Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Applying Big Data Concepts to Improve Flat Steel Production Processes Kapitel lesen Erstes Kapitel lesen

2018 | OriginalPaper | Buchkapitel

Scalable Framework for Cyber Threat Situational Awareness Based on Domain Name Systems Data Analysis

verfasst von : R. Vinayakumar, Prabaharan Poornachandran, K. P. Soman

Erschienen in: Big Data in Engineering Applications

Verlag: Springer Singapore

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

There are myriad of security solutions that have been developed to tackle the Cyber Security attacks and malicious activities in digital world. They are firewalls, intrusion detection and prevention systems, anti-virus systems, honeypots etc. Despite employing these detection measures and protection mechanisms, the number of successful attacks and the level of sophistication of these attacks keep increasing day-by-day. Also, with the advent of Internet-of-Things, the number of devices connected to Internet has risen dramatically. The inability to detect attacks on these devices are due to (1) the lack of computational power for detecting attacks, (2) the lack of interfaces that could potentially indicate a compromise on this devices and (3) the lack of the ability to interact with the system to execute diagnostic tools. This warrants newer approaches such as Tier-1 Internet Service Provider level view of attack patterns to provide situational awareness of Cyber Security threats. We investigate and explore the event data generated by the Internet protocol Domain Name Systems (DNS) for the purpose of Cyber threat situational awareness. Traditional methods such as Static and Binary analysis of Malware are sometimes inadequate to address the proliferation of Malware due to the time taken to obtain and process the individual binaries in order to generate signatures. By the time the Anti-Malware signature is available, there is a chance that a significant amount of damage might have happened. The traditional Anti-Malware systems may not identify malicious activities. However, it may be detected faster through DNS protocol by analyzing the generated event data in a timely manner. As DNS was not designed with security in mind (or suffers from vulnerabilities), we explore how the vast amount of event data generated by these systems can be leveraged to create Cyber threat situational awareness. The main contributions of the book chapter are two-fold: (1). A scalable framework that can perform web scale analysis in near real-time that provide situational awareness. (2). Detect early warning signals before large scale attacks or malware propagation occurs. We employ deep learning approach to classify and correlate malicious events that are perceived from the protocol usage. To our knowledge this is the first time, a framework that can analyze and correlate the DNS usage information at continent scale or multiple Tier-1 Internet Service Provider scale has been studied and analyzed in real-time to provide situational awareness. Merely using a commodity hardware server, the developed framework is capable of analyzing more than 2 Million events per second and it could detect the malicious activities within them in near real-time. The developed framework can be scaled out to analyze even larger volumes of network event data by adding additional computing resources. The scalability and real-time detection of malicious activities from early warning signals makes the developed framework stand out from any system of similar kind.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Concepts of HBase Archetypes in Big Data Engineering
Nächstes Kapitel Big Data in HealthCare
Literatur
1.
Abu Rajab, M., Zarfoss, J., Monrose, F., & Terzis, A. (2006). A multifaceted approach to understanding the botnet phenomenon. In Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement (pp. 41–52). ACM.
