Name
Abstract | ||
|---|---|---|
The representation of Internet traffic as connection graphs augments anomaly detection systems by providing insight on the structural connection properties, i.e., who-talks-to-whom. However, these graphs are extremely large and one has to decide in advance on which aspect to focus. In the context of malware detection, this is difficult as malware often mimics legitimate traffic. In this paper, we present a statistical approach for extracting the typical traffic destinations for a set of monitored hosts, and derive a reduced graph that contains only connections that are anomalous for that host. This graph can then be analyzed efficiently. Our system is designed to scale to thousands of monitored hosts. We evaluate our approach using a data set from a real network, and show that we can reliably detect injected malware activity. |
Year | DOI | Venue |
|---|---|---|
2013 | 10.1109/DSN.2013.6575365 | DSN |
Keywords | Field | DocType |
statistical approach,internet traffic,reduced graph,malware detection,typical traffic destination,location analysis,detection system,connection graphs augments anomaly,internet traffic graph,locality matter,malware activity,legitimate traffic,monitored host,graph theory,graph analysis,computer network security,statistical analysis,databases,network monitoring,internet | Graph theory,Anomaly detection,Computer science,Network security,Computer network,Power graph analysis,Network monitoring,Malware,Internet traffic,The Internet | Conference |
ISSN | Citations | PageRank |
1530-0889 | 1 | 0.36 |
References | Authors | |
9 | 4 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Andreas Berger | 1 | 50 | 5.92 |
| Stefan Ruehrup | 2 | 31 | 4.07 |
| Wilfried N. Gansterer | 3 | 311 | 35.07 |
| Oliver Jung | 4 | 59 | 8.03 |