Attribution and Aggregation of Network Flows for Security Analysis
نویسندگان
چکیده
This paper describes a network flow analyzer that is capable of attribution and aggregation of different flows into single activity events for the purposes of identifying suspicious and illegitimate behaviors. Flows are correlated with security events using the Process Query System (PQS) infrastructure. We show results from initial experiments and describe plans for extending the effort. The correlation of networks flows with security events appears to have high potential for aggregating disparate network and host activity and for classifying network activity as either benign or suspicious.
منابع مشابه
GGRA: a grouped gossip-based reputation aggregation algorithm
An important issue in P2P networks is the existence of malicious nodes that decreases the performance of such networks. Reputation system in which nodes are ranked based on their behavior, is one of the proposed solutions to detect and isolate malicious (low ranked) nodes. Gossip Trust is an interesting previously proposed algorithm for reputation aggregation in P2P networks based on t...
متن کاملSecurity Analysis of Lightweight Authentication Scheme with Key Agreement using Wireless Sensor Network for Agricultural Monitoring System
Wireless sensor networks have many applications in the real world and have been developed in various environments. But the limitations of these networks, including the limitations on the energy and processing power of the sensors, have posed many challenges to researchers. One of the major challenges is the security of these networks, and in particular the issue of authentication in the wireles...
متن کاملBehavioral Analysis of Traffic Flow for an Effective Network Traffic Identification
Fast and accurate network traffic identification is becoming essential for network management, high quality of service control and early detection of network traffic abnormalities. Techniques based on statistical features of packet flows have recently become popular for network classification due to the limitations of traditional port and payload based methods. In this paper, we propose a metho...
متن کاملMAAT: Multi-Stage Attack Attribution in Enterprise Systems using Software Defined Networks
Multi-layer distributed systems, such as those found in corporate systems, are often the target of multistage attacks. Such attacks utilize multiple victim machines, in a series, to compromise a target asset deep inside the corporate network. Under such attacks, it is difficult to identify the upstream attacker’s identity from a downstream victim machine because of the mixing of multiple networ...
متن کاملNational Security and Immigration
This paper considers the relationship between economic factors and national security. While considering a broad number of issue areas, the principal theme of the course is the way in which economic factors (as immigration) fundamentally influence the national security of the region, and the way in which those factors shape and constrain the strategies chosen to pursue that security. South-South...
متن کامل