Accurately Spotting Malicious IP Clusters Using Network Safety Management

Authors

  • N. Srimannarayana  PG Student, Department of MCA, St. Ann's College of Engineering & Technology, Chirala, Andhra Pradesh, India
  • Maddali M. V. M. Kumar  Assistant Professor, Department of MCA, St. Ann's College of Engineering & Technology, Chirala, Andhra Pradesh, India

Keywords:

Malicious IP Cluster, Botnet, Network Security, DOS attack, Countermeasure, Behavior Analysis.

Abstract

Detecting and discriminating malicious and delicate nodes in the system is the most convolute task, which has undistinguishable practices, and an arrangement of nodes which has distinctive conduct is frequently conceivable to be in a same group. Finding the node conduct and clustering them in a vindictive group in light of the conduct investigation is a noteworthy research to upgrade the system security. We show that it is frequently conceivable to find such clusters and finding optimal reaction to upset the further interference by preparing system logs gathered at different system designs. Clearly, few out of every odd node and groups uncovered as malignant. However, we demonstrate that noxious clusters can precisely be recognized from kindhearted ones by just utilizing scene division and a prescient IP boycott. In this paper, we initially propose a novel system wellbeing administration motor to spot and channel such pernicious behavioral IP and IP groups in the system. In this paper, we focused on various sorts of noxious practices like administration intrusion, spreading spam, caricaturing and abusing data in the system and so on. Based on the conduct investigation, conduct score is ascertained and the score limit decides the prescient boycott. Later the highly prescient boycotts are utilized to locate the malicious group. Moreover, we played out the counter measure determination for the node conduct and its behavioral score. We altogether show signs of improvement bring about terms of exactness and review. Besides, we created a scene discovery process with occasion id and its grouping for quick conduct examination. The proposed malicious location process and clustering process enhances the exactness and review. At last, we exhibit the adequacy of the proposed conspire utilizing system log occasions which are caught from the follow records utilizing the NS2 device.

References

  1. Syverson, Paul. "A taxonomy of replay attacks cryptographic protocols]."Computer Security Foundations Workshop VII, 1994. CSFW 7. Proceedings. IEEE, 1994.
  2. Brachtl, Bruno O., Don Coppersmith, Myrna M. Hyden, Stephen M. Matyas Jr, Carl HW Meyer, Jonathan Oseas, ShaiyPilpel, and Michael Schilling. "Data authentication using modification detection codes based on a public one way encryption function." U.S. Patent 4,908,861, issued March 13, 1990.
  3. Wang, Haining, Danlu Zhang, and Kang G. Shin. "Changepoint monitoring for the detection of DoSattacks."IEEE Transactions on dependable and secure computing 1.4 (2004): 193-208.
  4. K. Thomas, C. Grier, and V. Paxson, "Adapting social spam infrastructure for political censorship," in Presented as part of the 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats, 2012.
  5. G. Stringhini, P. Mourlanne, G. Jacob, M. Egele, C. Kruegel, and G. Vigna, "Evilcohort: Detecting communities of malicious accounts on online services," in 24th USENIX Security Symposium (USENIX Security 15), 2015.
  6. A. Ramachandran, N. Feamster, and S. Vempala, "Filtering spam with behavioral blacklisting," in Proceedings of the 14th ACM conference on Computer and communications security, 2007.
  7. S. Nagaraja, P. Mittal, C. yao Hong, M. Caesar, and N. Borisov, "Botgrep: Finding p2p bots with structured graph analysis," 2010.
  8. U. Vijaya Lakshmi and Maddali M.V.M. Kumar, "Various Patterns of Network Formation Based on Nodal Attributes and NATERGM Model for Dynamic Network Analysis," International Journal of Scientific Engineering and Technology Research, vol. 6, no. 9, pp.1873-1877, 2007.
  9. G. Gu, R. Perdisci, J. Zhang, and W. Lee, "BotMiner: Clustering analysis of network traffic for protocol- and structure-independent botnet detection," in Proceedings of the 17th USENIX Security Symposium (Security’08), 2008.
  10. B. Coskun and P. Giura, "Mitigating sms spam by online detection of repetitive near-duplicate messages," in in IEEE Conference on Communications (ICC), 2012.
  11. Hansman, Simon, and Ray Hunt. "A taxonomy of network and computer attacks."Computers & Security 24.1 (2005):31-43.
  12. Gu, Guofei, Roberto Perdisci, Junjie Zhang, and Wenke Lee. "BotMiner: Clustering Analysis of Network Traffic for Protocol-and Structure-Independent Botnet Detection." In USENIX security symposium, vol. 5, no. 2, pp. 139-154. 2008.
  13. Y. Zhao, Y. Xie, F. Yu, Q. Ke, Y. Yu, Y. Chen, and E. Gillum, "Botgraph: Large scale spamming botnet detection," in Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2009, April 22- 24, 2009, Boston, MA, USA, 2009, pp. 321–334.
  14. Carl, Glenn, George Kesidis, Richard R. Brooks, and Suresh Rai. "Denial-of-service attack-detection techniques."IEEE Internet computing 10, no. 1 (2006): 82-89.
  15. Duan, Zhenhai, Xin Yuan, and JaideepChandrashekar. "Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates."INFOCOM. 2006

IInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology

Downloads

Published

2018-02-28

Issue

Volume 3, Issue 2, January-February-2018

Section

Research Articles

License

Copyright (c) IJSRCSEIT

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
N. Srimannarayana, Maddali M. V. M. Kumar, " Accurately Spotting Malicious IP Clusters Using Network Safety Management, IInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology(IJSRCSEIT), ISSN : 2456-3307, Volume 3, Issue 2, pp.80-87, January-February-2018.