Return to search

Detection of malicious user communities in data networks

Malicious users in data networks may form social interactions to create communities in abnormal fashions that deviate from the communication standards of a network. As a community, these users may perform many illegal tasks such as spamming, denial-of-service attacks, spreading confidential information, or sharing illegal contents. They may use different methods to evade existing security systems such as session splicing, polymorphic shell code, changing port numbers, and basic string manipulation. One way to masquerade the traffic is by changing the data rate patterns or use very low (trickle) data rates for communication purposes, the latter is focus of this research. Network administrators consider these communities of users as a serious threat.
In this research, we propose a framework that not only detects the abnormal data rate patterns in a stream of traffic by
using a type of neural network, Self-organizing Maps (SOM), but also
detect and reveal the community structure of these users for further
decisions. Through a set of comprehensive simulations, it is shown in this research that the suggested framework is able to detect these malicious user communities with a low false negative rate and false positive rate.
We further discuss ways of improving the performance of the neural network by studying the size of SOM's.

Identiferoai:union.ndltd.org:uvic.ca/oai:dspace.library.uvic.ca:1828/3235
Date04 April 2011
CreatorsMoghaddam, Amir
ContributorsGanti, Sudhakar
Source SetsUniversity of Victoria
LanguageEnglish, English
Detected LanguageEnglish
TypeThesis
RightsAvailable to the World Wide Web

Page generated in 0.0023 seconds