DocumentCode
3402665
Title
LINEBACkER: Bio-inspired data reduction toward real time network traffic analysis
Author
Teuton, Jeremy ; Peterson, Eric ; Nordwall, Douglas ; Akyol, B. ; Oehmen, Christopher
Author_Institution
Pacific Northwest Nat. Lab., Richland, WA, USA
fYear
2013
fDate
13-15 Aug. 2013
Firstpage
170
Lastpage
174
Abstract
One essential component of resilient cyber applications is the ability to detect adversaries and protect systems with the same flexibility adversaries will use to achieve their goals. Current detection techniques do not enable this degree of flexibility because most existing applications are built using exact or regular-expression matching to libraries of rule sets. Further, network traffic defies traditional cyber security approaches that focus on limiting access based on the use of passwords and examination of lists of installed or downloaded programs. These approaches do not readily apply to network traffic occurring beyond the access control point, and when the data in question are combined control and payload data of ever increasing speed and volume. Manual analysis of network traffic is not normally possible because of the magnitude of the data that is being exchanged and the length of time that this analysis takes. At the same time, using an exact matching scheme to identify malicious traffic in real time often fails because the lists against which such searches must operate grow too large. In this work, we propose an adaptation of biosequence alignment as an alternative method for cyber network detection based on similarity-measuring algorithms for gene sequence analysis. These methods are ideal because they were designed to identify similar but non-identical sequences. We demonstrate that our method is generally applicable to the problem of network traffic analysis by illustrating its use in two different areas based on different attributes of network traffic. Our approach provides a logical framework for organizing large collections of network data, prioritizing traffic of interest to human analysts, and makes it possible to discover traffic signatures without the bias introduced by expert-directed signature generation. Pattern recognition on reduced representations of network traffic offers a fast, efficient, and more robust way to detect anomalies.
Keywords
authorisation; bioinformatics; computer network security; data reduction; genetic algorithms; pattern matching; real-time systems; telecommunication computing; telecommunication traffic; LINEBACkER; access control point; bio-inspired data reduction; biosequence alignment; cyber network detection; cyber security; detection techniques; downloaded programs; exact matching; expert-directed signature generation; flexibility adversary; gene sequence analysis; human analysts; installed programs; malicious traffic; manual analysis; network data; nonidentical sequences; passwords; pattern recognition; payload data; real time network traffic analysis; regular-expression matching; resilient cyber applications; similarity-measuring algorithms; traffic signatures; Bioinformatics; Computer security; Databases; Laboratories; Libraries; Proteins; Telecommunication traffic; bioinformatics; data reduction; network traffic analysis;
fLanguage
English
Publisher
ieee
Conference_Titel
Resilient Control Systems (ISRCS), 2013 6th International Symposium on
Conference_Location
San Francisco, CA
Type
conf
DOI
10.1109/ISRCS.2013.6623771
Filename
6623771
Link To Document