2.
Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., & Feamster, N. (2010). Building a dynamic reputation system for DNS. In USENIX Security Symposium (pp. 273–290).
3.
Ollmann, G. (2009). Botnet communication topologies. Retrieved September 30, 2009.
4.
Foster, K. (2010). The conicker worm and variants.
5.
6.
Royal, P. (2008). Analysis of the kraken botnet. Damballa, Apr 9.
7.
8.
Crawford, H., & Aycock, J. (2008). Kwyjibo: Automatic domain name generation. Software: Practice and Experience, 38(14), 1561–1567.
9.
Antonakakis, M., Perdisci, R., Nadji, Y., Vasiloglou, N., Abu-Nimeh, S., Lee, W., & Dagon, D. (2012). From throw-away traffic to bots: Detecting the rise of dga-based malware. In Presented as part of the 21st USENIX Security Symposium (USENIX Security 12) (pp. 491–506).
10.
Will, C. (2014) Botnet detection with dns monitoring. Network, 25.
11.
Schiavoni, S., Maggi, F., Cavallaro, L., & Zanero, S. (2014). Phoenix: Dga-based botnet tracking and intelligence. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 192–211). Springer.
12.
Raghuram, J., Miller, D. J., & Kesidis, G. (2014). Unsupervised, low latency anomaly detection of algorithmically generated domain names by generative probabilistic modeling. Journal of Advanced Research, 5(4), 423433.CrossRef
13.
Thomas, M., & Mohaisen, A. (2014). Kindred domains: detecting and clustering botnet domains using DNS traffic. In Proceedings of the 23rd International Conference on World Wide Web (pp. 707–712). ACM.
14.
Ashwini, B., Menon, V. K., & Soman, K. P. (2016). Prediction of malicious domains using smith waterman algorithm. In International Symposium on Security in Computing and Communication (pp. 369–376). Singapore: Springer.
15.
Zdrnja, B., Brownlee, N., & Wessels, D. (2007). Passive monitoring of dns anomalies. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 129–139). Springer.CrossRef
16.
Ramachandran, A., & Feamster, N. (2006). Understanding the network-level behavior of spammers. In ACM SIGCOMM Computer Communication Review (vol. 36, no. 4, pp. 291–302). ACM.CrossRef
17.
Anderson, D. S., Fleizach, C., Savage, S., & Voelker, G. M. (2007). Spamscatter: Characterizing internet scam hosting infrastructure. In Usenix Security (pp. 1–14).
18.
LeCun, Y., Bengio, Y., & Hinton, G. (2015). Deep learning. Nature, 521(7553), 436–444.CrossRef
19.
Zhang, X., Zhao, J., & LeCun, Y. (2015). Character-level convolutional networks for text classification. Advances in Neural Information Processing Systems.
20.
Elman, J. L. (1990). Finding structure in time. Cognitive Science, 14(2), 179211.CrossRef
21.
Bengio, Y., Simard, P., & Frasconi, P. (1994). Learning long-term dependencies with gradient descent is difficult. IEEE Transactions on Neural Networks, 5(2), 157166.CrossRef
22.
Martens, J. (2010). Deep learning via hessian-free optimization. In Proceedings of 27th International Conference on Machine Learning.
23.
Hochreiter, S., & Schmidhuber, J. (1997). Long short-term memory. Neural Computation, 9(8), 1735–1780.CrossRef
24.
25.
Le, Q. V., Jaitly, N., & Hinton, G. E. (2015). A simple way to initialize recurrent networks of rectified linear units. arXiv:​1504.​00941 (2015).
26.
27.
Anstee Darren, C. F. C. P. B., & Sockrider, G. (2015). Worldwide infrastructure security report.
28.
Vinayakumar, R., Soman, K. P., Poornachandran, P., & Sachin Kumar, S. Detecting android malware using long short-term memory-LSTM. Journal of Intelligent and Fuzzy Systems, IOS Press [In press].
29.
Vinayakumar, R., Soman, K. P., & Poornachandran, P. (2017). Deep android malware detection and classification. In International Conference on Advances in Computing, Communications and Informatics (ICACCI), 2017 (pp. 1677–1683). IEEE.
30.
