Discovering potential victims within enterprise network via link analysis method

Abstract

Potential cyber victim detection is an important research issue in the domain of network security. During an adjacent period of time, cyber victims or even potential cyber victims within an enterprise have several common patterns to the currently seized victims. Hence, this paper applies the link analysis method and proposes a hybrid method to automatically discover potential victims through their behavioral patterns hidden in the network log data. In the experiment, the proposed method has been applied to reveal potential victims from a big data (6,846,097 records of proxy logs in 1.7G and 84,693,445 records of firewall logs in 9.3G). Afterward, a ranking list of potential victims can consequently be generated for stakeholders to understand the safety condition within an enterprise. Moreover, the hierarchical connection graph of hosts can further assist managers or stakeholders to find out the potential victims more easily. As a result, the safety and prevention practice of the information security group in an enterprise would be upgraded to an active mode rather than passive mode.