitoring applications make due with coarse traffic summaries. In this talk we will describe an approach we have developed to improve the fidelity of these traffic summaries, by coordinating the monitoring performed by the network's routers so as to achieve network-wide monitoring goals while respecting each router's processing constraints. We will also describe our use of traffic summaries to detect a variety of stealthy network abuses—e.g., file-sharing traffic masquerading on other application ports, \\\"hit-list\\\" scans and malware propagation, data exfiltration by spyware, and botnet command-and-control traffic—and even to identify the origin of epidemic malware spreads.\",\"PeriodicalId\":387968,\"journal\":{\"name\":\"2009 29th IEEE International Conference on Distributed Computing Systems\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-06-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 29th IEEE International Conference on Distributed Computing Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICDCS.2009.85\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 29th IEEE International Conference on Distributed Computing Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICDCS.2009.85","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Better Architectures and New Security Applications for Network Monitoring
Busy networks today cannot afford to log all traffic traversing them, and consequently many network-monitoring applications make due with coarse traffic summaries. In this talk we will describe an approach we have developed to improve the fidelity of these traffic summaries, by coordinating the monitoring performed by the network's routers so as to achieve network-wide monitoring goals while respecting each router's processing constraints. We will also describe our use of traffic summaries to detect a variety of stealthy network abuses—e.g., file-sharing traffic masquerading on other application ports, "hit-list" scans and malware propagation, data exfiltration by spyware, and botnet command-and-control traffic—and even to identify the origin of epidemic malware spreads.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
