Title :
Locality matters: Reducing Internet traffic graphs using location analysis
Author :
Berger, A. ; Ruehrup, Stefan ; Gansterer, Wilfried N. ; Jung, Oliver
Author_Institution :
FTW Telecommun. Res. Center Vienna, Vienna, Austria
Abstract :
The representation of Internet traffic as connection graphs augments anomaly detection systems by providing insight on the structural connection properties, i.e., who-talks-to-whom. However, these graphs are extremely large and one has to decide in advance on which aspect to focus. In the context of malware detection, this is difficult as malware often mimics legitimate traffic. In this paper, we present a statistical approach for extracting the typical traffic destinations for a set of monitored hosts, and derive a reduced graph that contains only connections that are anomalous for that host. This graph can then be analyzed efficiently. Our system is designed to scale to thousands of monitored hosts. We evaluate our approach using a data set from a real network, and show that we can reliably detect injected malware activity.
Keywords :
Internet; computer network security; graph theory; invasive software; statistical analysis; telecommunication traffic; Internet traffic graphs; Internet traffic representation; anomaly detection systems; connection graphs; injected malware activity detection; location analysis; malware detection; statistical approach; structural connection properties; traffic destinations; Databases; Monitoring; Network monitoring; graph analysis; malware detection; statistical anomaly detection; traffic modeling;
Conference_Titel :
Dependable Systems and Networks (DSN), 2013 43rd Annual IEEE/IFIP International Conference on
Conference_Location :
Budapest
Print_ISBN :
978-1-4673-6471-3
DOI :
10.1109/DSN.2013.6575365
