Cited By
View all- Shadrooh SNørvåg K(2024)SMoTeF: Smurf money laundering detection using temporal order and flow analysisApplied Intelligence10.1007/s10489-024-05545-454:15-16(7461-7478)Online publication date: 7-Jun-2024
Predicting and detecting emerging cyberattack patterns using StreamWorks
Pages 93 - 96
Abstract
The number and sophistication of cyberattacks on industries and governments have dramatically grown in recent years. To counter this movement, new advanced tools and techniques are needed to detect cyberattacks in their early stages such that defensive actions may be taken to avert or mitigate potential damage. From a cybersecurity analysis perspective, detecting cyberattacks may be cast as a problem of identifying patterns in computer network traffic. Logically and intuitively, these patterns may take on the form of a directed graph that conveys how an attack or intrusion propagates through the computers of a network.
We are researching and developing graph-centric approaches and algorithms for dynamic cyberattack detection and packaging them into a streaming network analysis framework we call StreamWorks. With StreamWorks, a scientist or analyst may detect and identify precursor events and patterns as they emerge in complex networks. This analysis framework is intended to be used in a dynamic environment where network data is streamed in and is appended to a large-scale dynamic graph. Specific graphical query patterns are decomposed and collected into a graph query library. The individual decomposed subpatterns in the library are continuously and efficiently matched against the dynamic graph as it evolves to identify and detect early, partial subgraph patterns.
References
[1]
W. Fan, J. Li, J. Luo, Z. Tan, X. Wang, and Y. Wu, "Incremental Graph Pattern Matching," Proc. 2011 ACM SIGMOD International Conference on Management of Data, ACM Press, 2011, pp. 925--936.
[2]
L. Chen and C. Wang, "Continuous Subgraph Pattern Search Over Certain and Uncertain Graph Streams," IEEE Trans. on Know. and Data Eng., vol. 22, no. 8, 2010, pp. 1093--1109.
[3]
A. Godiyal, M. Garland, and J. C. Hart, "Enhancing Network Traffic Visualization by Graph Pattern Analysis," 2010, https://agora.cs.illinois.edu/download/attachments/18744303/netflowpatterngraphs.pdf.
[4]
S. Staniford-Chen, S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, C. Wee, R. Yip, and D. Zerkle, "GrIDS a Graph Based Intrusion Detection System for Large Networks," Proc. 19th National Information Systems Security Conference, 1996, pp. 1--10.
[5]
S. Ganguly, M. Garofalakis, R. Rastogi, and K. Sabnani, "Streaming Algorithms for Robust, Real-Time Detection of DDoS Attacks," Proc. 27th International Conference on Distributed Computing Systems, IEEE Press, 2007, pp. 1--4.
[6]
S. Venkataraman, D. Song, Phillip B. Gibbons, and A. Blum, "New Streaming Algorithms for Fast Detection of Superspreaders," Proc. 12th ISOC Symposium on Network and Distributed System Security Symposium (SNDSS), IEEE Press, 2005, pp. 21--30.
[7]
Gephi, an Open Source Graph Visualization and Manipulation Software, http://www.gephi.org/.
Index Terms
- Predicting and detecting emerging cyberattack patterns using StreamWorks
Recommendations
A Scientific Approach to Cyberattack Detection
Attack-norm separation uses rigorous signal detection models to isolate attack signals from normal data before attack identification. By drawing from science instead of heuristics, this approach promises more efficient, accurate, and inclusive attack ...
Detecting metamorphic malwares using code graphs
SAC '10: Proceedings of the 2010 ACM Symposium on Applied ComputingMalware writers and detectors have been running an endless battle. Self-defense is the weapon most malware writers prepare against malware detectors. Malware writers have tried to evade the improved detection techniques of anti-virus(AV) products. ...
Detecting and Defending against Worm Attacks Using Bot-honeynet
ISECS '09: Proceedings of the 2009 Second International Symposium on Electronic Commerce and Security - Volume 01We proposed a worm detection and defense system named bot-honeynet in this paper, which combines the best features of honeynet, anomaly detection and botnet. The combination of honeynet and anomaly detection system offers a tradeoff between false ...
Comments
Information & Contributors
Information
Published In
April 2014
134 pages
Copyright © 2014 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
- Los Alamos National Labs: Los Alamos National Labs
- CEDS: DOE Cybersecurity for Energy Delivery Systems
- Sandia National Labs: Sandia National Laboratories
- DOE: Department of Energy
- Oak Ridge National Laboratory
- Lawrence Livermore National Lab.: Lawrence Livermore National Laboratory
- BERKELEYLAB: Lawrence National Berkeley Laboratory
- CSL: DOE Cyber Sciences Laboratory
- Argonne Natl Lab: Argonne National Lab
- Pacific Northwest National Laboratory
- TTP: DHS Transition to Practice
- Nevada National Security Site: Nevada National Security Site
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 08 April 2014
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
Conference
CISR' '14
Sponsor:
- Los Alamos National Labs
- CEDS
- Sandia National Labs
- DOE
- Lawrence Livermore National Lab.
- BERKELEYLAB
- CSL
- Argonne Natl Lab
- TTP
- Nevada National Security Site
CISR' '14: 2014 Cyber and Information Security Research Conference
April 8 - 10, 2014
Tennessee, Oak Ridge, USA
Acceptance Rates
CISR '14 Paper Acceptance Rate 32 of 50 submissions, 64%;
Overall Acceptance Rate 69 of 136 submissions, 51%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 292Total Downloads
- Downloads (Last 12 months)16
- Downloads (Last 6 weeks)0
Reflects downloads up to 06 Nov 2024
Other Metrics
Citations
Cited By
View all- Shadrooh SNørvåg K(2024)SMoTeF: Smurf money laundering detection using temporal order and flow analysisApplied Intelligence10.1007/s10489-024-05545-454:15-16(7461-7478)Online publication date: 7-Jun-2024
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in