Abstract
Potential cyber victim detection is an important research issue in the domain of network security. During an adjacent period of time, cyber victims or even potential cyber victims within an enterprise have several common patterns to the currently seized victims. Hence, this paper applies the link analysis method and proposes a hybrid method to automatically discover potential victims through their behavioral patterns hidden in the network log data. In the experiment, the proposed method has been applied to reveal potential victims from a big data (6,846,097 records of proxy logs in 1.7G and 84,693,445 records of firewall logs in 9.3G). Afterward, a ranking list of potential victims can consequently be generated for stakeholders to understand the safety condition within an enterprise. Moreover, the hierarchical connection graph of hosts can further assist managers or stakeholders to find out the potential victims more easily. As a result, the safety and prevention practice of the information security group in an enterprise would be upgraded to an active mode rather than passive mode.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Schroeder, J., Xu, J., Chen, H., Chau, M.: Automated Criminal Link Analysis Based on Domain Knowledge. Journal of the American Society for Information Science and Technology 58(6), 842–855 (2007)
Daly, M.K.: The advanced persistent threat. In: USENIX (ed.) 23rd Large Installation System Administration Conference. USENIX, Baltimore (2009)
Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: BotHunter: detecting malware infection through ids-driven dialog correlation. In: Proc. 16th USENIX Security Symposium (2007)
Gu, G., Perdisci, R., Zhang, J., Lee, W.: Botminer: clustering analysis of network traffic for protocol- and structure independent botnet detection. In: Proc. 17th USENIX Security Symposium (2008)
Gu, G., Zhang, J., Lee, W.: BotSniffer: detecting botnet command and control channels in network traffic. In: Proc. 15th Annual Network and Distributed System Security Symposium (2008)
Security laboratory. The 6 categories of critical log information (2013), version 3.0.1
Tan, P.N., Steinbach, M., Kumar, V.: Introduction to data mining. Addison-Wesley (2006)
Mendenhall, W., Beaver, R.J., Beaver, B.M.: Introduction to probability and statistics. Cengage Learning (2013)
Link analysis. http://en.wikipedia.org/wiki/Link_analysis
Donoho, S.: Link analysis. In: Maimon, O., Rokach, L. (eds.) Data Mining and Knowledge Discovery Handbook, 2nd edn., pp. 355–368. Springer, Heidelberg (2010)
Wu, I.C., Wu, C.Y.: Using internal link and social network analysis to support searches in Wikipedia–A model and its evaluation. Journal of Information Science 37(2), 189–207 (2011)
Chiu, T.F.: A proposed IPC-based clustering method for exploiting expert knowledge and its application to strategic planning. Journal of Information Science 40(1), 50–66 (2014)
Freeman, L.C.: Centrality in social networks: Conceptual clarification. Social Networks 1, 215–239 (1979)
Kim, G., Faloutsos, C., Hebert, M.: Unsupervised modeling of object categories using link analysis techniques. In: CVPR (2008)
Chen, Y.L., Chuang, C.H., Chiu, Y.T.: Community detection based on social interactions in a social network. Journal of the Association for Information Science and Technology 65(3), 539–550 (2014)
Si, Y.W., Cheong, S.H., Fong, S., Biuk-Aghai, R.P., Cheong, T.M.: A layered approach to link analysis and visualization of event data. In: Seventh International Conference on Digital Information Management (ICDIM2012), pp. 181–185. IEEE Press (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Chiu, YT., Liu, ST., Huang, HC., Hong, KF. (2015). Discovering Potential Victims Within Enterprise Network via Link Analysis Method. In: Ali, M., Kwon, Y., Lee, CH., Kim, J., Kim, Y. (eds) Current Approaches in Applied Artificial Intelligence. IEA/AIE 2015. Lecture Notes in Computer Science(), vol 9101. Springer, Cham. https://doi.org/10.1007/978-3-319-19066-2_32
Download citation
DOI: https://doi.org/10.1007/978-3-319-19066-2_32
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-19065-5
Online ISBN: 978-3-319-19066-2
eBook Packages: Computer ScienceComputer Science (R0)