@inproceedings{de7c46514dc24d43859beb4b26194d64,
title = "Utilizing network science and honeynets for software induced cyber incident analysis",
abstract = "Increasing situational awareness and investigating the cause of a software-induced cyber attack continues to be one of the most difficult yet important endeavors faced by network security professionals. Traditionally, these forensic pursuits are carried out by manually analyzing the malicious software agents at the heart of the incident, and then observing their interactions in a controlled environment. Both these steps are time consuming and difficult to maintain due to the ever changing nature of malicious software. In this paper we introduce a network science based framework which conducts incident analysis on a dataset by constructing and analyzing relational communities. Construction of these communities is based on the connections of topological features formed when actors communicate with each other. We evaluate our framework using a network trace of the Black Energy malware network, captured by our honey net. We have found that our approach is accurate, efficient, and could prove as a viable alternative to the current status quo.",
keywords = "Community detection, Honeynets, Network forensics",
author = "Paxton, {Napoleon C.} and Jang, {Dae Il} and Stephen Russell and Gail-Joon Ahn and Moskowitz, {Ira S.} and Paul Hyden",
note = "Publisher Copyright: {\textcopyright} 2015 IEEE.; 48th Annual Hawaii International Conference on System Sciences, HICSS 2015 ; Conference date: 05-01-2015 Through 08-01-2015",
year = "2015",
month = mar,
day = "26",
doi = "10.1109/HICSS.2015.619",
language = "English (US)",
series = "Proceedings of the Annual Hawaii International Conference on System Sciences",
publisher = "IEEE Computer Society",
pages = "5244--5252",
editor = "Bui, {Tung X.} and Sprague, {Ralph H.}",
booktitle = "Proceedings of the 48th Annual Hawaii International Conference on System Sciences, HICSS 2015",
}