Beehive: Large-scale log analysis for detecting suspicious activity in enterprise networks

ACM International Conference Proceeding Series

Volumn , Issue , 2013, Pages 199-208

  Yen, Ting Fang ^a   Oprea, Alina ^a   Onarlioglu, Kaan ^b   Leetham, Todd ^c   Robertson, William ^b   Juels, Ari ^a   Kirda, Engin ^b  

^a RSA Laboratories   (United States)

^b NORTHEASTERN UNIVERSITY   (United States)

^c India Center of Excellence   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ANTIVIRUS SOFTWARES; ENTERPRISE NETWORKS; ENTERPRISE SECURITY; INCIDENT RESPONSE; LARGE ENTERPRISE; SECURITY INCIDENT; SECURITY PRODUCTS; SIGNATURE-BASED APPROACH;

SECURITY OF DATA; SECURITY SYSTEMS;

INDUSTRY;

EID: 84893295028     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2523649.2523670     Document Type: Conference Paper

References (41)

1. OSSEC - Open Source Security. http://www.ossec.net.
2. Snort. http://www.snort.org.
3. The Bro Network Security Monitor. http://www.bro.org/.
4. M. Abu Rajab, J. Zarfoss, F. Monrose, and A. Terzis. A Multifaceted Approach to Understanding the Botnet Phenomenon. In IMC, 2006.
5. M. Antonakakis, R. Perdisci, D. Dagon, W. Lee, and N. Feamster. Building a Dynamic Reputation System for DNS. In USENIX Security, 2010.
6. M. Antonakakis, R. Perdisci, W. Lee, N. Vasiloglou, II, and D. Dagon. Detecting Malware Domains at the Upper DNS Hierarchy. In USENIX Security, 2011.
7. M. Antonakakis, R. Perdisci, Y. Nadji, N. Vasiloglou, S. Abu-Nimeh, W. Lee, and D. Dagon. From Throw-away Traffic to Bots: Detecting the Rise of DGA-based Malware. In USENIX Security, 2012.
8. L. Bilge, D. Balzarotti, W. Robertson, E. Kirda, and C. Kruegel. Disclosure: Detecting Botnet Command and Control Servers Through Large-scale NetFlow Analysis. In ACSAC, 2012.
9. L. Bilge, E. Kirda, K. Christopher, and M. Balduzzi. EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis. In NDSS, 2011.
10. J. R. Binkley and S. Singh. An Algorithm for Anomaly-based Botnet Detection. In USENIX SRUTI, 2006.
11. D. Brauckhoff, X. Dimitropoulos, A. Wagner, and K. Salamatian. Anomaly Extraction in Backbone Networks Using Association Rules. In IMC, 2009.
12. M. J. Chapple, N. Chawla, and A. Striegel. Authentication Anomaly Detection: A Case Study on a Virtual Private Network. In ACM MineNet, 2007.
13. H. Choi, H. Lee, H. Lee, and H. Kim. Botnet Detection by Monitoring Group Activities in DNS Traffic. In IEEE CIT, 2007.
14. E. Cooke, F. Jahanian, and D. McPherson. The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets. In USENIX SRUTI, 2005.
15. G. Dewaele, K. Fukuda, P. Borgnat, P. Abry, and K. Cho. Extracting Hidden Anomalies Using Sketch and non Gaussian Multiresolution Statistical Detection Procedures. In ACM SIGCOMM LSAD, 2007.
16. J. François, S. Wang, R. State, and T. Engel. BotTrack: Tracking Botnets Using NetFlow and PageRank. In IFIP TC 6 Networking Conf., 2011.
17. F. C. Freiling, T. Holz, and G. Wicherski. Botnet Tracking: Exploring a Root-cause Methodology to Prevent Distributed Denial-of-service Attacks. In ESORICS, 2005.
18. G. Gu, R. Perdisci, J. Zhang, and W. Lee. BotMiner: Clustering Analysis of Network Traffic for Protocoland Structure-independent Botnet Detection. In USENIX Security, 2008.
19. G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee. BotHunter: Detecting Malware Infection Through IDS-driven Dialog Correlation. In USENIX Security, 2007.
20. G. Gu, J. Zhang, and W. Lee. BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic. In NDSS, 2008.
21. T. Holz, C. Gorecki, K. Rieck, and F. C. Freiling. Measuring and Detecting Fast-Flux Service Networks. In NDSS, 2008.
22. J. P. John, A. Moshchuk, S. D. Gribble, and A. Krishnamurthy. Studying Spamming Botnets Using Botlab. In USENIX NSDI, 2009.
23. I. T. Jolliffe. Principal Component Analysis. Springer-Verlag, 1986.
24. A. Karasaridis, B. Rexroad, and D. Hoeflin. Wide-scale Botnet Detection and Characterization. In USENIX HotBots, 2007.
25. L. Kaufman and P. J. Rousseeuw. Finding Groups in Data. An Introduction to Cluster Analysis. Wiley, 1990.
26. J. Levine, R. LaBella, H. Owen, D. Contis, and B. Culver. The Use of Honeynets to Detect Exploited Systems Across Large Enterprise Networks. In IEEE IAW, 2003.
27. C. Livadas, R. Walsh, D. Lapsley, and W. Strayer. Using Machine Learning Techniques to Identify Botnet Traffic. In IEEE LCN, 2006.
28. J. Ma, L. K. Saul, S. Savage, and G. M. Voelker. Beyond Blacklists: Learning to Detect Malicious Web Sites from Suspicious URLs. In ACM SIGKDD KDD, 2009.
29. J. Nazario and T. Holz. As the Net Churns: Fast-flux Botnet Observations. In MALWARE, 2008.
30. E. Passerini, R. Paleari, L. Martignoni, and D. Bruschi. FluXOR: Detecting and Monitoring Fast-Flux Service Networks. In DIMVA, 2008.
31. R. Perdisci, I. Corona, D. Dagon, and W. Lee. Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces. In ACSAC, 2009.
32. A. Ramachandran and N. Feamster. Understanding the Network-level Behavior of Spammers. In ACM SIGCOMM, 2006.
33. A. Sperotto, R. Sadre, and A. Pras. Anomaly Characterization in Flow-Based Traffic Time Series. In IEEE IPOM, 2008.
34. B. Stone-Gross, M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. Kemmerer, C. Kruegel, and G. Vigna. Your Botnet is My Botnet: Analysis of a Botnet Takeover. In ACM CCS, 2009.
35. W. Strayer, R. Walsh, C. Livadas, and D. Lapsley. Detecting Botnets with Tight Command and Control. In IEEE LCN, 2006.
36. R. Villamarín-Salomón and J. C. Brustoloni. Bayesian Bot Detection Based on DNS Traffic Similarity. In ACM SAC, 2009.
37. A. Wagner and B. Plattner. Entropy Based Worm and Anomaly Detection in Fast IP Networks. In IEEE WETICE, 2005.
38. S. Yadav, A. K. K. Reddy, A. N. Reddy, and S. Ranjan. Detecting Algorithmically Generated Malicious Domain Names. In IMC, 2010.
39. S. Yadav and A. N. Reddy. Winning With DNS Failures: Strategies for Faster Botnet Detection. In SECURECOMM, 2011.
40. T.-F. Yen and M. K. Reiter. Traffic Aggregation for Malware Detection. In DIMVA, 2008.
41. J. Zhang, R. Berthier, W. Rhee, M. Bailey, P. Pal, F. Jahanian, and W. H. Sanders. Safeguarding Academic Accounts and Resources with the University Credential Abuse Auditing System. In DSN, 2012.