Utilizing network science and honeynets for software induced cyber incident analysis

Napoleon C. Paxton, Dae Il Jang, Stephen Russell, Gail-Joon Ahn, Ira S. Moskowitz, Paul Hyden

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

Increasing situational awareness and investigating the cause of a software-induced cyber attack continues to be one of the most difficult yet important endeavors faced by network security professionals. Traditionally, these forensic pursuits are carried out by manually analyzing the malicious software agents at the heart of the incident, and then observing their interactions in a controlled environment. Both these steps are time consuming and difficult to maintain due to the ever changing nature of malicious software. In this paper we introduce a network science based framework which conducts incident analysis on a dataset by constructing and analyzing relational communities. Construction of these communities is based on the connections of topological features formed when actors communicate with each other. We evaluate our framework using a network trace of the Black Energy malware network, captured by our honey net. We have found that our approach is accurate, efficient, and could prove as a viable alternative to the current status quo.

Original languageEnglish (US)
Title of host publicationProceedings of the Annual Hawaii International Conference on System Sciences
PublisherIEEE Computer Society
Pages5244-5252
Number of pages9
Volume2015-March
ISBN (Print)9781479973675
DOIs
StatePublished - Mar 26 2015
Event48th Annual Hawaii International Conference on System Sciences, HICSS 2015 - Kauai, United States
Duration: Jan 5 2015Jan 8 2015

Other

Other48th Annual Hawaii International Conference on System Sciences, HICSS 2015
CountryUnited States
CityKauai
Period1/5/151/8/15

Keywords

  • Community detection
  • Honeynets
  • Network forensics

ASJC Scopus subject areas

  • Engineering(all)

Fingerprint Dive into the research topics of 'Utilizing network science and honeynets for software induced cyber incident analysis'. Together they form a unique fingerprint.

Cite this