Title :
Probabilistic Threat Propagation for Network Security
Author :
Carter, Kevin M. ; Idika, Nwokedi ; Streilein, William W.
Author_Institution :
MIT Lincoln Lab., Lexington, MA, USA
Abstract :
Techniques for network security analysis have historically focused on the actions of the network hosts. Outside of forensic analysis, little has been done to detect or predict malicious or infected nodes strictly based on their association with other known malicious nodes. This methodology is highly prevalent in the graph analytics world, however, and is referred to as community detection. In this paper, we present a method for detecting malicious and infected nodes on both monitored networks and the external Internet. We leverage prior community detection and graphical modeling work by propagating threat probabilities across network nodes, given an initial set of known malicious nodes. We enhance prior work by employing constraints that remove the adverse effect of cyclic propagation that is a byproduct of current methods. We demonstrate the effectiveness of probabilistic threat propagation on the tasks of detecting botnets and malicious web destinations.
Keywords :
Internet; computer network security; digital forensics; graph theory; probability; Botnets detection; community detection; cyclic propagation; external Internet; forensic analysis; graph analytics world; graphical modeling work; infected nodes; malicious Web destinations; malicious nodes; monitored networks; network hosts; network security analysis; probabilistic threat propagation; threat probabilities; Communication networks; Communities; Peer-to-peer computing; Probabilistic logic; Probability; Security; Upper bound; Blacklist; Network security; botnet; community detection; graph algorithms;
Journal_Title :
Information Forensics and Security, IEEE Transactions on
DOI :
10.1109/TIFS.2014.2334272
