CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Tracking Malicious Hosts on a 10Gbps Backbone Link

Magnus Almgren (Institutionen för data- och informationsteknik, Nätverk och system (Chalmers) ) ; Wolfgang John (Institutionen för data- och informationsteknik, Nätverk och system (Chalmers) )
Lecture Notes in Computer Science: 15th Nordic Conference in Secure IT Systems (NordSec 2010) (03029743). Vol. 7127 (2010), p. 104-120.
[Konferensbidrag, refereegranskat]

We use anonymized flow data collected from a 10Gbps backbone link to discover and analyze malicious flow patterns. Even though such data may be rather difficult to interpret, we show how to bootstrap our analysis with a set of malicious hosts to discover more obscure patterns. Our analysis spans from simple attribute aggregates (such as top IP and port numbers) to advanced temporal analysis of communication patterns between normal and malicious hosts. For example, we found some complex communication patterns that possibly lasted for over a week. Furthermore, several malicious hosts were active over the whole data collection period, despite being blacklisted. We also discuss the problems of working with anonymized data. Given that this type of privacy-sentitive backbone data would not be available for analysis without proper anonymization, we show that it can still offer many novel insights, valuable for both network researchers and practitioners.

Keywords: Network Security; Malicious Traffic; Internet Backbone.

Nyckelord: Network Security; Malicious Traffic; Internet Backbone.



Denna post skapades 2010-11-03. Senast ändrad 2015-05-04.
CPL Pubid: 128574

 

Läs direkt!


Länk till annan sajt (kan kräva inloggning)


Institutioner (Chalmers)

Institutionen för data- och informationsteknik, Nätverk och system (Chalmers)

Ämnesområden

Information Technology

Chalmers infrastruktur