Vinayakumar, R., Soman, K. P., Poornachandran, P., & Sachin Kumar, S. Evaluating deep learning approaches to characterize and classify the DGAs at scale. Journal of Intelligent and Fuzzy Systems, IOS Press [In press].
31.
Vinayakumar, R., Soman, K. P., & Poornachandran, P. Detecting malicious domain names using deep learning approaches at scale. Journal of Intelligent and Fuzzy Systems, IOS Press [In press].CrossRef
32.
Vinayakumar, R., Soman, K. P., & Poornachandran, P. (2017). Evaluating shallow and deep networks for secure shell (ssh) traffic analysis. In International Conference on Advances in Computing, Communications and Informatics (ICACCI), 2017 (pp. 266–274). IEEE.
33.
Vinayakumar, R., Soman, K. P., & Poornachandran, P. (2017). Secure shell (ssh) traffic analysis with flow based features using shallow and deep networks. In International Conference on Advances in Computing, Communications and Informatics (ICACCI), 2017 (pp. 2026–2032). IEEE.
34.
Vinayakumar, R., Soman, K. P., & Poornachandran, P. Evaluating deep learning approaches to characterize, signalize and classify malicious URLs. Journal of Intelligent and Fuzzy Systems, IOS Press [In press].
35.
Vinayakumar, R., Soman, K. P., & Poornachandran, P. (2017). Applying convolutional neural network for network intrusion detection. In International Conference on Advances in Computing, Communications and Informatics (ICACCI), 2017 (pp. 1222–1228). IEEE.
36.
Vinayakumar, R., Soman, K. P., & Poornachandran, P. (2017). Evaluating effectiveness of shallow and deep networks to intrusion detection system. In International Conference on Advances in Computing, Communications and Informatics (ICACCI), 2017 (pp. 1282–1289). IEEE.
37.
Vinayakumar, R., Soman, K. P., & Poornachandran, P. (2017). Long short-term memory based operation log anomaly detection. In International Conference on Advances in Computing, Communications and Informatics (ICACCI), 2017 (pp. 236–242). IEEE.
38.
Vinayakumar, R., Soman, K. P., Velan, K. S., & Ganorkar, S. (2017). Evaluating shallow and deep networks for ransomware detection and classification. In International Conference on Advances in Computing, Communications and Informatics (ICACCI), 2017 (pp. 259–265). IEEE.
39.
Vinayakumar, R., Soman, K. P., & Poornachandran, P. (2017). Deep encrypted text categorization. In International Conference on Advances in Computing, Communications and Informatics (ICACCI), 2017 (pp. 364–370). IEEE.
40.
Vinayakumar, R., Soman, K. P., & Poornachandran, P. (2017). Applying deep learning approaches for network traffic prediction. In International Conference on Advances in Computing, Communications and Informatics (ICACCI), 2017 (pp. 2353–2358). IEEE.
41.
42.
43.
Hall, P. A., & Dowling, G. R. (1980). Approximate string matching. ACM Computing Surveys (CSUR), 12(4), 381–402.MathSciNetCrossRef
44.
45.
Van der Maaten, L., & Hinton, G. (2008). Visualizing data using T-Sne. Journal of Machine Learning Research, 9(2579–2605), 85.MATH
46.
Abadi, M., et al. (2016). TensorFlow: A system for large-scale machine learning. In OSDI (Vol. 16).
47.
Soman, K. P., Loganathan, R., & Ajay, V. (2009). Machine learning with SVM and other kernel methods. Ltd: PHI Learning Pvt.
48.
Soman, K. P., Diwakar, S., & Ajay, V. (2006). Data mining: Theory and practice [WITH CD]. Ltd: PHI Learning Pvt.
49.
Kuhrer, M., Rossow, C., & Holz, T. (2014). Paint it black: Evaluating the effectiveness of malware blacklists. In International Workshop on Recent Advances in Intrusion Detection (pp. 1–21). Springer.
Metadaten
Titel
Scalable Framework for Cyber Threat Situational Awareness Based on Domain Name Systems Data Analysis
verfasst von
R. Vinayakumar
Prabaharan Poornachandran
K. P. Soman
Copyright-Jahr
2018
Verlag
Springer Singapore
Buch
Big Data in Engineering Applications

Print ISBN: 978-981-10-8475-1

Electronic ISBN: 978-981-10-8476-8

Copyright-Jahr: 2018

DOI
https://doi.org/10.1007/978-981-10-8476-8_6