Causality-Based Traffic Reasoning for Securing Large-Scale Networks

Abstract

Our project goal is to detect clandestine malicious and unexplained network activities due to stealthy advanced persistent threats (APTs) and spyware activities in organizational networks (supporting both Android and Linux systems). This problem is challenging because there are usually not much difference between stealthy APT activities and normal traffic, in terms of volume, appearance, pattern, etc. We aim to demonstrate a new triggering relation discovery technique to construct the request-level causality structure in network traffic.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 24, 2019
Accession Number
AD1080644

Entities

People

  • Danfeng Yao

Organizations

  • Virginia Tech

Tags

Communities of Interest

  • Autonomy
  • Cyber
  • Energy and Power Technologies
  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Anomaly Detection
  • Artificial Intelligence
  • Bayesian Networks
  • Change Detection
  • Computer Network Security
  • Computer Programming
  • Computer Programs
  • Computers
  • Cybersecurity
  • Data Mining
  • Information Science
  • Information Security
  • Internet
  • Intrusion Detectors
  • Kernel Functions
  • Machine Learning
  • Malware
  • Network Protocols
  • Network Science
  • Supervised Machine Learning
  • Transport Protocols
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Theoretical Analysis.