Probabilistic Threat Propagation for Network Security
| Title | Probabilistic Threat Propagation for Network Security |
| Publication Type | Journal Article |
| Year of Publication | 2014 |
| Authors | Carter, K.M., Idika, N., Streilein, W.W. |
| Journal | Information Forensics and Security, IEEE Transactions on |
| Volume | 9 |
| Pagination | 1394-1405 |
| Date Published | Sept |
| ISSN | 1556-6013 |
| Keywords | Blacklist, Botnet, Botnets detection, Communication networks, Communities, community detection, computer network security, cyclic propagation, digital forensics, external Internet, forensic analysis, graph algorithms, graph analytics world, graph theory, graphical modeling work, infected nodes, Internet, malicious nodes, malicious Web destinations, monitored networks, network hosts, Network security, network security analysis, Peer-to-peer computing, Probabilistic logic, probabilistic threat propagation, probability, security, threat probabilities, Upper bound |
| Abstract | Techniques for network security analysis have historically focused on the actions of the network hosts. Outside of forensic analysis, little has been done to detect or predict malicious or infected nodes strictly based on their association with other known malicious nodes. This methodology is highly prevalent in the graph analytics world, however, and is referred to as community detection. In this paper, we present a method for detecting malicious and infected nodes on both monitored networks and the external Internet. We leverage prior community detection and graphical modeling work by propagating threat probabilities across network nodes, given an initial set of known malicious nodes. We enhance prior work by employing constraints that remove the adverse effect of cyclic propagation that is a byproduct of current methods. We demonstrate the effectiveness of probabilistic threat propagation on the tasks of detecting botnets and malicious web destinations. |
| URL | https://ieeexplore.ieee.org/document/6847231 |
| DOI | 10.1109/TIFS.2014.2334272 |
| Citation Key | 6847231 |
- infected nodes
- Upper bound
- threat probabilities
- security
- probability
- probabilistic threat propagation
- Probabilistic logic
- Peer-to-peer computing
- network security analysis
- network security
- network hosts
- monitored networks
- malicious Web destinations
- malicious nodes
- internet
- Blacklist
- graphical modeling work
- graph theory
- graph analytics world
- graph algorithms
- forensic analysis
- external Internet
- Digital Forensics
- cyclic propagation
- computer network security
- community detection
- Communities
- Communication networks
- Botnets detection
- botnet