Result Details

ASNM: Advanced Security Network Metrics for Attack Vector Description

HOMOLIAK, I.; BARABAS, M.; CHMELAŘ, P.; DROZD, M.; HANÁČEK, P. ASNM: Advanced Security Network Metrics for Attack Vector Description. Proceedings of the 2013 International Conference on Security & Management. Las Vegas: Computer Science Research, Education, and Applications Press, 2013. p. 350-358. ISBN: 1-60132-259-3.
Type
conference paper
Language
English
Authors
Homoliak Ivan, doc. Ing., Ph.D., DIFS (FIT), DITS (FIT)
Barabas Maroš, Ing., Ph.D., DITS (FIT)
Chmelař Petr, Ing., DIFS (FIT)
Drozd Michal, Ing., DIFS (FIT)
Hanáček Petr, doc. Dr. Ing., DITS (FIT)
Abstract

The main goal of this paper was to present formal description of metrics extraction process with respect to a communication context. Then there was defined the set of metrics included in the final behavioral signature. Second part of the paper describes experiments performed with the state-of-the-art set of network metrics designed by A. Moore, which were compared to our proposed experimental set.

Keywords
behavioral signature, detection, IDS, network metrics, security
Annotation

There is considerable interest in developing novel detection methods based on new metrics for description of network flow to identify connection characteristics, for instance to permit early identification of emerging security incidents, rapid detection of infections within internal networks, or instantaneous prevention of forming attacks. In this paper we propose a method for extraction data from network flow and contextual separation of partial connections using set of network metrics that create a signature defining the connection behavior. We begin with definition of input dataset of captured communication and the process of extraction metrics from separated connections. Then we define the set of metrics included in the final behavioral signature. Second part of the article describes experiments performed with the state-of-the-art set of network metrics with comparison to our proposed experimental set. The paper is concluded with the experiment results.

Published
2013
Pages
350–358
Proceedings
Proceedings of the 2013 International Conference on Security & Management
Conference
The 2013 International Conference on Security and Management
ISBN
1-60132-259-3
Publisher
Computer Science Research, Education, and Applications Press
Place
Las Vegas
BibTeX 
@inproceedings{BUT103452,
  author="Ivan {Homoliak} and Maroš {Barabas} and Petr {Chmelař} and Michal {Drozd} and Petr {Hanáček}",
  title="ASNM: Advanced Security Network Metrics for Attack Vector Description",
  booktitle="Proceedings of the 2013 International Conference on Security & Management",
  year="2013",
  pages="350--358",
  publisher="Computer Science Research, Education, and Applications Press",
  address="Las Vegas",
  isbn="1-60132-259-3",
  url="https://www.fit.vut.cz/research/publication/10248/"
}
Files
Projects
Advanced secured, reliable and adaptive IT, BUT, Vnitřní projekty VUT, FIT-S-11-1, start: 2011-01-01, end: 2013-12-31, completed
Automated attack processing, MPO, TIP, FR-TI1/037, start: 2009-10-01, end: 2013-09-30, completed
Centrum excelence IT4Innovations, MŠMT, Operační program Výzkum a vývoj pro inovace, ED1.1.00/02.0070, start: 2011-01-01, end: 2015-12-31, completed
Security-Oriented Research in Information Technology, MŠMT, Institucionální prostředky SR ČR (např. VZ, VC), MSM0021630528, start: 2007-01-01, end: 2013-12-31, running
Research groups
IT Security Research Group (RG Security@FIT)
Departments
Department of Intelligent Systems (DITS)
Back to top