What are the patterns that typical network attackers exhibit? For a given malicious network behaviors, are its attacks spread uniformly over time? In this work, we develop MalSpot multi-resolution and multi-linear (Multi2) network analysis system in order to discover such malicious patterns, so that we can use them later for attack detection, when attacks are concurrent with legitimate traffic. We designed and deployed MalSpot which employs multi-linear analysis with different time resolutions, running on top of MapReduce (Hadoop), and we identify patterns across attackers, attacked institutions and variation of time scales. We collect over a terabyte of proven malicious traces (along with benign ones), from the Taiwanese government security operation center (G-SOC) , during the entire year of 2012. We showcase the effectiveness of MalSpot by discovering interesting patterns and anomalies on this enormous dataset. We observed static and time-evolving patterns, that a vast majority of the known malicious behavior seem to follow. © 2014 Springer International Publishing.
CITATION STYLE
Mao, H. H., Wu, C. J., Papalexakis, E. E., Faloutsos, C., Lee, K. C., & Kao, T. C. (2014). MalSpot: Multi2 malicious network behavior patterns analysis. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8443 LNAI, pp. 1–14). Springer Verlag. https://doi.org/10.1007/978-3-319-06608-0_1
Mendeley helps you to discover research relevant for your work.