Paper Info
Title
Provenance-aware security risk analysis for hosts and network flows
Abstract
Detection of high risk network flows and high risk hosts is becoming ever more important and more challenging. In order to selectively apply deep packet inspection (DPI) one has to isolate in real time high risk network activities within a huge number of monitored network flows. To help address this problem, we propose an iterative methodology for a simultaneous assessment of risk scores for both hosts and network flows. The proposed approach measures the risk scores of hosts and flows in an interdependent manner; thus, the risk score of a flow influences the risk score of its source and destination hosts, and also the risk score of a host is evaluated by taking into account the risk scores of flows initiated by or terminated at the host. Our experimental results show that such an approach not only effective in detecting high risk hosts and flows but, when deployed in high throughput networks, is also more efficient than PageRank based algorithms.
Year
DOI
Venue
2014
10.1109/NOMS.2014.6838250
Network Operations and Management Symposium
Keywords
Field
DocType
computer network security,risk analysis,deep packet inspection,high risk hosts,high risk network flows,provenance aware security risk analysis,risk score
Flow network,Framingham Risk Score,Interdependence,Deep packet inspection,PageRank,Risk analysis (business),Computer science,Computer network,Risk management,Throughput,Distributed computing
Conference
ISSN
Citations 
PageRank 
1542-1201
6
0.58
References 
Authors
11
4
Name
Order
Citations
PageRank
Mohsen Rezvani18211.39
Aleksandar Ignjatovic255649.24
Elisa Bertino3140252128.50
Sanjay Jha41745157.12