Title :
Utilizing Network Science and Honeynets for Software Induced Cyber Incident Analysis
Author :
Paxton, Napoleon C. ; Dae-il Jang ; Russell, Stephen ; Gail-Joon Ahn ; Moskowitz, Ira S. ; Hyden, Paul
Abstract :
Increasing situational awareness and investigating the cause of a software-induced cyber attack continues to be one of the most difficult yet important endeavors faced by network security professionals. Traditionally, these forensic pursuits are carried out by manually analyzing the malicious software agents at the heart of the incident, and then observing their interactions in a controlled environment. Both these steps are time consuming and difficult to maintain due to the ever changing nature of malicious software. In this paper we introduce a network science based framework which conducts incident analysis on a dataset by constructing and analyzing relational communities. Construction of these communities is based on the connections of topological features formed when actors communicate with each other. We evaluate our framework using a network trace of the Black Energy malware network, captured by our honey net. We have found that our approach is accurate, efficient, and could prove as a viable alternative to the current status quo.
Keywords :
computer network security; invasive software; software agents; BlackEnergy malware network; honeynet; malicious software agents; network science based framework; network security professionals; network trace; situational awareness; software induced cyber incident analysis; software-induced cyber attack; topological features; Command and control systems; Communities; IP networks; Laboratories; Malware; Servers; Software; Community Detection; Honeynets; Network Forensics;
Conference_Titel :
System Sciences (HICSS), 2015 48th Hawaii International Conference on
Conference_Location :
Kauai, HI
DOI :
10.1109/HICSS.2015.619
