Biblio

with the development of SDN, ICN and 5G networks, the research of future network becomes a hot topic. Based on the design idea of SDN network, this paper analyzes the propagation model and detection method of malicious code in future network. We select characteristics of SDN and analyze the features use different feature selection methods and sort the features. After comparison the influence of running time by different classification algorithm of different feature selection, we analyze the choice of reduction dimension m, and find out the different types of malicious code corresponding to the optimal feature subset and matching classification method, designed for malware detection system. We analyze the node migration rate of malware in mobile network and its effect on the outbreak of the time. In this way, it can provide reference for the management strategy of the switch node or the host node by future network controller.

Advanced Persistent Threat (APT) attacks, which have become prevalent in recent years, are classified into four phases. These are initial compromise phase, attacking infrastructure building phase, penetration and exploration phase, and mission execution phase. The malware on infected terminals attempts various communications on and after the attacking infrastructure building phase. In this research, using OpenFlow technology for virtual networks, we developed a system of identifying infected terminals by detecting communication events of malware communications in APT attacks. In addition, we prevent information fraud by using OpenFlow, which works as real-time path control. To evaluate our system, we executed malware infection experiments with a simulation tool for APT attacks and malware samples. In these experiments, an existing network using only entry control measures was prepared. As a result, we confirm the developed system is effective.

What you see is not definitely believable is not a rare case in the cyber security monitoring. However, due to various tricks of camouflages, such as packing or virutal private network (VPN), detecting "advanced persistent threat"(APT) by only signature based malware detection system becomes more and more intractable. On the other hand, by carefully modeling users' subsequent behaviors of daily routines, probability for one account to generate certain operations can be estimated and used in anomaly detection. To the best of our knowledge so far, a novel behavioral analytic framework, which is dedicated to analyze Active Directory domain service logs and to monitor potential inside threat, is now first proposed in this project. Experiments on real dataset not only show that the proposed idea indeed explores a new feasible direction for cyber security monitoring, but also gives a guideline on how to deploy this framework to various environments.