Towards practical framework for collecting and analyzing network-centric attacks

Napoleon Paxton, Gail Joon Ahn, Bill Chu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

12 Scopus citations

Abstract

Since nearly the beginning of the Internet, malware has been a significant deterrent to productivity for end-users, both personal and business related. A particular malware, known as a bot, can create networks of compromised machines called botnets, which are some of the most threatening adversaries over the Internet due in large part to the difficulty of identifying botnet traffic patterns. We have witnessed that existing signature-based detection and protection methods are ineffective, when used alone, in dealing with new unknown bots. In this paper, we introduce a risk-aware network-centric management framework to detect and prevent targeted botnet attacks as well as propagation attempts within the network. As the first step in that direction we focus on learning more information about the bots by identifying malicious characteristics through the network traffic. Once we have their characteristics we then decide whether or not those characteristics present a significant risk to the network that is being protected by our architecture. Using risk as a factor in the decision process helps identify the bots more systematically. We present two scenarios that describe the risk-aware process and show that our framework shows great promise.

Original languageEnglish (US)
Title of host publication2007 IEEE International Conference on Information Reuse and Integration, IEEE IRI-2007
Pages73-78
Number of pages6
DOIs
StatePublished - Dec 1 2007
Externally publishedYes
Event2007 IEEE International Conference on Information Reuse and Integration, IEEE IRI-2007 - Las Vegas, NV, United States
Duration: Aug 13 2007Aug 15 2007

Publication series

Name2007 IEEE International Conference on Information Reuse and Integration, IEEE IRI-2007

Other

Other2007 IEEE International Conference on Information Reuse and Integration, IEEE IRI-2007
CountryUnited States
CityLas Vegas, NV
Period8/13/078/15/07

ASJC Scopus subject areas

  • Information Systems
  • Information Systems and Management
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Towards practical framework for collecting and analyzing network-centric attacks'. Together they form a unique fingerprint.

  • Cite this

    Paxton, N., Ahn, G. J., & Chu, B. (2007). Towards practical framework for collecting and analyzing network-centric attacks. In 2007 IEEE International Conference on Information Reuse and Integration, IEEE IRI-2007 (pp. 73-78). [4296600] (2007 IEEE International Conference on Information Reuse and Integration, IEEE IRI-2007). https://doi.org/10.1109/IRI.2007.4296600