A Human-Centred Model for Network Flow Analysis

Computer networks are ubiquitous and growing exponentially, with a predicted 50 billion devices connected by 2050. This tremendous growth dramatically increases the attack surface of both private and public networks. These attacks often influence the behaviour of the system, leading to the detection of the attack. In this manuscript we model the path of an attack through the network by graphs. The model developed aims to better integer attackers intentions. Using the data produced by 5 honeypots, we apply our model. The preliminary results show that the approach is useful to rapidly detect anomalies in the experiment dataset.

[1]  Marc Dacier,et al.  On a multicriteria clustering approach for attack attribution , 2010, SKDD.

[2]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[3]  G. Padmavathi,et al.  A Survey on Various Cyber Attacks and their Classification , 2013, Int. J. Netw. Secur..

[4]  Christophe Claramunt,et al.  Topological Analysis of Urban Street Networks , 2004 .

[5]  Roberto Tamassia,et al.  Graph Drawing for Security Visualization , 2009, GD.

[6]  Paul Barford,et al.  Bigfoot: A geo-based visualization methodology for detecting BGP threats , 2016, 2016 IEEE Symposium on Visualization for Cyber Security (VizSec).

[7]  Van-Hau Pham,et al.  The WOMBAT Attack Attribution Method: Some Results , 2009, ICISS.

[8]  Neal Leavitt,et al.  Anonymization Technology Takes a High Profile , 2009, Computer.

[9]  Marcin Szpyrka,et al.  Detection and Modeling of Cyber Attacks with Petri Nets , 2014, Entropy.

[10]  Iyatiti Mokube,et al.  Honeypots: concepts, approaches, and challenges , 2007, ACM-SE 45.

[11]  Eric Alata,et al.  Observation, caractérisation et modélisation de processus d'attaques sur Internet , 2007 .

[12]  Ferjan Ormeling,et al.  Mapping Cyberspace: Visualizing, Analysing and Exploring Virtual Worlds , 2000 .

[13]  Oliver Niggemann,et al.  Supporting Intrusion Detection by Graph Clustering and Graph Drawing , 2000 .

[14]  Lawrence E. Cohen,et al.  Social Change and Crime Rate Trends: A Routine Activity Approach , 1979 .

[15]  W. Timothy Strayer,et al.  Botnet Detection Based on Network Behavior , 2008, Botnet Detection.

[16]  James F. Allen Towards a General Theory of Action and Time , 1984, Artif. Intell..

[17]  Michael D. Reisig,et al.  Routine Online Activity and Internet Fraud Targeting: Extending the Generality of Routine Activity Theory , 2010 .

[18]  David J. Parish,et al.  Network visualisation: a review , 2007, IET Commun..

[19]  Thomas M. Chen,et al.  Petri Net Modeling of Cyber-Physical Attacks on Smart Grid , 2011, IEEE Transactions on Smart Grid.

[20]  Leandros A. Maglaras,et al.  Attribution of Cyber Attacks on Industrial Control Systems , 2016, EAI Endorsed Trans. Ind. Networks Intell. Syst..

[21]  Clement Guitton,et al.  Criminals and Cyber Attacks: The Missing Link between Attribution and Deterrence , 2012 .

[22]  Christopher J. Schreck Routine Activity Theory , 2017 .

[23]  Ludovic Piètre-Cambacédès,et al.  Beyond Attack Trees: Dynamic Security Modeling with Boolean Logic Driven Markov Processes (BDMP) , 2010, 2010 European Dependable Computing Conference.

[24]  John R. Goodall,et al.  Introduction to Visualization for Computer Security , 2007, VizSEC.

[25]  Tim Watson,et al.  A taxonomy of technical attribution techniques for cyber attacks , 2012 .

[26]  L. Spitzner,et al.  Honeypots: Tracking Hackers , 2002 .

[27]  David Brosset,et al.  Functional and Structural Analysis of an Urban Space Extended from Space Syntax , 2014 .

[28]  Yifan Li,et al.  VisFlowConnect: netflow visualizations of link relationships for security situational awareness , 2004, VizSEC/DMSEC '04.

[29]  Sherali Zeadally,et al.  Attribution in cyberspace: techniques and legal implications , 2016, Secur. Commun. Networks.

[30]  William Yurcik,et al.  NVisionIP: netflow visualizations of system state for security situational awareness , 2004, VizSEC/DMSEC '04.

[31]  Dong Seong Kim,et al.  Cyber security analysis using attack countermeasure trees , 2010, CSIIRW '10.