DocumentCode :
3333918
Title :
Towards Practical Framework for Collecting and Analyzing Network-Centric Attacks
Author :
Paxton, Napoleon ; Ahn, Gail-Joon ; Chu, Bill
Author_Institution :
Univ. of North Carolina at Charlotte, Charlotte
fYear :
2007
fDate :
13-15 Aug. 2007
Firstpage :
73
Lastpage :
78
Abstract :
Since nearly the beginning of the Internet, malware has been a significant deterrent to productivity for end-users, both personal and business related. A particular malware, known as a hot, can create networks of compromised machines called botnets, which are some of the most threatening adversaries over the Internet due in large part to the difficulty of identifying botnet traffic patterns. We have witnessed that existing signature-based detection and protection methods are ineffective, when used alone, in dealing with new unknown bots. In this paper, we introduce a risk-aware network-centric management framework to detect and prevent targeted botnet attacks as well as propagation attempts within the network. As the first step in that direction we focus on learning more information about the bots by identifying malicious characteristics through the network traffic. Once we have their characteristics we then decide whether or not those characteristics present a significant risk to the network that is being protected by our architecture. Using risk as a factor in the decision process helps identify the bots more systematically. We present two scenarios that describe the risk-aware process and show that our framework shows great promise.
Keywords :
Internet; computer network management; security of data; Internet; botnet traffic patterns; malware; network-centric attacks; risk-aware network-centric management framework; signature-based detection; signature-based protection; Command and control systems; Communication system traffic control; Computer crime; Educational institutions; IP networks; Internet; Protection; Target tracking; Taxonomy; Telecommunication traffic;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Information Reuse and Integration, 2007. IRI 2007. IEEE International Conference on
Conference_Location :
Las Vegas, IL
Print_ISBN :
1-4244-1500-4
Electronic_ISBN :
1-4244-1500-4
Type :
conf
DOI :
10.1109/IRI.2007.4296600
Filename :
4296600
Link To Document :
بازگشت