Distilling command and control network intrusions from network flow metadata using temporal PageRank

Distilling command and control network intrusions from network flow metadata using temporal PageRank

Malicious network intrusions which exfiltrate data from computer networks are extremely damaging for organisations and governments worldwide. Combating these network intrusions and large-scale cyber-attacks requires mining and analysis of large volumes of computer network data. We present a statisti...

Full description

Saved in:
Bibliographic Details
Published in:2016 26th International Telecommunication Networks and Applications Conference (ITNAC) pp. 107 - 114
Main Authors: Singh, Latchman, Cheng, Adriel
Format: Conference Proceeding
Language:English
Published: IEEE 01-12-2016
Subjects:
Cyber Network and Security
Data Mining
Information filtering
Internet
Intrusion Detection and Prevention
IP networks
Metadata
PageRank
Ports (Computers)
Servers
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Malicious network intrusions which exfiltrate data from computer networks are extremely damaging for organisations and governments worldwide. Combating these network intrusions and large-scale cyber-attacks requires mining and analysis of large volumes of computer network data. We present a statistical filtering and temporal PageRank technique that improves the probability of discovering network intrusions. The technique filters out benign network data such that the data remaining is more pertinent and likely to contain malicious command and control (C2) traffic. We then propose a novel application of Google's PageRank algorithm by incorporating temporal analysis and evaluating a time-series of page rankings for identifying C2 like traffic. Two case studies using data collected at the gateway of an enterprise network and at the Internet backbone are presented to support our technique.
ISSN:2474-154X
DOI:10.1109/ATNAC.2016.7878792