short-paper

Public Access

Network Modeling for Security Analytics

Authors:

Whitney Caruthers,

Dalton Stewart,

Peter Hawrylak,

John HaleAuthors Info & Claims

CISRC '16: Proceedings of the 11th Annual Cyber and Information Security Research Conference

Article No.: 22, Pages 1 - 4

https://doi.org/10.1145/2897795.2897817

Published: 05 April 2016 Publication History

Abstract

Comprehensive network modeling remains a challenge for the security analyst. Complete coverage and depth of detail in network models is difficult to achieve for large and complex networks, especially when significant effort in manual elaboration is required. This paper describes an automated approach to network model acquisition using coordinated bump-in-the-wire devices. The system described here relieves a substantial burden from the modeler while offering improved visibility over competing solutions.

References

[1]

Raspberry pi. https://www.adafruit.com/raspberrypi.

[2]

G. Bartlett, J. Heidemann, and C. Papadopoulos. Understanding passive and active service discovery. In Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, pages 57--70. ACM, 2007.

Digital Library

[3]

G. Combs et al. Wireshark-network protocol analyzer. Version 0.99, 5, 2008.

[4]

T. Corcoran. An introduction to Nmap. Technical report, 2001.

[5]

J. Dawkins and J. Hale. A systematic approach to multi-stage network attack analysis. In Information Assurance Workshop, 2004. Proceedings. Second IEEE International, pages 48--56. IEEE, 2004.

Digital Library

[6]

D. E. Denning. An intrusion-detection model. Software Engineering, IEEE Transactions on, (2):222--232, 1987.

Digital Library

[7]

L. P. Gaspary, R. N. Sanchez, D. W. Antunes, and E. Meneghetti. A SNMP-based platform for distributed stateful intrusion detection in enterprise networks. Selected Areas in Communications, IEEE Journal on, 23(10):1973--1982, 2005.

Digital Library

[8]

G. Louthan, C. McMillan, C. Johnson, and J. Hale. Toward robust and extensible automatic protocol identification. In International Conference on Internet Computing, pages 104--108, 2009.

[9]

G. W. Manes, D. Schulte, S. Guenther, and S. Shenoi. Netglean: A methodology for distributed network security scanning. Journal of Network and Systems Management, 13(3):329--344.

[10]

D. Montigny-Leboeuf, F. Massicotte, et al. Passive network discovery for real time situation awareness. Technical report, DTIC Document, 2004.

[11]

A. W. Moore and K. Papagiannaki. Toward the accurate identification of network applications. In Proceedings of the 6th International Conference on Passive and Active Network Measurement, PAM'05, pages 41--54, Berlin, Heidelberg, 2005. Springer-Verlag.

Digital Library

[12]

A. Ornaghi and M. Valleri. Ettercap, 2005.

[13]

C. Phillips and L. P. Swiler. A graph-based system for network-vulnerability analysis. In Proceedings of the 1998 Workshop on New Security Paradigms, NSPW '98, pages 71--79, New York, NY, USA, 1998. ACM.

Digital Library

[14]

R. W. Ritchey and P. Ammann. Using model checking to analyze network vulnerabilities. In Security and Privacy, 2000. S&P 2000. Proceedings. 2000 IEEE Symposium on, pages 156--165. IEEE, 2000.

Digital Library

[15]

W. Stallings. SNMP, SNMPv2, SNMPv3, and RMON 1 and 2. Addison-Wesley Longman, 1998.

Digital Library

[16]

Y. Thomas, H. Debar, and B. Morin. Improving security management through passive network observation. In Proceedings of Availability, Reliability and Security, 2006, pages 382--389. IEEE, 2006.

Digital Library

[17]

X. Zhang, C. Li, and W. Zheng. Intrusion prevention system design. In Proceedings. The Fourth International Conference on Computer and Information Technology, pages 386--390. IEEE, 2004.

Digital Library

Cited By

Hawrylak PLouthan GHale JPapa MFurlani T(2019)Practical Cyber-Security Solutions for the Science DMZPractice and Experience in Advanced Research Computing 2019: Rise of the Machines (learning)10.1145/3332186.3332213(1-6)Online publication date: 28-Jul-2019
https://dl.acm.org/doi/10.1145/3332186.3332213

Network Modeling for Security Analytics
1. Networks
  1. Network services

Recommendations

Priority rank model for social network generation
ASONAM '16: Proceedings of the 2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining

Currently available artificial network generation models are characterized by consistency and low variance due to the rigidity of models' underlying assumptions. Networks generated from these models are usually too regular and do not contain noise and ...
Dynamic Network Analytics: Tutorial Outline
MobiCom '18: Proceedings of the 24th Annual International Conference on Mobile Computing and Networking

Network analytics are widely used in many fields. Increasingly though, the networks of interest are high dimensional. Rather than just focusing on the traditional who is interaction with whom networks, modern network analysis examines the who, what, ...
The Barabási and Albert scale-free network model
Special Section: Recent Advances in Machine Learning and Soft Computing

Former complex network models focused on preferential attachment to get scale-free feature, lacking random connection mechanism that inevitably exists in real-life network. In this paper, we deeply study one new complex network model, named the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

CISRC '16: Proceedings of the 11th Annual Cyber and Information Security Research Conference

April 2016

150 pages

ISBN:9781450337526

DOI:10.1145/2897795

General Chairs:
Joseph P. Trien
Oak Ridge National Laboratory
,
Stacy J. Prowell
Oak Ridge National Laboratory
,
John R. Goodall
Oak Ridge National Laboratory
,
Program Chair:
Robert A. Bridges
Oak Ridge National Laboratory

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

Oak Ridge National Laboratory

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 April 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper
Research
Refereed limited

Funding Sources

National Science Foundation

Conference

CISRC '16

CISRC '16: 11th Annual Cyber and Information Security Research

April 5 - 7, 2016

TN, Oak Ridge, USA

Acceptance Rates

CISRC '16 Paper Acceptance Rate 11 of 28 submissions, 39%;

Overall Acceptance Rate 69 of 136 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
459
Total Downloads

Downloads (Last 12 months)50
Downloads (Last 6 weeks)6

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Hawrylak PLouthan GHale JPapa MFurlani T(2019)Practical Cyber-Security Solutions for the Science DMZPractice and Experience in Advanced Research Computing 2019: Rise of the Machines (learning)10.1145/3332186.3332213(1-6)Online publication date: 28-Jul-2019
https://dl.acm.org/doi/10.1145/3332186.3332213

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents