• Aiuto
  • Sfoglia

    • Advanced Persistent Threats (APTs) are the most critical menaces to modern organizations and the most challenging attacks to detect. They span over long periods of time, use encrypted connections and mimic normal behaviors in order to evade detection based on traditional defensive solutions. We propose an innovative approach that is able to analyze efficiently high volumes of network traffic to reveal weak signals related to data exfiltrations and other suspect APT activities. The final result is a ranking of the most suspicious internal hosts; this rank allows security specialists to focus their analyses on a small set of hosts out of the thousands of machines that typically characterize large organizations. Experimental evaluations in a network environment consisting of about 10K hosts show the feasibility and effectiveness of the proposed approach. Our proposal based on security analytics paves the way to novel forms of automatic defense aimed at early detection of APTs in large and continuously varying networked systems.



    Data di pubblicazione: 2016
    Titolo: Analysis of high volumes of network traffic for Advanced Persistent Threat detection
    Autore/i: Marchetti, Mirco; Pierazzi, Fabio; Colajanni, Michele; Guido, Alessandro
    Autore/i UNIMORE: 
    MARCHETTI, Mirco  
    PIERAZZI, FABIO  
    COLAJANNI, Michele  
    GUIDO, ALESSANDRO  
    Digital Object Identifier (DOI): 10.1016/j.comnet.2016.05.018
    Rivista: 
    COMPUTER NETWORKS  
    Volume: 109
    Pagina iniziale: 127
    Pagina finale: 141
    Codice identificativo ISI: WOS:000388546500002
    Codice identificativo Scopus: 2-s2.0-84995685027
    Citazione: Analysis of high volumes of network traffic for Advanced Persistent Threat detection / Marchetti, Mirco; Pierazzi, Fabio; Colajanni, Michele; Guido, Alessandro. - In: COMPUTER NETWORKS. - ISSN 1389-1286. - 109(2016), pp. 127-141.
    TipologiaArticolo su rivista

    File in questo prodotto:
    File Descrizione Tipologia  
    pierazzi_apt.pdf Articolo principaleVersione editorialeAdministrator   Richiedi una copia
    Utilizza questo identificativo per citare o creare un link a questo documento:
    http://hdl.handle.net/11380/1135125
    • Citazioni
    • ND

    Licenza Creative Commons
    I documenti presenti in Iris Unimore sono rilasciati con licenza Creative Commons Attribuzione - Non commerciale - Non opere derivate 3.0 Italia, salvo diversa indicazione.
    In caso di violazione di copyright, contattare Supporto Iris
     
     
     
    Powered by IRIS-about IRIS-Utilizzo dei cookie
    Logo CINECA  Copyright © 2019