Detection of collaborative cyber-attacks through correlation and time dependency analysis
Date
2016ISBN
978-1-5090-0057-9Publisher
Institute of Electrical and Electronics Engineers Inc.Source
Proceedings of the 18th Mediterranean Electrotechnical Conference: Intelligent and Efficient Technologies and Services for the Citizen, MELECON 2016Proceedings of the 18th Mediterranean Electrotechnical Conference: Intelligent and Efficient Technologies and Services for the Citizen, MELECON 2016
Google Scholar check
Keyword(s):
Metadata
Show full item recordAbstract
In this paper, we consider the detection of suspiciously high correlation between malicious Internet users that are collaborating in order to cause a Denial of Service (DoS) Attack. The main goal is to recognise cyber incidents (more specifically, collaboration/dependency between different users) in order to ultimately isolate their behavior and avoid the consequenses of the DoS attack. The method relies on the analysis of the data traffic across the concerned network (with both incoming and outgoing traffic) in an effort to identify correlations between different users. The paper models normal and malicious behaviour via hidden Markov models, and analyses the performance of the method using both mathematical reasoning and simulations. © 2016 IEEE.