TY - GEN
T1 - Towards practical framework for collecting and analyzing network-centric attacks
AU - Paxton, Napoleon
AU - Ahn, Gail Joon
AU - Chu, Bill
PY - 2007/12/1
Y1 - 2007/12/1
N2 - Since nearly the beginning of the Internet, malware has been a significant deterrent to productivity for end-users, both personal and business related. A particular malware, known as a bot, can create networks of compromised machines called botnets, which are some of the most threatening adversaries over the Internet due in large part to the difficulty of identifying botnet traffic patterns. We have witnessed that existing signature-based detection and protection methods are ineffective, when used alone, in dealing with new unknown bots. In this paper, we introduce a risk-aware network-centric management framework to detect and prevent targeted botnet attacks as well as propagation attempts within the network. As the first step in that direction we focus on learning more information about the bots by identifying malicious characteristics through the network traffic. Once we have their characteristics we then decide whether or not those characteristics present a significant risk to the network that is being protected by our architecture. Using risk as a factor in the decision process helps identify the bots more systematically. We present two scenarios that describe the risk-aware process and show that our framework shows great promise.
AB - Since nearly the beginning of the Internet, malware has been a significant deterrent to productivity for end-users, both personal and business related. A particular malware, known as a bot, can create networks of compromised machines called botnets, which are some of the most threatening adversaries over the Internet due in large part to the difficulty of identifying botnet traffic patterns. We have witnessed that existing signature-based detection and protection methods are ineffective, when used alone, in dealing with new unknown bots. In this paper, we introduce a risk-aware network-centric management framework to detect and prevent targeted botnet attacks as well as propagation attempts within the network. As the first step in that direction we focus on learning more information about the bots by identifying malicious characteristics through the network traffic. Once we have their characteristics we then decide whether or not those characteristics present a significant risk to the network that is being protected by our architecture. Using risk as a factor in the decision process helps identify the bots more systematically. We present two scenarios that describe the risk-aware process and show that our framework shows great promise.
UR - http://www.scopus.com/inward/record.url?scp=47949094673&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=47949094673&partnerID=8YFLogxK
U2 - 10.1109/IRI.2007.4296600
DO - 10.1109/IRI.2007.4296600
M3 - Conference contribution
AN - SCOPUS:47949094673
SN - 1424414997
SN - 9781424414994
T3 - 2007 IEEE International Conference on Information Reuse and Integration, IEEE IRI-2007
SP - 73
EP - 78
BT - 2007 IEEE International Conference on Information Reuse and Integration, IEEE IRI-2007
T2 - 2007 IEEE International Conference on Information Reuse and Integration, IEEE IRI-2007
Y2 - 13 August 2007 through 15 August 2007
ER -