Abstract
There is a continuous struggle for control of resources at every organization that is connected to the Internet. The local organization wishes to use its resources to achieve strategic goals. Some external entities seek direct control of these resources, for purposes such as spamming or launching denial-of-service attacks. Other external entities seek indirect control of assets (e.g., users, finances), but provide services in exchange for them.
Using a year-long trace from an edge network, we examine what various external organizations know about one organization. We compare the types of information exposed by or to external organizations using either active (reconnaissance) or passive (surveillance) techniques. We also explore the direct and indirect control external entities have on local IT resources.
- Allman, M., Paxson, V., and Terrell, J. 2007. A brief history of scanning. In Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement (IMC’07). ACM, New York. Google ScholarDigital Library
- Arlitt, M. and Williamson, C. 2005. An analysis of tcp reset behaviour on the Internet. ACM SIGCOMM Comput. Commun. Rev. 35, 1, 37--44. Google ScholarDigital Library
- Barford, P. and Blodgett, M. 2007. Toward botnet mesocosms. In Proceedings of the 1st Conference of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots’07). USENIX Association Berkeley, CA. Google ScholarDigital Library
- Barford, P. and Yegneswaran, V. 2006. An inside look at botnets. In Advanced in Information Security, vol. 27, ch. 8.Google Scholar
- Collins, M., Shimeall, T., Faber, S., Janies, J., Weaver, R., Shon, M., and Kadane, J. 2007. Using uncleanliness to predict future botnet addresses. In Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement (IMC’07). ACM, New York. Google ScholarDigital Library
- Duffield, N., Haffner, P., Krishnamurthy, B., and Ringberg, H. 2009. Rule-based anomaly detection on IP flows. In Proceedings of the IEEE INFOCOM. IEEE, Los Alamitos, CA.Google Scholar
- Gates, C., McNutt, J., Kadane, J., and Kellner, M. 2006. Scan detection on very large networks using logistic regression modeling. In Proceedings of the 11th IEEE Symposium on Computers and Communications (ISCC’06). IEEE, Los Alamitos, CA. Google ScholarDigital Library
- Jin, Y., Simon, G., Xu, K., Zhang, Z., and Kumar, V. 2007a. Gray’s anatomy: Dissecting scanning activities using IP gray space analysis. In Proceedings of SysML. Google ScholarDigital Library
- Jin, Y., Zhang, Z., Xu, K., Cao, F., and Sahu, S. 2007b. Identifying and tracking suspicious activities through gray space analysis. In Proceedings of the 3rd Annual ACM Workshop on Mining Network Data (MineNet’07). ACM, New York. Google ScholarDigital Library
- Jin, Y., Sharafuddin, E., and Zhang, Z. 2009. Unveiling core network-wide communication patterns through application traffic activity graph decomposition. In Proceedings of the 11th International Joint Conference on Measurement and Modeling of Computer Systems (SIGMETRICS’09). ACM, New York. Google ScholarDigital Library
- Jung, J., Paxson, V., Berger, A., and Balakrishnan, H. 2004. Fast portscan detection using sequential hypothesis testing. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA.Google Scholar
- Jung, J., Milito, R., and Paxson, V. 2007. On the adaptive real-time detection of fast propagating network worms. In Detection of Intrusions and Malware, and Vulnerability Assessment. Lecture Notes in Computer Science, vol. 4579, Springer, Berlin, 175--192. Google ScholarDigital Library
- Karasaridis, A., Rexroad, B., and Hoeflin, D. 2007. Wide-scale botnet detection and characterization. In Proceedings of the 1st Conference on the 1st Workshop on Hot Topics in Understanding Botnets (HotBots’07). USENIX Association, Berkeley, CA. Google ScholarDigital Library
- Katti, S., Krishnamurthy, B., and Katabi, D. 2005. Collaborating against common enemies. In Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement (IMC’05). ACM, New York. Google ScholarDigital Library
- Klensin, J. 2001. Simple mail transfer protocol. RFC 2821. Google ScholarDigital Library
- Krishnamurthy, B. and Wills, C. 2009. Privacy diffusion on the web: A longitudinal perspective. In Proceedings of the 18th International Conference on the World Wide Web (WWW’09). Google ScholarDigital Library
- Li, Z., Goyal, A., Chen, Y., and Paxson, V. 2009. Automating analysis of large-scale botnet probing events. In Proceedings of the 4th International Symposium on Information, Computer, and Communications Security (ASIACCS’09). Google ScholarDigital Library
- Muelder, C., Ma, K., and Bartoletti, T. 2005. A visualization methodology for characterization of network scans. In Proceedings of the Workshop on Visualization for Computer Security (VizSEC’05). IEEE, Los Alamitos, CA. Google ScholarDigital Library
