网络监控的更好的架构和新的安全应用

2009 29th IEEE International Conference on Distributed Computing Systems Pub Date : 2009-06-22 DOI:10.1109/ICDCS.2009.85

M. Reiter

{"title":"网络监控的更好的架构和新的安全应用","authors":"M. Reiter","doi":"10.1109/ICDCS.2009.85","DOIUrl":null,"url":null,"abstract":"Busy networks today cannot afford to log all traffic traversing them, and consequently many network-monitoring applications make due with coarse traffic summaries. In this talk we will describe an approach we have developed to improve the fidelity of these traffic summaries, by coordinating the monitoring performed by the network's routers so as to achieve network-wide monitoring goals while respecting each router's processing constraints. We will also describe our use of traffic summaries to detect a variety of stealthy network abuses—e.g., file-sharing traffic masquerading on other application ports, \"hit-list\" scans and malware propagation, data exfiltration by spyware, and botnet command-and-control traffic—and even to identify the origin of epidemic malware spreads.","PeriodicalId":387968,"journal":{"name":"2009 29th IEEE International Conference on Distributed Computing Systems","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2009-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Better Architectures and New Security Applications for Network Monitoring\",\"authors\":\"M. Reiter\",\"doi\":\"10.1109/ICDCS.2009.85\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Busy networks today cannot afford to log all traffic traversing them, and consequently many network-monitoring applications make due with coarse traffic summaries. In this talk we will describe an approach we have developed to improve the fidelity of these traffic summaries, by coordinating the monitoring performed by the network's routers so as to achieve network-wide monitoring goals while respecting each router's processing constraints. We will also describe our use of traffic summaries to detect a variety of stealthy network abuses—e.g., file-sharing traffic masquerading on other application ports, \\\"hit-list\\\" scans and malware propagation, data exfiltration by spyware, and botnet command-and-control traffic—and even to identify the origin of epidemic malware spreads.\",\"PeriodicalId\":387968,\"journal\":{\"name\":\"2009 29th IEEE International Conference on Distributed Computing Systems\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-06-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 29th IEEE International Conference on Distributed Computing Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICDCS.2009.85\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 29th IEEE International Conference on Distributed Computing Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICDCS.2009.85","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

当今繁忙的网络无法记录所有流经它们的流量，因此许多网络监控应用程序只能使用粗略的流量摘要。在这次演讲中，我们将描述我们开发的一种方法，通过协调网络路由器执行的监控来提高这些流量摘要的保真度，从而在尊重每个路由器的处理约束的同时实现全网范围的监控目标。我们还将描述我们使用流量摘要来检测各种隐蔽的网络滥用-例如。例如，伪装在其他应用程序端口上的文件共享流量，“命中列表”扫描和恶意软件传播，间谍软件的数据泄露以及僵尸网络命令和控制流量，甚至可以识别流行恶意软件传播的来源。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Better Architectures and New Security Applications for Network Monitoring

Busy networks today cannot afford to log all traffic traversing them, and consequently many network-monitoring applications make due with coarse traffic summaries. In this talk we will describe an approach we have developed to improve the fidelity of these traffic summaries, by coordinating the monitoring performed by the network's routers so as to achieve network-wide monitoring goals while respecting each router's processing constraints. We will also describe our use of traffic summaries to detect a variety of stealthy network abuses—e.g., file-sharing traffic masquerading on other application ports, "hit-list" scans and malware propagation, data exfiltration by spyware, and botnet command-and-control traffic—and even to identify the origin of epidemic malware spreads.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2009 29th IEEE International Conference on Distributed Computing Systems

自引率

0.00%

发文量

期刊最新文献

Sampling Based (epsilon, delta)-Approximate Aggregation Algorithm in Sensor Networks TBD: Trajectory-Based Data Forwarding for Light-Traffic Vehicular Networks PADD: Power Aware Domain Distribution Rethinking Multicast for Massive-Scale Platforms ISP Friend or Foe? Making P2P Live Streaming ISP-Aware