BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:(Anti)social Behavior in Malicious Internet Source IPs: Characteri
 sation and Detection - Kolaczyk\, E (Boston)
DTSTART:20100625T150000Z
DTEND:20100625T154500Z
UID:TALK25334@talks.cam.ac.uk
CONTACT:Mustapha Amrani
DESCRIPTION:We consider the problem of monitoring Internet traffic at the 
 IP address level\, for the purpose of\nidentifying malicious source IPs. T
 his problem is highly challenging\, due to such diverse factors as\ndata v
 olume\, limited measurement vantage\, sampling effects\, and user privacy 
 concerns. Moreover\,\nefforts typically are made for traffic from the very
  IP addresses we seek to detect to blend in with\nthe rest of (normal) tra
 ffic. In this talk\, we present work characterising the traffic behavior o
 f IP\nsource addresses from a social network perspective and exploiting ou
 r characterizations to build\nsimple but effective detection tools. Specif
 ically\, we analyze network flow data\, collected on a major\nInternet bac
 kbone network\, in combination with log records from Internet security pro
 grams\, using\nboth local and global network representations and network a
 nalysis tools. Our findings are twofold.\nFirst\, we show that malicious s
 ource nodes in IP traffic are distinctive in their communication\nbehavior
 \, in that they interact with other nodes without substantively participat
 ing in the\nnatural communities within which the latter exist. Second\, we
  demonstrate that\, with appropriate\nsocial network analysis tools\, this
  behavior can be exploited in developing detection algorithms.\nThis is jo
 int work with Qi Ding\, Natallia Katenka\, Paul Barford\, and Mark Crovell
 a.
LOCATION:Seminar Room 1\, Newton Institute
END:VEVENT
END:VCALENDAR