Paper Info
Title
Dandelion - Revealing Malicious Groups of Interest in Large Mobile Networks.
Abstract
There are an enormous number of security anomalies that occur across the Internet on a daily basis. These anomalies are typically viewed as individual security events that are manually analyzed in order to detect an attack and take action. Important characteristics of an attack may go unnoticed due to limited manual resources. Mobile attacks introduce further complexity by typically traversing multiple types of networks making correlation and detection even more challenging. In this paper, we propose a system Dandelion, which aims to automatically correlate individual security anomalies together to reveal an entire mobile attack campaign. The system also identifies previously unknown malicious network entities that are highly correlated. Our prototype system correlates thousands of network anomalies across both the SMS and IP networks of a large US tier-1 mobile service provider, reducing them to approximately (20sim 30) groups of interest a day. To demonstrate Dandelion’s value, we show how our system has provided the critical information necessary to human analysts in detecting and mitigating previously unknown mobile attacks.
Year
Venue
Field
2015
NSS
Computer science,Computer security,Mobile service,Computer network,Cellular network,The Internet,Traverse
DocType
Citations 
PageRank 
Conference
0
0.34
References 
Authors
10
3
Name
Order
Citations
PageRank
wei wang121.06
Mikhail Istomin2111.35
Jeffrey Bickford3746.10