Abstract
Network connected devices has become inherent part of our lives. These devices have come to be more and more mobile and are target of various malware attacks. An inability to guarantee or check proper security settings of such devices poses a serious risk to network security. In this paper we propose a novel concept of flow based host trustworthiness estimation. The estimated trustworthiness determines a level of the risk to the network security the host posses. This concept enables network operators to identify a potential dangerous host in their network and take an appropriate precautions. Models used for trustworthiness estimation are based on scoring either single events or host characteristics. In order to be able to estimate trustworthiness of a host even in large scale networks, the data used for estimation are reduced only to extended network flows. The research is in its initial phase and will conclude with Ph.D. thesis in three years.
Keywords
Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Abt, S., Dietz, C., Baier, H., Petrović, S.: Passive Remote Source NAT Detection Using Behavior Statistics Derived from NetFlow. In: Doyen, G., Waldburger, M., Čeleda, P., Sperotto, A., Stiller, B. (eds.) AIMS 2013. LNCS, vol. 7943, pp. 148–159. Springer, Heidelberg (2013), http://dx.doi.org/10.1007/978-3-642-38998-6_18
Bhuyan, M., Bhattacharyya, D., Kalita, J.: Network anomaly detection: Methods, systems and tools. IEEE Communications Surveys Tutorials PP(99), 1–34 (2013)
Callado, A.C., Kamienski, C.A., Szabo, G., Gero, B.P., Kelner, J., Fernandes, S.F.L., Sadok, D.F.H.: A survey on internet traffic identification. IEEE Communications Surveys and Tutorials 11(3), 37–52 (2009)
Caracas, A., Kind, A., Gantenbein, D., Fussenegger, S., Dechouniotis, D.: Mining semantic relations using NetFlow. In: 3rd IEEE/IFIP International Workshop on Business-driven IT Management, BDIM 2008, pp. 110–111 (2008)
Dewaele, G., Himura, Y., Borgnat, P., Fukuda, K., Abry, P., Michel, O., Fontugne, R., Cho, K., Esaki, H.: Unsupervised host behavior classification from connection patterns. Int. J. Netw. Manag. 20(5), 317–337 (2010), http://dx.doi.org/10.1002/nem.750
François, J., Moura, G.C.M., Pras, A.: Cleaning your house first: Shifting the paradigm on how to secure networks. In: Chrisment, I., Couch, A., Badonnel, R., Waldburger, M. (eds.) AIMS 2011. LNCS, vol. 6734, pp. 1–12. Springer, Heidelberg (2011), http://dl.acm.org/citation.cfm?id=2022216.2022218
Inacio, C.M., Trammell, B.: YAF: Yet Another Flowmeter. In: Proceedings of the 24th International Conference on Large Installation System Administration, LISA 2010, pp. 1–16. USENIX Association, Berkeley (2010), http://dl.acm.org/citation.cfm?id=1924976.1924987
INVEA-TECH: FlowMon Exporter – Community Program (2013), http://www.invea-tech.com (cited January 23, 2014)
Kim, H., Claffy, K., Fomenkov, M., Barman, D., Faloutsos, M., Lee, K.: Internet traffic classification demystified: Myths, caveats, and the best practices. In: Proceedings of the 2008 ACM CoNEXT Conference, CoNEXT 2008, pp. 11:1–11:12. ACM, New York (2008), http://doi.acm.org/10.1145/1544012.1544023
Kouřil, D., Rebok, T., Jirsík, T., Čegan, J., Drašar, M., Vizváry, M., Vykopal, J.: Cloud-based Testbed for Simulation of Cyber Attacks. In: Proceedings of the 2014 IEEE Network Operations and Management Symposium, NOMS 20124 (to appear, 2014)
Krmicek, V., Vykopal, J., Krejci, R.: Netflow based system for nat detection. In: Proceedings of the 5th International Student Workshop on Emerging Networking Experiments and Technologies, Co-Next Student Workshop 2009, pp. 23–24. ACM, New York (2009), http://doi.acm.org/10.1145/1658997.1659010
McHugh, J., McLeod, R., Nagaonkar, V.: Passive network forensics: Behavioural classification of network hosts based on connection patterns. SIGOPS Oper. Syst. Rev. 42(3), 99–111 (2008), http://doi.acm.org/10.1145/1368506.1368520
Melnikov, N., Schönwälder, J.: Cybermetrics: User identification through network flow analysis. In: Stiller, B., De Turck, F. (eds.) AIMS 2010. LNCS, vol. 6155, pp. 167–170. Springer, Heidelberg (2010), http://dx.doi.org/10.1007/978-3-642-13986-4_24
ntop: nProbe (2014), http://www.ntop.org/products/nprobe/ (cited January 23, 2014)
Ringberg, H., Roughan, M., Rexford, J.: The need for simulation in evaluating anomaly detectors. SIGCOMM Comput. Commun. Rev. 38(1), 55–59 (2008), http://doi.acm.org/10.1145/1341431.1341443
Stolfo, S., Fan, W., Lee, W., Prodromidis, A., Chan, P.: Cost-based modeling for fraud and intrusion detection: results from the jam project. In: Proceedings of the DARPA Information Survivability Conference and Exposition, DISCEX 2000, vol. 2, pp. 130–144 (2000)
Thomas, L.C., Crook, J., Edelman, D.: Credit Scoring and Its Applications. Society for Industrial and Applied Mathematics, Philadelphia (2002)
Velan, P., Jirsík, T., Čeleda, P.: Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement. In: Bauschert, T. (ed.) EUNICE 2013. LNCS, vol. 8115, pp. 136–147. Springer, Heidelberg (2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 International Federation for Information Processing
About this paper
Cite this paper
Jirsík, T., Čeleda, P. (2014). Enhancing Network Security: Host Trustworthiness Estimation. In: Sperotto, A., Doyen, G., Latré, S., Charalambides, M., Stiller, B. (eds) Monitoring and Securing Virtualized Networks and Services. AIMS 2014. Lecture Notes in Computer Science, vol 8508. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-43862-6_8
Download citation
DOI: https://doi.org/10.1007/978-3-662-43862-6_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-43861-9
Online ISBN: 978-3-662-43862-6
eBook Packages: Computer ScienceComputer Science (R0)