[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/3064814.3064828acmotherconferencesArticle/Chapter ViewAbstractPublication PagescisrcConference Proceedingsconference-collections
short-paper
Public Access

Situational awareness of network system roles (SANSR)

Published: 04 April 2017 Publication History

Abstract

In a large enterprise it is difficult for cyber security analysts to know what services and roles every machine on the network is performing (e.g., file server, domain name server, email server). Using network flow data, already collected by most enterprises, we developed a proof-of-concept tool that discovers the roles of a system using both clustering and categorization techniques. The tool's role information would allow cyber analysts to detect consequential changes in the network, initiate incident response plans, and optimize their security posture. The results of this proof-of-concept tool proved to be quite accurate on three real data sets. We will present the algorithms used in the tool, describe the results of preliminary testing, provide visualizations of the results, and discuss areas for future work. Without this kind of situational awareness, cyber analysts cannot quickly diagnose an attack or prioritize remedial actions.

References

[1]
Bingdong Li, Mehmet Hadi Gunes, George Bebis, and Jeff Springer. A supervised machine learning approach to classify host roles on line using sflow. In Proceedings of the First Edition Workshop on High Performance and Programmable Networking, pages 53--60, New York, NY, USA, 2013. ACM.
[2]
Guillaume Dewaele, Yosuke Himura, Pierre Borgnat, Kensuke Fukuda, Patrice Abry, Olivier Michel, Romain Fontugne, Kenjiro Cho, and Hiroshi Esaki. Unsupervised host behavior classification from connection patterns. Int. J. Netw. Manag., 20(5):317--337, September 2010.
[3]
Thomas Karagiannis, Konstantina Papagiannaki, and Michalis Faloutsos. Blinc: Multilevel traffic classification in the dark. In Proceedings of the 2005 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pages 229--240, New York, NY, USA, 2005. ACM.
[4]
Gordon Fyodor Lyon. Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Insecure, USA, 2009.
[5]
J.H. Ward. Hierarchical grouping to optimize an objective function. Journal of the American Statistical Association, 58(301):236--244, March 1963.
[6]
Ehrlich Robert Bezdek, James C. and William Full. Fcm: The fuzzy c-means clustering algorithm. Computers and Geosciences, 10(2--3):191--203, 1984.

Cited By

View all
  • (2022)A Survey on Cyber Situation-awareness Systems: Framework, Techniques, and InsightsACM Computing Surveys10.1145/353080955:5(1-37)Online publication date: 3-Dec-2022
  • (2017)Setting the threshold for high throughput detectors: A mathematical approach for ensembles of dynamic, heterogeneous, probabilistic anomaly detectors2017 IEEE International Conference on Big Data (Big Data)10.1109/BigData.2017.8258031(1071-1078)Online publication date: Dec-2017

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences
CISRC '17: Proceedings of the 12th Annual Conference on Cyber and Information Security Research
April 2017
106 pages
ISBN:9781450348553
DOI:10.1145/3064814
Publication rights licensed to ACM. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of the United States government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 April 2017

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. cyber security
  2. network behavior
  3. network monitoring
  4. situational awareness
  5. unsupervised learning

Qualifiers

  • Short-paper

Funding Sources

Conference

CISRC'17

Acceptance Rates

CISRC '17 Paper Acceptance Rate 8 of 22 submissions, 36%;
Overall Acceptance Rate 69 of 136 submissions, 51%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)46
  • Downloads (Last 6 weeks)6
Reflects downloads up to 19 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2022)A Survey on Cyber Situation-awareness Systems: Framework, Techniques, and InsightsACM Computing Surveys10.1145/353080955:5(1-37)Online publication date: 3-Dec-2022
  • (2017)Setting the threshold for high throughput detectors: A mathematical approach for ensembles of dynamic, heterogeneous, probabilistic anomaly detectors2017 IEEE International Conference on Big Data (Big Data)10.1109/BigData.2017.8258031(1071-1078)Online publication date: Dec-2017

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media