Anomaly detection and mitigation at Internet scale: A survey

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 7943 LNCS, Issue , 2013, Pages 49-60

  Steinberger, Jessica ^a   Schehlmann, Lisa ^a   Abt, Sebastian ^a   Baier, Harald ^a  

^a DARMSTADT UNIVERSITY OF APPLIED SCIENCES   (Germany)

Author keywords

Anomaly Detection; Anomaly Mitigation; Correlation; Internet Service Provider; NetFlow; Network Security

Indexed keywords

ANOMALY DETECTION; ANOMALY MITIGATION; ATTACK DETECTION; DETECTION MECHANISM; INDUSTRY PROCESS; NETFLOWS; NETWORK OPERATOR; NETWORK-BASED ATTACKS;

CORRELATION METHODS; INTERNET SERVICE PROVIDERS; NETWORK SECURITY; SURVEYS;

COMPUTER CRIME;

EID: 84879651756     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-38998-6_7     Document Type: Conference Paper

References (16)

1. Abt, S., Baier, H.: Towards efficient and privacy-preserving network-based botnet detection using netflow data. In: Proceedings of 9th International Network Conference, INC 2012, Port Elizabeth, South Africa (July 2012)
2. Maryam, F., Alireza, S., Sureswaran, R.: A Survey of Botnet and Botnet Detection. In: Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and Technologies, SECURWARE 2009, Washington DC, USA (2009)
3. Jing, L., Yang, X., Kaveh, G., Hongmei, D., Jingyuan, Z.: Botnet: classification, attacks, detection, tracing, and preventive measures. EURASIP Journal on Wireless Communications and Networking (February 2009)
4. Karen, S., Peter, M.: SP 800-94. Guide to Intrusion Detection and Prevention Systems (IDPS). Technical report, National Institute of Standards & Technology, Gaithersburg, MD, United States (February 2007)
5. van Eeten, M., Bauer, J.M., Asghari, H., Tabatabaie, S., Rand, D.: The Role of Internet Service Providers in Botnet Mitigation: An Empirical Analysis Based on Spam Data. In: The Tenth Workshop on the Economics of Information Security, WEIS 2010 (2010)
6. Prez, M.G., Mrmol, F.G., Prez, G.M., Gmez-Skarmeta, A.F.: RepCIDN: A Reputation-based Collaborative Intrusion Detection Network to Lessen the Impact of Malicious Alarms. Journal of Network and Systems Management 21(1) (March 2013)
7. Cisco Systems, Inc.: Netflow services solutions guide (January 2007), http://www.cisco.com/en/US/docs/ios/solutions docs/netflow/nfwhite.html
8. François, J., Wang, S., State, R., Engel, T.: BotTrack: tracking botnets using Net- Flow and PageRank. In: Domingo-Pascual, J., Manzoni, P., Palazzo, S., Pont, A., Scoglio, C. (eds.) NETWORKING 2011, Part I. LNCS, vol. 6640, pp. 1-14. Springer, Heidelberg (2011)
9. Bilge, L., Balzarotti, D., Robertson, W., Kirda, E., Kruegel, C.: DISCLOSURE: Detecting Botnet Command and Control Servers Through Large-Scale NetFlow Analysis. In: Proceedings of the Annual Computer Security Applications Conference, ACSAC 2012, Orlando, FL USA (December 2012)
10. Bundesamt für Sicherheit in der Informationstechnik: IT Infrastructure Library (ITIL) und Informationssicherheit (2005), https://www.bsi.bund.de/ContentBSI/Publikationen/Studien/ITinf/index htm.html
11. International Organization for Standardization: Information technology - Security techniques - Information security management systems - Overview and vocabulary (ISO/IEC 27000:2012), 2012 edn. (January 14, 2013)
12. Anstee, D., Bussiere, D., Sockrider, G., Morales, C.: Worldwide Infrastructure Security Report. Technical Report VII, Arbor Networks Inc. (January 2012), http://www.arbornetworks.com/research/infrastructure-security- report
13. Boschi, E., Mark, L., Quittek, J., Stiemerling, M., Aitken, P.: IP Flow Information Export (IPFIX) Implementation Guidelines. RFC 5153 (Informational) (April 2008), http://www.ietf.org/rfc/rfc5153.txt
14. Phaal, P., Lavine, M.: sFlow Version 5 (July 2004), http://www.sflow.org/ sflow-version-5.txt
15. ENISA - European Network and Information Security Agency: Cert cooperation and its further facilitation by relevant stakeholders. Technical report, ENISA (December 2006), http://www.enisa.europa.eu/activities/cert/ background/coop/files/cert-cooperation-and-its-further-facilitation-by-relevant- stakeholders/at-download/fullReport
16. Molina, M., Paredes-Oliva, I., Routly, W., Barlet-Ros, P.: Operational experiences with anomaly detection in backbone networks. Computers & Security 31(3), 273-285 (2012)