• Aiuto
  • Sfoglia

    • Several advanced cyber attacks adopt the technique of "pivoting" through which attackers create a command propagation tunnel through two or more hosts in order to reach their final target. Identifying such malicious activities is one of the most tough research problems because of several challenges: command propagation is a rare event that cannot be detected through signatures, the huge amount of internal communications facilitates attackers evasion, timely pivoting discovery is computationally demanding. This paper describes the first pivoting detection algorithm that is based on network flows analyses, does not rely on any a-priori assumption on protocols and hosts, and leverages an original problem formalization in terms of temporal graph analytics. We also introduce a prioritization algorithm that ranks the detected paths on the basis of a threat score thus letting security analysts investigate just the most suspicious pivoting tunnels. Feasibility and effectiveness of our proposal are assessed through a broad set of experiments that demonstrate its higher accuracy and performance against related algorithms.



    Data di pubblicazione: 2017
    Titolo: Detection and Threat Prioritization of Pivoting Attacks in Large Networks
    Autore/i: Apruzzese, Giovanni; Pierazzi, Fabio; Colajanni, Michele; Marchetti, Mirco
    Autore/i UNIMORE: 
    APRUZZESE, GIOVANNI  
    PIERAZZI, FABIO  
    COLAJANNI, Michele  
    MARCHETTI, Mirco  
    Digital Object Identifier (DOI): 10.1109/TETC.2017.2764885
    Rivista: 
    IEEE TRANSACTIONS ON EMERGING TOPICS IN COMPUTING  
    Pagina iniziale: 1
    Pagina finale: 1
    Codice identificativo Scopus: 2-s2.0-85032675681
    Citazione: Detection and Threat Prioritization of Pivoting Attacks in Large Networks / Apruzzese, Giovanni; Pierazzi, Fabio; Colajanni, Michele; Marchetti, Mirco. - In: IEEE TRANSACTIONS ON EMERGING TOPICS IN COMPUTING. - ISSN 2168-6750. - (2017), pp. 1-1.
    TipologiaArticolo su rivista

    File in questo prodotto:
    File Descrizione Tipologia  
    apruzzese_TETC.pdf Articolo principalePost-printOpen Access Visualizza/Apri
    Utilizza questo identificativo per citare o creare un link a questo documento:
    http://hdl.handle.net/11380/1149159
    • Citazioni
    • ND
    • ND

    Licenza Creative Commons
    I documenti presenti in Iris Unimore sono rilasciati con licenza Creative Commons Attribuzione - Non commerciale - Non opere derivate 3.0 Italia, salvo diversa indicazione.
    In caso di violazione di copyright, contattare Supporto Iris
     
     
     
    Powered by IRIS-about IRIS-Utilizzo dei cookie
    Logo CINECA  Copyright © 2019