Seo et al., 2018 - Google Patents
Abnormal behavior detection to identify infected systems using the APChain algorithm and behavioral profilingSeo et al., 2018
View PDF- Document ID
- 18060965117361734566
- Author
- Seo J
- Lee S
- Publication year
- Publication venue
- Security and Communication Networks
External Links
Snippet
Recent cyber‐attacks have used unknown malicious code or advanced attack techniques, such as zero‐day attacks, making them extremely difficult to detect using traditional intrusion detection systems. Botnet attacks, for example, are a very sophisticated type of cyber …
- 238000001514 detection method 0 title abstract description 123
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/316—User authentication by observing the pattern of computer usage, e.g. typical user behaviour
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Ghafir et al. | Botdet: A system for real time botnet command and control traffic detection | |
US10887330B2 (en) | Data surveillance for privileged assets based on threat streams | |
Ho et al. | Statistical analysis of false positives and false negatives from real traffic with intrusion detection/prevention systems | |
Zeidanloo et al. | A taxonomy of botnet detection techniques | |
WO2014129587A1 (en) | Network monitoring device, network monitoring method, and network monitoring program | |
Damghani et al. | Classification of attacks on IoT | |
Hoque et al. | FFSc: a novel measure for low‐rate and high‐rate DDoS attack detection using multivariate data analysis | |
Kshirsagar et al. | CPU load analysis & minimization for TCP SYN flood detection | |
Xue et al. | Design and implementation of a malware detection system based on network behavior | |
Shafee | Botnets and their detection techniques | |
Lu et al. | Integrating traffics with network device logs for anomaly detection | |
Seo et al. | Abnormal behavior detection to identify infected systems using the APChain algorithm and behavioral profiling | |
Nayak et al. | Depth analysis on DoS & DDoS attacks | |
Tyagi et al. | A novel HTTP botnet traffic detection method | |
Obeidat et al. | Smart approach for botnet detection based on network traffic analysis | |
Choi et al. | A model of analyzing cyber threats trend and tracing potential attackers based on darknet traffic | |
Hsu et al. | Detecting Web‐Based Botnets Using Bot Communication Traffic Features | |
Abaid et al. | Early detection of in-the-wild botnet attacks by exploiting network communication uniformity: An empirical study | |
Mohammed | Network-based detection and prevention system against DNS-based attacks | |
Panimalar et al. | A review on taxonomy of botnet detection | |
Anbar et al. | Investigating study on network scanning techniques | |
Kumavat et al. | Survey of Detection Techniques for DDoS Attacks | |
Baazeem | Cybersecurity: BotNet Threat Detection Across the Seven-Layer ISO-OSI Model Using Machine Learning Techniques | |
Stetsenko et al. | Signature-based intrusion detection hardware-software complex | |
Stiawan et al. | Classification of habitual activities in behavior-based network detection |