登入選單
返回Google圖書搜尋
Defense Mechanisms Against Internet Malicious Traffic
註釋In recent years, there has been a significant increase in volume, sophistication, and levels of automation of malicious Internet traffic. Protecting our network infrastructures has become a task of a crucial importance, but that also involves complex challenges. In this dissertation, we focus on flow-level measurements of malicious Internet traffic collected from a large number of different networks located worldwide. The goal is to mine and analyze patterns of malicious traffic so as to improve defense mechanisms against cyber-crimes. The contribution of this dissertation is three-fold. First, we study the problem of filtering known malicious source IP addresses using IP prefixes. We introduce a formal framework for this problem, which is general enough to (i) take into account several practical constraints in the router resources and incorporate different objectives pertaining to different administrative strategies. Within the proposed framework, we design a set of optimal algorithms that block IP sources of ongoing attacks using prefix-based rules. Second, we develop a methodology for predicting future malicious sources based on past measurements. Our prediction algorithms can be used both to proactively filter specific sources and to trigger monitoring of suspicious IP ranges. To this end, we design an implicit recommendation system that takes into account the complex phenomena observed in malicious traffic and is able to suggest to the victims which IP sources are most likely to attack in the near future. Finally, we demonstrate that this approach significantly improves the state-of-the-art techniques. Third, we consider a specific class of malicious traffic, namely, click fraud attacks. Click fraud refers to the activity of clicking Internet advertisements with the sole purpose of generating a charge for the adviser. This has arguably been identified as the most significant threat to the business models that today sustain most of the free Internet services. We propose an unsupervised detection model that leverages observed patterns of malicious click traffic and uses statistical methods to detect click fraud attacks.