Malicious users in data networks may form social interactions to create communities in abnormal fashions that deviate from the communication standards of a network. As a community, these users may perform many illegal tasks such as spamming, denial-of-service attacks, spreading confidential information, or sharing illegal contents. They may use different methods to evade existing security systems such as session splicing, polymorphic shell code, changing port numbers, and basic string manipulation. One way to masquerade the traffic is by changing the data rate patterns or use very low (trickle) data rates for communication purposes, the latter is focus of this research. Network administrators consider these communities of users as a serious threat.
In this research, we propose a framework that not only detects the abnormal data rate patterns in a stream of traffic by
using a type of neural network, Self-organizing Maps (SOM), but also
detect and reveal the community structure of these users for further
decisions. Through a set of comprehensive simulations, it is shown in this research that the suggested framework is able to detect these malicious user communities with a low false negative rate and false positive rate.
We further discuss ways of improving the performance of the neural network by studying the size of SOM's.
Identifer | oai:union.ndltd.org:uvic.ca/oai:dspace.library.uvic.ca:1828/3235 |
Date | 04 April 2011 |
Creators | Moghaddam, Amir |
Contributors | Ganti, Sudhakar |
Source Sets | University of Victoria |
Language | English, English |
Detected Language | English |
Type | Thesis |
Rights | Available to the World Wide Web |
Page generated in 0.0023 seconds