Big Data Behavioral Analytics Meet Graph Theory: On Effective Botnet Takedowns
Cyberspace continues to host highly sophisticated malicious entities that have demonstrated their ability to launch debilitating, intimidating, and disrupting cyber attacks. Recently, such entities have been adopting orchestrated, often botmaster- coordinated, stealthy attack strategies aimed at maximizing their targets’ coverage while minimizing redundancy and overlap. The latter entities, which are typically dubbed as bots within botnets, are ominously being leveraged to cause drastic Internet-wide and enterprise impacts by means of severe misdemeanors. While a plethora of literature approaches have devised operational cyber security techniques for the detection of such botnets, very few have tackled the problem of how to promptly and effectively takedown such botnets. In the past three years, we have received 12 GB of daily malicious real darknet data (i.e., Internet traffic destined to half a million routable but unallocated IP addresses or sensors) from more than 12 countries. This article exploits such data to propose a novel Internet-scale cyber security capability that fuses big data behavioral analytics in conjunction with formal graph theoretical concepts to infer and attribute Internet-scale infected bots in a prompt manner and identify the niche of the botnet for effective takedowns. We validate the accuracy of the proposed approach by employing 100 GB of the Carna botnet, which is a very recent real malicious Internet-scale botnet. Since performance is also an imperative metric when dealing with big data for network security, this article further provides a comparison between two trending big data processing architectures: the almost standard Apache Hadoop system, and a more traditional and simplistic multi-threaded programming approach, by employing 1 TB of real darknet data. Several recommendations and possible future research work derived from the previous experiments conclude this article.
원문복사신청을 하시면, 일부 해외 인쇄학술지의 경우 외국학술지지원센터(FRIC)에서
무료 원문복사 서비스를 제공합니다.
NDSL에서는 해당 원문을 복사서비스하고 있습니다. 위의 원문복사신청 또는 장바구니 담기를 통하여 원문복사서비스 이용이 가능합니다.
- 이 논문과 함께 출판된 논문 + 더보기