본문 바로가기
HOME> 논문 > 논문 검색상세

논문 상세정보

IEEE network v.31 no.1, 2017년, pp.18 - 26   SCI SCIE
본 등재정보는 저널의 등재정보를 참고하여 보여주는 베타서비스로 정확한 논문의 등재여부는 등재기관에 확인하시기 바랍니다.

Big Data Behavioral Analytics Meet Graph Theory: On Effective Botnet Takedowns

Bou-Harb, Elias Debbabi, Mourad Assi, Chadi
  • 초록  

    Cyberspace continues to host highly sophisticated malicious entities that have demonstrated their ability to launch debilitating, intimidating, and disrupting cyber attacks. Recently, such entities have been adopting orchestrated, often botmaster- coordinated, stealthy attack strategies aimed at maximizing their targets’ coverage while minimizing redundancy and overlap. The latter entities, which are typically dubbed as bots within botnets, are ominously being leveraged to cause drastic Internet-wide and enterprise impacts by means of severe misdemeanors. While a plethora of literature approaches have devised operational cyber security techniques for the detection of such botnets, very few have tackled the problem of how to promptly and effectively takedown such botnets. In the past three years, we have received 12 GB of daily malicious real darknet data (i.e., Internet traffic destined to half a million routable but unallocated IP addresses or sensors) from more than 12 countries. This article exploits such data to propose a novel Internet-scale cyber security capability that fuses big data behavioral analytics in conjunction with formal graph theoretical concepts to infer and attribute Internet-scale infected bots in a prompt manner and identify the niche of the botnet for effective takedowns. We validate the accuracy of the proposed approach by employing 100 GB of the Carna botnet, which is a very recent real malicious Internet-scale botnet. Since performance is also an imperative metric when dealing with big data for network security, this article further provides a comparison between two trending big data processing architectures: the almost standard Apache Hadoop system, and a more traditional and simplistic multi-threaded programming approach, by employing 1 TB of real darknet data. Several recommendations and possible future research work derived from the previous experiments conclude this article.


 활용도 분석

  • 상세보기

    amChart 영역
  • 원문보기

    amChart 영역

원문보기

무료다운로드
  • 원문이 없습니다.

유료 다운로드의 경우 해당 사이트의 정책에 따라 신규 회원가입, 로그인, 유료 구매 등이 필요할 수 있습니다. 해당 사이트에서 발생하는 귀하의 모든 정보활동은 NDSL의 서비스 정책과 무관합니다.

원문복사신청을 하시면, 일부 해외 인쇄학술지의 경우 외국학술지지원센터(FRIC)에서
무료 원문복사 서비스를 제공합니다.

NDSL에서는 해당 원문을 복사서비스하고 있습니다. 위의 원문복사신청 또는 장바구니 담기를 통하여 원문복사서비스 이용이 가능합니다.

이 논문과 함께 출판된 논문 + 더보기