• DocumentCode
    625325
  • Title

    Iterative Security Risk Analysis for Network Flows Based on Provenance and Interdependency

  • Author

    Rezvani, Mohsen ; Ignjatovic, Aleksandar ; Jha, Somesh

  • Author_Institution
    Sch. of Comput. Sci. & Eng., Univ. of New South Wales, Sydney, NSW, Australia
  • fYear
    2013
  • fDate
    20-23 May 2013
  • Firstpage
    286
  • Lastpage
    288
  • Abstract
    Discovering high risk network flows and hosts in a high throughput network is a challenging task of network monitoring. Emerging complicated attack scenarios such as DDoS attacks increase the complexity of tracking malicious and high risk network activities within a huge number of monitored network flows. To address this problem, we propose an iterative framework for assessing risk scores for hosts and network flows. To obtain risk scores of flows, we take into account two properties, flow attributes and flow provenance. Also, our iterative risk assessment measures the risk scores of hosts and flows based on an interdependency property where the risk score of a flow influences the risk of its source and destination hosts, and the risk score of a host is evaluated by risk scores of flows initiated by or terminated at the host. Moreover, the update mechanism in our framework allows flows to keep streaming into the system while our risk assessment method performs an online monitoring task. The experimental results show that our approach is effective in detecting high risk hosts and flows as well as sufficiently efficient to be deployed in high throughput networks compared to other algorithms.
  • Keywords
    computer network security; iterative methods; risk analysis; telecommunication network management; complicated attack scenarios; flow attributes; flow provenance; high risk hosts; high risk network flows; high throughput network; interdependency property; iterative security risk analysis; network monitoring; online monitoring task; risk assessment method; risk scores; update mechanism; Algorithm design and analysis; Computational modeling; Monitoring; Risk management; Security; Throughput;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Distributed Computing in Sensor Systems (DCOSS), 2013 IEEE International Conference on
  • Conference_Location
    Cambridge, MA
  • Print_ISBN
    978-1-4799-0206-4
  • Type

    conf

  • DOI
    10.1109/DCOSS.2013.26
  • Filename
    6569437