№1, 2014

ANALYSIS OF METHODS FOR NETWORK SECURITY MONITORING

Rasim M. Аlguliev, Yadigar N. Imamverdiyev, Babek R. Nabiyev

Network security monitoring is an urgent task to ensure continuous and reliable operation of computer networks. In this article the tasks, functions and intelligent monitoring methods of network security have been defined, as well as methods of classification and clustering of network traffic have been  researched.  Also there was established several important research problems. (pp. 60-68)

Keywords: information security, network security monitoring, network traffic analysis, traffic classification, clustering traffic
References
  • Pierson R., Fitzpatrick S. Network security architecture for intelligent networks // Intelligent Network Workshop, 1997, vol. 3, no.3, pp.37.
  • Kotenko I., Bogdanov V. Proactive monitoring of security policy accomplishment in computer networks / of the IEEE International Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications, 2009, pp.364−369.
  • Zhang H., Lu G., Qassrawi M., Yu X. Comparison and Analysis of Flow Features at the Packet Level for Traffic Classification / of the International Conference on Connected Vehicles and Expo (ICCVE), 2012, pp.262−267.
  • Callado A., Kamienski C., Szabo G., Gero B., Kelner J., Fernandes S., Sadok D. A Survey on Internet Traffic Identification // IEEE Communications Surveys & Tutorials, 2009, 11, pp.37−52.
  • Junior G.P.S., Maia J.E.B., Holanda R., Sousa J.N. P2P Traffic Identification using Cluster Analysis / of the First International Global Information Infrastructure Symposium, 2007, pp.128−133.
  • Dong-Mei L., Bin L., Ying Q. Study on method for public traffic network optimization and adjustment based on cluster analysis / of the International Conference on Machine Learning and Cybernetics (ICMLC), 2011, pp.1593−1596.
  • Kuai X., Zhi-Li Z., Bhattacharyya S. Internet Traffic Behavior Profiling for Network Security Monitoring // The IEEE&ACM Transactions on Networking, 2008, vol.16, no.6, pp.1241−1252.
  • Boukerchea A., Machado B.R., Jucá K.R.L., Sobral J.B.M., Notare M.S.M.A. An agent based and biological inspired real-time intrusion detection and security model for computer network operations // Journal Computer Communications, 2007, vol. 30, no. 13, pp.2649−2660.
  • Han J., Kamber M. Data Mining: Concepts and Techniques, 2nd ed. Morgan Kaufmann Publishers, 2006.
  • Bishop C.M. Pattern Recognition and Machine Learning. Springer, 2006, 738 p.
  • Xu K., Zhang Z., Bhattacharyya S., Internet Traffic Behavior Profiling for Network Security Monitoring // IEEE/ACM Transactions on Networking, 2008, pp.1241−1252.
  • Wu Q., Ferebee D., Lin Y., Dasgupta D. Visualization of security events using an efficient correlation technique / of the IEEE Symposium on Computational Intelligence in Cyber Security, 2009, pp.61−68.
  • Amalio N., Spanoudakis G. From Monitoring Templates to Security Monitoring and Threat Detection / Proc. of the Second International Conference on Emerging Security Information, Systems and Technologies, 2008, pp.185−192.
  • Lee C.P., Trost J., Gibbs N., Raheem B., Copeland J.A. Visual firewall: real-time network security monitor // IEEE Workshop on Visualization for Computer Security, 2005, 129−136.
  • Mukosaka S., Koike H. Integrated visualization system for monitoring security in large-scale local area network / Proc. of the 6th International Asia-Pacific Symposium, 2007, pp.41−44.
  • Wu Q., Ferebee D., Lin Y., Dasgupta D. An integrated cyber security monitoring system using correlation-based techniques / Proc. of the IEEE International Conference on System of Systems Engineering, 2009, pp.1−6.
  • Savola R.M., Heinonen P. Security-Measurability-Enhancing Mechanisms for a Distributed Adaptive Security Monitoring System / Proc. of the Fourth International Conference on Emerging Security Information Systems and Technologies, 2010, pp.25−34.
  • Kim J., Yoon S., Kim M. Study on traffic classification taxonomy for multilateral and hierarchical traffic classification / Proc. of the 14th Asia-Pacific Network Operations and Management Symposium, 2012, pp.1−4.
  • Dainotti A., Donato W., Pescape A., Rossi S.P. Classification of Network Traffic via Packet-Level Hidden Markov Models / Proc. of the IEEE Global Telecommunications Conference, 2008, pp.1−5.
  • Zhang J., Xiang Y., Wang Y., Zhou W., Xiang Y., Guan Y. Network Traffic Classification Using Correlation Information // IEEE transactions on Parallel and Distributed Systems, 2013, vol.24, no.1, pp.104−117.
  • Goseva-Popstojanova K., Anastasovski G., Dimitrijevikj A., Pantev R., Miller B. Characterization and classification of malicious Web traffic // Computers & Security, 2014, vol. 42, pp. 92-115
  • Nechay D., Montreal Q.C., Pointurier Y., Coates M. Controlling False Alarm/Discovery Rates in Online Internet Traffic Flow Classification / Proc. of the IEEE Conference on INFOCOM, 2009, pp.684−692.
  • Mathewos B., Carvalho M.M., Ham F.M. Network traffic classification using a parallel neural network classifier architecture / Proc. of the 7th Annual Workshop on Cyber Security and Information Intelligence Research, 2011, no.3, pp.13–25.
  • Liu D., Lung C., Lambadańs I., Seddigh N. Network traffic anomaly detection using clustering techniques and performance comparison / Proc. of the 26th Annual IEEE Canadian Conference on Electrical and Computer Engineering, 2013, pp.1−4.
  • Shokri R., Oroumchian F., Yazdani N. CluSID: a clustering scheme for intrusion detection improved by information theory / Proc. of the 7th IEEE Malaysia International Conference on Communications, 2005, pp.553−558.
  • Li N., Zhang S., Lu Y., Yan J. Real-time P2P traffic identification / Proc. of the IEEE Global Telecommunications Conference, 2008, pp.1−4.
  • Khoshgoftaar T.M., Nath S.V., Zhong S., Seliya N. Intrusion detection in wireless networks using clustering techniques with expert analysis / Proc. of the 4th International Conference on Machine Learning and Applications, 2005, pp.8−17.
  • Zi L., Yearwood J., Wu X.-W. Adaptive clustering with feature ranking for DDoS attacks detection / Proc. of the 4th International Conference on Network and System Security (NSS), 2010, pp.281−286.
  • Dietrich C.J., Rossow C., Pohlmann N. CoCoSpot: Clustering and recognizing botnet command and control channels using traffic analysis // The International Journal of Computer and Telecommunications Networking, 2013, vol.57, no.2, pp.475−486.