Wilkens et al., 2019 - Google Patents
Towards efficient reconstruction of attacker lateral movementWilkens et al., 2019
- Document ID
- 12978541703388756832
- Author
- Wilkens F
- Haas S
- Kaaser D
- Kling P
- Fischer M
- Publication year
- Publication venue
- Proceedings of the 14th International Conference on Availability, Reliability and Security
External Links
Snippet
Organization and government networks are a target of Advanced Persistent Threats (APTs), ie, stealthy attackers that infiltrate networks slowly and usually stay undetected for long periods of time. After an attack has been discovered, security administrators have to …
- 230000001010 compromised 0 abstract description 25
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
- H04L43/02—Arrangements for monitoring or testing packet switching networks involving a reduction of monitoring data
- H04L43/026—Arrangements for monitoring or testing packet switching networks involving a reduction of monitoring data using flow generation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/26—Monitoring arrangements; Testing arrangements
- H04L12/2602—Monitoring arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
- H04L43/06—Report generation
- H04L43/062—Report generation for traffic related reporting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
- H04L43/50—Testing arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
- H04L43/08—Monitoring based on specific metrics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
- H04L43/12—Arrangements for monitoring or testing packet switching networks using dedicated network monitoring probes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
- H04L43/10—Arrangements for monitoring or testing packet switching networks using active monitoring, e.g. heartbeat protocols, polling, ping, trace-route
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10721243B2 (en) | Apparatus, system and method for identifying and mitigating malicious network threats | |
| Wilkens et al. | Towards efficient reconstruction of attacker lateral movement | |
| US10917421B2 (en) | Refining synthetic malicious samples with unlabeled data | |
| Jeya et al. | Efficient classifier for R2L and U2R attacks | |
| Rahal et al. | A distributed architecture for DDoS prediction and bot detection | |
| US11706248B2 (en) | Aggregation and flow propagation of elements of cyber-risk in an enterprise | |
| US8239951B2 (en) | System, method and computer readable medium for evaluating a security characteristic | |
| Bohara et al. | Intrusion detection in enterprise systems by combining and clustering diverse monitor data | |
| AlKadi et al. | Mixture localization-based outliers models for securing data migration in cloud centers | |
| Carter et al. | Probabilistic threat propagation for network security | |
| Hu et al. | Security metric methods for network multistep attacks using AMC and big data correlation analysis | |
| Aiello et al. | Profiling DNS tunneling attacks with PCA and mutual information | |
| Fei et al. | The abnormal detection for network traffic of power iot based on device portrait | |
| Ibor et al. | A survey of cyber security approaches for attack detection prediction and prevention | |
| US11632393B2 (en) | Detecting and mitigating malware by evaluating HTTP errors | |
| Cambiaso et al. | Detection and classification of slow DoS attacks targeting network servers | |
| Diaz-Honrubia et al. | A trusted platform module-based, pre-emptive and dynamic asset discovery tool | |
| Rezvani et al. | Provenance-aware security risk analysis for hosts and network flows | |
| Zurutuza et al. | A data mining approach for analysis of worm activity through automatic signature generation | |
| EP4105800B1 (en) | Method for detection of lateral movement of malware | |
| Sambangi et al. | Multiple linear regression prediction model for DDOS attack detection in cloud ELB | |
| CN107251519B (en) | Systems, methods, and media for detecting attacks of fake information on a communication network | |
| Prakash et al. | An Integrated Approach to Network Intrusion Detection and Prevention | |
| Selvaraj et al. | An effective ODAIDS-HPs approach for preventing, detecting and responding to DDoS attacks | |
| Ulltveit-Moe et al. | Measuring privacy leakage for IDS rules |