Abstract
The standard paradigm when securing networks is to filter ingress traffic to the domain to be protected. Even though many tools and techniques have been developed and employed over the recent years for this purpose, we are still far from having secure networks. In this work, we propose a paradigm shift on the way we secure networks, by investigating whether it would not be efficient to filter egress traffic as well. The main benefit of this approach is the possibility to mitigate malicious activities before they reach the Internet. To evaluate our proposal, we have developed a prototype and conducted experiments using NetFlow data from the University of Twente.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Arbor networks. Worldwide infrastructure security report (2009 report). Technical report (2010)
John, J.P., Moshchuk, A., Gribble, S.D., Krishnamurthy, A.: Studying spamming botnets using Botlab. In: NSDI 2009: Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation, pp. 291–306. USENIX Association, Berkeley (2009)
de Vries, W.W., Moreira Moura, G.C., Pras, A.: Fighting spam on the sender side: A lightweight approach. In: Aagesen, F.A., Knapskog, S.J. (eds.) EUNICE 2010. LNCS, vol. 6164, pp. 188–197. Springer, Heidelberg (2010)
van Eeten, M., Bauerb, J.M., Asgharia, H., Tabatabaiea, S., Randc, D.: The Role of Internet Service Providers in Botnet Mitigation: An Empirical Analysis Based on Spam Data. In: WEIS 2010: Ninth Workshop on the Economics of Information Security (2010)
Cisco Systems. Cisco IOS NetFlow (August 2010)
Sperotto, A., Schaffrath, G., Sadre, R., Morariu, C., Pras, A., Stiller, B.: An Overview of IP Flow-Based Intrusion Detection. IEEE Communications Surveys Tutorials 12(3), 343–356 (2010)
Xie, Y., Yu, F., Achan, K., Panigrahy, R., Hulten, G., Osipkov, I.: Spamming botnets: signatures and characteristics. SIGCOMM Comput. Commun. Rev. 38(4), 171–182 (2008)
Gu, G., Perdisci, R., Zhang, J., Lee, W.: Botminer: clustering analysis of network traffic for protocol- and structure-independent botnet detection. In: USENIX Security Symposium (SS), San Jose, CA, pp. 139–154 (July 2008)
Sperotto, A., Vliek, G., Sadre, R., Pras, A.: Detecting spam at the network level. In: Oliver, M., Sallent, S. (eds.) EUNICE 2009. LNCS, vol. 5733, pp. 208–216. Springer, Heidelberg (2009)
Day, W.H., Edelsbrunner, H.: Efficient algorithms for agglomerative hierarchical clustering methods. Journal of Classification 1(1), 7–24 (1984)
Schikuta, E.: Grid-clustering: a fast hierarchical clustering method for very large data sets. In: Proceedings 15th Int. Conf. on Pattern Recognition, pp. 101–105 (1996)
François, J., Abdelnur, H., State, R., Festor, O.: Automated Behavioral Fingerprinting. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 182–201. Springer, Heidelberg (2009)
Sperotto, A., Sadre, R., van Vliet, F., Pras, A.: A Labeled Data Set for Flow-Based Intrusion Detection. In: Nunzi, G., Scoglio, C., Li, X. (eds.) IPOM 2009. LNCS, vol. 5843, pp. 39–50. Springer, Heidelberg (2009)
Porras, P., Sadi, H., Yegneswaran, V.: A Multi-perspective Analysis of the Storm (Peacomm) Worm
Wang, P., Wu, L., Cunningham, R., Zou, C.C.: Honeypot detection in advanced botnet attacks. Int. J. Inf. Comput. Secur. 4(1), 30–51 (2010)
Rajab, M.A., Zarfoss, J., Monrose, F., Terzis, A.: A multifaceted approach to understanding the botnet phenomenon. In: ACM SIGCOMM conference on Internet measurement (IMC), pp. 41–52 (2006)
Karasaridis, A., Rexroad, B., Hoeflin, D.: Wide-scale botnet detection and characterization. In: First Workshop on Hot Topics in Understanding Botnets (HotBots). USENIX (2007)
Holz, T., Steiner, M., Dahl, F., Biersack, E., Freiling, F.: Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm. In: LEET 2008: Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, pp. 1–9. USENIX Association, Berkeley (2008)
François, J., Wang, S., State, R., Engel, T.: BotTrack: Tracking Botnets using NetFlow and PageRank. In: Domingo-Pascual, J., Manzoni, P., Palazzo, S., Pont, A., Scoglio, C. (eds.) NETWORKING 2011, Part I. LNCS, vol. 6640, pp. 1–14. Springer, Heidelberg (2011)
Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: Bothunter: detecting malware infection through ids-driven dialog correlation. In: USENIX Security Symposium (SS) (August 2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
François, J., Moura, G.C.M., Pras, A. (2011). Cleaning Your House First: Shifting the Paradigm on How to Secure Networks. In: Chrisment, I., Couch, A., Badonnel, R., Waldburger, M. (eds) Managing the Dynamics of Networks and Services. AIMS 2011. Lecture Notes in Computer Science, vol 6734. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21484-4_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-21484-4_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21483-7
Online ISBN: 978-3-642-21484-4
eBook Packages: Computer ScienceComputer Science (R0)