Locality matters: Reducing Internet traffic graphs using location analysis

Andreas Berger; Stefan Ruehrup; Wilfried N. Gansterer; Oliver Jung

doi:10.1109/DSN.2013.6575365

2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

Locality matters: Reducing Internet traffic graphs using location analysis

Year: 2013, Pages: 1-12

DOI Bookmark: 10.1109/DSN.2013.6575365

Authors

Andreas Berger, FTW Telecommunications Research Center Vienna, Austria
Stefan Ruehrup, FTW Telecommunications Research Center Vienna, Austria
Wilfried N. Gansterer, University of Vienna, Faculty of Computer Science, Austria
Oliver Jung, FTW Telecommunications Research Center Vienna, Austria

Abstract

The representation of Internet traffic as connection graphs augments anomaly detection systems by providing insight on the structural connection properties, i.e., who-talks-to-whom. However, these graphs are extremely large and one has to decide in advance on which aspect to focus. In the context of malware detection, this is difficult as malware often mimics legitimate traffic. In this paper, we present a statistical approach for extracting the typical traffic destinations for a set of monitored hosts, and derive a reduced graph that contains only connections that are anomalous for that host. This graph can then be analyzed efficiently. Our system is designed to scale to thousands of monitored hosts. We evaluate our approach using a data set from a real network, and show that we can reliably detect injected malware activity.

Like what you’re reading?

Already a member?

Get this article FREE with a new membership!

Covert remote syscall communication at kernel level: A SPOOKY backdoor
2015 10th International Conference on Malicious and Unwanted Software (MALWARE)
A Host and Network Based Intrusion Detection for Android Smartphones
2016 30th International Conference on Advanced Information Networking and Applications Workshops (WAINA)
Identifying malicious hosts involved in periodic communications
2017 IEEE 16th International Symposium on Network Computing and Applications (NCA)
An Unsupervised Multi-Detector Approach for Identifying Malicious Lateral Movement
2017 IEEE 36th Symposium on Reliable Distributed Systems (SRDS)
EDDIE: EM-based detection of deviations in program execution
2017 ACM/IEEE 44th Annual International Symposium on Computer Architecture (ISCA)
Hardware-Based Probabilistic Threat Detection and Estimation for Embedded Systems
2018 IEEE 36th International Conference on Computer Design (ICCD)
A Client Based Anomaly Traffic Detection and Blocking Mechanism by Monitoring DNS Name Resolution with User Alerting Feature
2018 International Conference on Cyberworlds (CW)
BotCensor: Detecting DGA-Based Botnet Using Two-Stage Anomaly Detection
2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)
Window-Based Statistical Analysis Of Timing Subcomponents For Efficient Detection Of Malware In Life-Critical Systems
2019 Spring Simulation Conference (SpringSim)
Real-Time Detection of Malware Activities by Analyzing Darknet Traffic Using Graphical Lasso
2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)

Locality matters: Reducing Internet traffic graphs using location analysis

Authors

Abstract

Related Articles