Detecting Advanced Network Threats Using a Similarity Search
In this paper, we propose a novel approach for the detection of advanced network threats. We combine knowledge-based detections with similarity search techniques commonly utilized for automated image annotation. This unique combination could provide effective detection of common network anomalies together with their unknown variants. In addition, it offers a similar approach to network data analysis as a security analyst does. Our research is focused on understanding the similarity of anomalies in network traffic and their representation within complex behaviour patterns. This will lead to a proposal of a system for the real-time analysis of network data based on similarity. This goal should be achieved within a period of three years as a part of a PhD thesis.
KeywordsSimilarity search Network data Classification Network threats
This research was supported by the Security Research Programme of the Czech Republic 2015 - 2020 (BV III/1 VS) granted by the Ministry of the Interior of the Czech Republic under No. VI20162019029 The Sharing and analysis of security events in the Czech Republic.
- 1.Barbosa, R.R.R., Sadre, R., Pras, A., van de Meent, R.: Simpleweb/University of twente traffic traces data repository. Technical report TR-CTIT-10-19, Centre for Telematics and Information Technology, University of Twente, April 2010. http://eprints.eemcs.utwente.nl/17829/
- 5.CAIDA: The CAIDA UCSD Anonymized Internet Traces 2015–20150219-130000 (2015). http://www.caida.org/data/passive/passive_2015_dataset.xml
- 6.Drašar, M.: Behavioral detection of distributed dictionary attacks. Doctoral theses, dissertations, Masaryk University, Faculty of Informatics, Brno (2015)Google Scholar
- 8.INVEA-TECH a.s.: Flowmon ads. Web page (2015). https://www.invea.com/cs/produkty-sluzby/flowmon/flowmon-ads. Accessed 06 Jan 2016
- 10.Kouřil, D., Rebok, T., Jirsík, T., Čegan, J., Drašar, M., Vizváry, M., Vykopal, J.: Cloud-based testbed for simulation of cyber attacks. In: 2014 IEEE Network Operations and Management Symposium (NOMS), May 2014Google Scholar
- 12.Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proceedings of the 13th USENIX Conference on System Administration, LISA 1999, pp. 229–238. USENIX Association, Berkeley (1999)Google Scholar
- 13.Symantec Corporation: 2015 Internet Security Threat Report. Technical report 20, Symantec Corporation, April 2015. http://www.symantec.com/security_response/publications/threatreport.jsp