- Padhak, A., Qian, F., Hu, C., Mao, M., and Ranjan, S. 2009. Botnet spam campaigns can be Long-lasting: Evidence, implications and analysis. In Proceedings of the 11th International Joint Conference on Measurement and Modeling of Computer Systems (SIGMETRICS’09). ACM, New York. Google ScholarDigital Library
- Pang, R., Yegneswaran, V., Barford, P., Paxson, V., and Peterson, L. 2004. Characteristics of internet background radiation. In Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement (IMC’04). ACM, New York. Google ScholarDigital Library
- Paxson, V. 2004. Strategies for sound Internet measurement. In Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement (IMC’04). ACM, New York. Google ScholarDigital Library
- Postel, J. 1982. Simple mail transfer protocol. RFC 821. Google ScholarDigital Library
- Shankar, U. and Paxson, V. 2003. Active mapping: Resisting NIDS evasion without altering traffic. In Proceedings of the Symposium on Security and Privacy. IEEE, Los Alamitos, CA. Google ScholarDigital Library
- Sommers, J., Yegneswaran, V., and Barford, P. 2004. A framework for malicious workload generation. In Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement (IMC’04). ACM, New York. Google ScholarDigital Library
- Specht, S. and Lee, R. 2004. Distributed denial of service: Taxonomies of attacks, tools and countermeasures. In Proceedings of the 17th International Conference on Parallel and Distributed Computing Systems.Google Scholar
- Staniford, S., Paxson, V., and Weaver, N. 2002. How to own the Internet in your spare time. In Proceedings of the 11th USENIX Security Symposium. USENIX Association, Berkeley, CA. Google ScholarDigital Library
- Weaver, N., Staniford, S., and Paxson, V. 2004. Very fast containment of scanning worms. In Proceedings of the 13th Conference on USENIX Security Symposium (SSYM’04). USENIX Association, Berkeley, CA. Google ScholarDigital Library
- Weaver, N., Sommer, R., and Paxson, V. 2009. Detecting forged tcp reset packets. In Proceedings of the 12th Conference on USENIX Security Symposium (SSYM’03). USENIX Association, Berkeley, CA.Google Scholar
- Xie, Y., Yu, F., and Abadi, M. 2009. De-anonymizing the Internet using unreliable ids. ACM SIGCOMM Comput. Comm. Rev. 39, 4. Google ScholarDigital Library
- Xu, K., Zhang, Z., and Bhattacharyya, S. 2008. Internet traffic behavior profiling for network security monitoring. IEEE/ACM Trans. Network. 16, 6, 1241--1252. Google ScholarDigital Library
- Yegneswaran, V., Barford, P., and Ullrich, J. 2003. Internet intrusions: Global characteristics and prevalence. In Proceedings of the International Joint Conference on Measurement and Modeling of Computer Systems (SIGMETRICS’03). ACM, New York. Google ScholarDigital Library
- Yin, X., Yurcik, W., Treaster, M., Li, Y., and Lakkaraju, K. 2004. Visflowconnect: Netflow visualizations of link relationships for security situational awareness. In Proceedings of the ACM Workshop on Visualization and Data Mining for Computer Security (VizSEC/DMSEC’04). ACM, New York. Google ScholarDigital Library
- Zhuang, L., Dunagan, J., Simon, D., Daniel, R., Wang, H., and Tygar, J. 2008. Characterizing botnets from email spam records. In Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET’08). USENIX Association, Berkeley, CA. Google ScholarDigital Library
- Zou, C., Gong, W., Towsley, D., and Gao, L. 2005. The monitoring and early detection of internet worms. IEEE/ACM Trans. Network. 13, 5, 961--974. Google ScholarDigital Library
Index Terms
- Characterizing Intelligence Gathering and Control on an Edge Network
Recommendations
Characterizing Multiple Institutional Logics for Innovation with Digital Technologies
HICSS '15: Proceedings of the 2015 48th Hawaii International Conference on System SciencesInnovating with digital technologies is important for organizations in order to stay competitive in the market. Today, diverse actors drawing on multiple institutions drive such innovations, ranging from engineers, designers and customer facing units, ...
Swarm Intelligence Based Reconfigurable Control Allocation
IMCCC '13: Proceedings of the 2013 Third International Conference on Instrumentation, Measurement, Computer, Communication and ControlModern aircrafts are configured with many control surfaces to enhance the reliability, maneuverability and survivability. To make full use of the redundant control surfaces and distribute the control power without exceeding the saturations, control ...
Characterizing binary matroids with no P 9 -minor
In this paper, we give a complete characterization of binary matroids with no P 9 -minor. A 3-connected binary matroid M has no P 9 -minor if and only if M is a 3-connected regular matroid, a binary spike with rank at least four, one of the internally 4-...
Comments