Toward Network Worm Victims Identification Based on Cascading Motif Discovery
Network worms spread widely over the global network within a short time, which are increasingly becoming one of the most potential threats to network security. However, the performance of traditional packet-oriented signature-based methods is questionable in the face of unknown worms, while anomaly-...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2019-02-01
|
| Series: | Electronics |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2079-9292/8/2/183 |
| _version_ | 1811186149073354752 |
|---|---|
| author | Hangyu Hu Mingda Wang Mingyu Ouyang Guangmin Hu |
| author_facet | Hangyu Hu Mingda Wang Mingyu Ouyang Guangmin Hu |
| author_sort | Hangyu Hu |
| collection | DOAJ |
| description | Network worms spread widely over the global network within a short time, which are increasingly becoming one of the most potential threats to network security. However, the performance of traditional packet-oriented signature-based methods is questionable in the face of unknown worms, while anomaly-based approaches often exhibit high false positive rates. It is a common scenario that the life cycle of network worms consists of the same four stages, in which the target discovery phase and the transferring phase have specific interactive patterns. To this end, we propose Network Flow Connectivity Graph (NFCG) for identifying network worm victims. We model the flow-level interactions as graph and then identify sets of frequently occurring motifs related to network worms through Cascading Motif Discovery algorithm. In particular, a cascading motif is jointly extracted from graph target discovery phase and transferring phase. If a cascading motif exists in a connected behavior graph of one host, the host would be identified as a suspicious worm victim; the excess amount of suspicious network worm victims is used to reveal the outbreak of network worms. The simulated experiments show that our proposed method is effective and efficient in network worm victims’ identification and helpful for improving network security. |
| first_indexed | 2024-04-11T13:40:41Z |
| format | Article |
| id | doaj.art-784d1f0605fd40d4acc9b61e5783cda8 |
| institution | Directory Open Access Journal |
| issn | 2079-9292 |
| language | English |
| last_indexed | 2024-04-11T13:40:41Z |
| publishDate | 2019-02-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Electronics |
| spelling | doaj.art-784d1f0605fd40d4acc9b61e5783cda82022-12-22T04:21:14ZengMDPI AGElectronics2079-92922019-02-018218310.3390/electronics8020183electronics8020183Toward Network Worm Victims Identification Based on Cascading Motif DiscoveryHangyu Hu0Mingda Wang1Mingyu Ouyang2Guangmin Hu3School of Information and Communication Engineering, University of Electronic Science and Technology of China, Chengdu 611731, ChinaSchool of Information and Communication Engineering, University of Electronic Science and Technology of China, Chengdu 611731, ChinaSchool of Information and Communication Engineering, University of Electronic Science and Technology of China, Chengdu 611731, ChinaSchool of Information and Communication Engineering, University of Electronic Science and Technology of China, Chengdu 611731, ChinaNetwork worms spread widely over the global network within a short time, which are increasingly becoming one of the most potential threats to network security. However, the performance of traditional packet-oriented signature-based methods is questionable in the face of unknown worms, while anomaly-based approaches often exhibit high false positive rates. It is a common scenario that the life cycle of network worms consists of the same four stages, in which the target discovery phase and the transferring phase have specific interactive patterns. To this end, we propose Network Flow Connectivity Graph (NFCG) for identifying network worm victims. We model the flow-level interactions as graph and then identify sets of frequently occurring motifs related to network worms through Cascading Motif Discovery algorithm. In particular, a cascading motif is jointly extracted from graph target discovery phase and transferring phase. If a cascading motif exists in a connected behavior graph of one host, the host would be identified as a suspicious worm victim; the excess amount of suspicious network worm victims is used to reveal the outbreak of network worms. The simulated experiments show that our proposed method is effective and efficient in network worm victims’ identification and helpful for improving network security.https://www.mdpi.com/2079-9292/8/2/183network wormsnetwork flow connectivity graphflow behavior analysismotif discoverynetwork security |
| spellingShingle | Hangyu Hu Mingda Wang Mingyu Ouyang Guangmin Hu Toward Network Worm Victims Identification Based on Cascading Motif Discovery Electronics network worms network flow connectivity graph flow behavior analysis motif discovery network security |
| title | Toward Network Worm Victims Identification Based on Cascading Motif Discovery |
| title_full | Toward Network Worm Victims Identification Based on Cascading Motif Discovery |
| title_fullStr | Toward Network Worm Victims Identification Based on Cascading Motif Discovery |
| title_full_unstemmed | Toward Network Worm Victims Identification Based on Cascading Motif Discovery |
| title_short | Toward Network Worm Victims Identification Based on Cascading Motif Discovery |
| title_sort | toward network worm victims identification based on cascading motif discovery |
| topic | network worms network flow connectivity graph flow behavior analysis motif discovery network security |
| url | https://www.mdpi.com/2079-9292/8/2/183 |
| work_keys_str_mv | AT hangyuhu towardnetworkwormvictimsidentificationbasedoncascadingmotifdiscovery AT mingdawang towardnetworkwormvictimsidentificationbasedoncascadingmotifdiscovery AT mingyuouyang towardnetworkwormvictimsidentificationbasedoncascadingmotifdiscovery AT guangminhu towardnetworkwormvictimsidentificationbasedoncascadingmotifdiscovery |