Journal of Communications and Networks

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지
DOI QR코드

DOI QR Code

A Global-Local Approach for Estimating the Internet's Threat Level

  • Kollias, Spyridon (Department of Informatics, University of Piraeus) ;
  • Vlachos, Vasileios (Department of Computer Science and Engineering, Technological Educational Institute of Thessaly) ;
  • Papanikolaou, Alexandros (Department of Computer Science and Engineering, Technological Educational Institute of Thessaly) ;
  • Chatzimisios, Periklis (Department of Information Technology, Alexander Technological Educational Institute of Thessaloniki) ;
  • Ilioudis, Christos (Department of Information Technology, Alexander Technological Educational Institute of Thessaloniki) ;
  • Metaxiotis, Kostas (Department of Informatics, University of Piraeus)
  • Received : 2014.04.12
  • Published : 2014.08.30
Download PDF
⟨ Previous Next ⟩

Abstract

The Internet is a highly distributed and complex system consisting of billion devices and has become the field of various kinds of conflicts during the last two decades. As a matter of fact, various actors utilise the Internet for illicit purposes, such as for performing distributed denial of service attacks (DDoS) and for spreading various types of aggressive malware. Despite the fact that numerous services provide information regarding the threat level of the Internet, they are mostly based on information acquired by their sensors or on offline statistical sampling of various security applications (antivirus software, intrusion detection systems, etc.). This paper introduces proactive threat observatory system (PROTOS), an open-source early warning system that does not require a commercial license and is capable of estimating the threat level across the Internet. The proposed system utilises both a global and a local approach, and is thus able to determine whether a specific host is under an imminent threat, as well as to provide an estimation of the malicious activity across the Internet. Apart from these obvious advantages, PROTOS supports a large-scale installation and can be extended even further to improve the effectiveness by incorporating prediction and forecasting techniques.

Keywords

References

  1. D. Evans, "The Internet of Things - How the next evolution of the internet is changing everything," white paper, Cisco IBSG, Apr. 2011.
  2. T. Kaukalias and P. Chatzimisios, "Internet of Things (IoT) - enabling technologies, applications and open issues," in Encyclopedia of Information Science and Technology, IGI Global Press, 3rd ed., 2014.
  3. (2013, Oct.). "Russia: Hidden chips 'launch spam attacks from irons'." BBC News. [Online] Available: http://www.bbc.com/news/blogsnews-from-elsewhere-24707337
  4. (2014, Jan.). "Fridge sends spam emails as attack hits smart gadgets." BBC News. [Online] Available: http://www.bbc.com/news/technology-25780908
  5. M. Covington and R. Carskadden, "Threat implications of the Internet of Things," in Proc. CyCon, June 2013, pp. 1-12.
  6. P. Kasinathan et al., "Denial-of-service detection in 6LoWPAN based Internet of Things," in Proc. IEEE WiMob, Oct. 2013, pp. 600-607.
  7. L. Fagen and X. Pan, "Practical secure communication for integrating wireless sensor networks into the Internet of Things," IEEE Sensors J., vol. 13, no. 10, pp. 3677-3684, 2013. https://doi.org/10.1109/JSEN.2013.2262271
  8. K. A. Ahmed, Z. Aung, and D. Svetinovic, "Smart grid wireless network security requirements analysis," in Proc. IEEE GreenCom, Aug. 2013, pp. 871-878.
  9. J. Soryal and T. Saadawi, "DoS attack detection in Internet-connected vehicles," in Proc. ICCVE, Dec. 2013, pp. 7-13.
  10. S. Kollias et al., "Measuring the Internet's threat level: A global-local approach," in Proc. IEEE PEDIWESA, June 2014.
  11. C. C. Zou et al., "Monitoring and early warning for internet worms," in Proc. ACM CSS, Oct. 2003, pp. 190-199.
  12. S. R. Snapp et al., "DIDS (Distributed Intrusion Detection System)-motivation, architecture, and an early prototype," in Proc. National Comput. Security Conf., 1991, pp. 167-176.
  13. S. Singh et al., "The earlybird system for the real-time detection of unknown worms," Tech. Rep. CS2003-0761, UCSD, Department of Computer Science, Aug. 2003.
  14. V. H. Berk, R. S. Gray, and G. Bakos, "Using sensor networks and data fusion for early detection of active worms," in Proc. AiroSense, 23 Sept. 2003, pp. 92-104.
  15. V. Vlachos, S. Androutsellis-Theotokis, and D. Spinellis, "Security applications of peer-to-peer networks," Comput. Netw., vol. 45, no. 2, pp. 195-205, 2004. https://doi.org/10.1016/j.comnet.2004.01.002
  16. V. Vlachos and D. Spinellis, "A PROactive malware identification system based on the computer hygiene principles," Inform. Management Comput. Security, vol. 15, no. 4, pp. 295-312, 2007. https://doi.org/10.1108/09685220710817815
  17. "Symantec deepsight early warning services." [Online]. Available: http: //tms.symantec.com/
  18. "Cisco IronPort reputation filters." [Online]. Available: http://www.cisco. com/c/dam/en/us/products/collateral/security/email-security-appliance/ ironport_reputation_filters.pdf
  19. "Dshield." [Online]. Available: http://www.dshield.org/
  20. E. Biersack et al., "Visual analytics for BGP monitoring and prefix hijacking identification," IEEE Network, vol. 26, no. 6, pp. 33-39, 2012. https://doi.org/10.1109/MNET.2012.6375891
  21. G. Caruana, M. Li, and H. Qi, "SpamCloud: A MapReduce based antispam architecture," in Proc. FSKD, vol. 6, Aug. 2010, pp. 3003-3006.
  22. C. Leita and M. Cova, "HARMUR: Storing and analyzing historic data on malicious domains," in Proc. EuroSys BADGERS, Apr. 2011, pp. 44-51.
  23. C. Leita and M. Dacier, "SGNET: A worldwide deployable framework to support the analysis of malware threat models," in Proc. EDCC, May 2008, pp. 99-109.
  24. L. Mokdad and J. Ben-Othman, "Performance evaluation of security routing strategies to avoid DoS attacks in WSN," in Proc. IEEE GLOBECOM, Dec. 2012, pp. 2859-2863.
  25. J. Ben-Othman and Y. I. Saavedra Benitez, "IBC-HWMP: A novel secure identity-based cryptography-based scheme for HybridWireless Mesh Protocol for IEEE 802.11s," Concurrency Comput.: Practice Experience, vol. 25, no. 5, pp. 686-700, 2013. https://doi.org/10.1002/cpe.1813
  26. Y. I. Saavedra Benitez, J. Ben-Othman, and J.-P. Claude, "Performance comparison between IBE-HWMP and ECDSA-HWMP," Security Commun. Netw., vol. 6, no. 4, pp. 437-449, 2013. https://doi.org/10.1002/sec.632
  27. V. Vlachos, Security Applications of Peer to Peer Networks. Ph.D. dissertation, DMST, AUEB, July 2007.
  28. V. Vlachos, A. Raptis, and D. Spinellis, "PROMISing steps towards computer hygiene," in Proc. INC, July 2006, pp. 229-236.
  29. G.Moritz, F. Golatowski, and D. Timmermann, "A lightweight SOAP over CoAP transport binding for resource constraint networks," in Proc. MASS, 2011, pp. 861-866.
  30. C. Neuman et al., "The Kerberos network authentication service (v5)," RFC 4120, IETF-Network Working Group, July 2005.