Data-Driven Network-Centric Threat Assessment

Data-Driven Network-Centric Threat Assessment

Bibliographic Details
Main Author: Kim, Dae Wook
Language:English
Published: Wright State University / OhioLINK 2017
Subjects:
Computer Science
network security
fake anti-virus software
intrusion detection
web document analysis
statistical classification
Domain Name System
behavioral fingerprints
privacy
online social networks
virtual currency
malicious accounts
Online Access:http://rave.ohiolink.edu/etdc/view?acc_num=wright1495191891086814
id ndltd-OhioLink-oai-etd.ohiolink.edu-wright1495191891086814
record_format oai_dc
spelling ndltd-OhioLink-oai-etd.ohiolink.edu-wright14951918910868142021-08-03T07:02:32Z Data-Driven Network-Centric Threat Assessment Kim, Dae Wook Computer Science network security fake anti-virus software intrusion detection web document analysis statistical classification Domain Name System behavioral fingerprints privacy online social networks virtual currency malicious accounts As the Internet has grown increasingly popular as a communication and information sharing platform, it has given rise to two major types of Internet security threats related to two primary entities: end-users and network services. First, information leakages from networks can reveal sensitive information about end-users. Second, end-users systems can be compromised through attacks on network services, such as scanning-and-exploit attacks, spamming, drive-by downloads, and fake anti-virus software. Designing threat assessments to detect these threats is, therefore, of great importance, and a number of the detection systems have been proposed. However, these existing threat assessment systems face significant challenges in terms of i) behavioral diversity, ii) data heterogeneity, and iii) large data volume.To address the challenges of the two major threat types, this dissertation offers three unique contributions. First, we built a new system to identify network users via Domain Name System (DNS) traffic, which is one of the most important behavior-based tracking methods for addressing privacy threats. The goal of our system is to boost the effectiveness of existing user identification systems by designing effective fingerprint patterns based on semantically limited DNS queries that are missed by existing tracking efforts. Second, we built a novel system to detect fake anti-virus (AV) attacks, which represent an active trend in the distribution of Internet-based malware. Our system aims to boost the effectiveness of existing fake AV attack detection by detecting fake AV attacks in three challenging scenarios: i) fake AV webpages that require user interaction to install malware, instead of using malicious content to run automatic exploitation without users consent (e.g., shellcode); ii) fake AV webpages designed to impersonate real webpages using a few representative elements, such as the names and icons of anti-virus products from authentic anti-virus webpages; and iii) fake AV webpages that offer up-to-date solutions (e.g.,product versions and threat names) to emerging threats.Finally, we built a novel system to detect malicious online social network (OSN) accounts that participate in online promotion events. The goal of our work is to boost the effectiveness of existing detection methods, such as spammer detection and fraud detection. To achieve our goal, our framework that systematically integrates features that characterize malicious OSN accounts based on three of their characteristics: their general behaviors, their recharging patterns, and their currency usage, and then leverages statistical classifier for detection. 2017-05-19 English text Wright State University / OhioLINK http://rave.ohiolink.edu/etdc/view?acc_num=wright1495191891086814 http://rave.ohiolink.edu/etdc/view?acc_num=wright1495191891086814 unrestricted This thesis or dissertation is protected by copyright: all rights reserved. It may not be copied or redistributed beyond the terms of applicable copyright laws.
collection NDLTD
language English
sources NDLTD
topic Computer Science
network security
fake anti-virus software
intrusion detection
web document analysis
statistical classification
Domain Name System
behavioral fingerprints
privacy
online social networks
virtual currency
malicious accounts
spellingShingle Computer Science
network security
fake anti-virus software
intrusion detection
web document analysis
statistical classification
Domain Name System
behavioral fingerprints
privacy
online social networks
virtual currency
malicious accounts
Kim, Dae Wook
Data-Driven Network-Centric Threat Assessment
author Kim, Dae Wook
author_facet Kim, Dae Wook
author_sort Kim, Dae Wook
title Data-Driven Network-Centric Threat Assessment
title_short Data-Driven Network-Centric Threat Assessment
title_full Data-Driven Network-Centric Threat Assessment
title_fullStr Data-Driven Network-Centric Threat Assessment
title_full_unstemmed Data-Driven Network-Centric Threat Assessment
title_sort data-driven network-centric threat assessment
publisher Wright State University / OhioLINK
publishDate 2017
url http://rave.ohiolink.edu/etdc/view?acc_num=wright1495191891086814
work_keys_str_mv AT kimdaewook datadrivennetworkcentricthreatassessment
_version_ 1719452540427304960

Similar Items