Network Security Incident Detection Based on Network Topology Patterns

Viksna, Juris; Freivalds, Karlis; Grasmanis, Mikus; Rucevskis, Peteris; Kaskina, Baiba; Teivans, Varis

Home // SECURWARE 2015, The Ninth International Conference on Emerging Security Information, Systems and Technologies // View article

Network Security Incident Detection Based on Network Topology Patterns

Authors:
Juris Viksna
Karlis Freivalds
Mikus Grasmanis
Peteris Rucevskis
Baiba Kaskina
Varis Teivans

Keywords: Network security; Data visualization; Graph topology patterns

Abstract:
In this work, we explore the option of using graph topology patterns for security incident detection in NetFlow data. NetFlow data sets in which data flows related to attacks are specially marked are analyzed using graph visualization techniques in combination with manual methods to identify prospective network topology patterns related to attacks. These patterns are subsequently validated and their merit for incident detection assessed. The current research shows that while such pattern based approach is unlikely to provide a highly reliable incident detection method on its own, it can well complement other methods and can detect attacks that remain unnoticed by statistical analysis of network traffic.

Pages: 7 to 8

Copyright: Copyright (c) IARIA, 2015

Publication date: August 23, 2015

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-427-5

Location: Venice, Italy

Dates: from August 23, 2015 to August 28, 2015