References of "Wagner, Cynthia 40000707"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailASMATRA: Ranking ASs Providing Transit Service to Malware Hosters
Wagner, Cynthia UL; François, Jérôme UL; State, Radu UL et al

in IFIP/IEEE International Symposium on Integrated Network Management IM2013 (2013)

The Internet has grown into an enormous network offering a variety of services, which are spread over a multitude of domains. BGP-routing and Autonomous Systems (AS) are the key components for maintaining ... [more ▼]

The Internet has grown into an enormous network offering a variety of services, which are spread over a multitude of domains. BGP-routing and Autonomous Systems (AS) are the key components for maintaining high connectivity in the Internet. Unfortunately, Internet Service Providers (ISPs) operating ASs do not only host normal users and content, but also malicious content used by attackers for spreading malware, hosting phishing web-sites or performing any kind of fraudulent activity. Practical analysis shows that such malware-providing ASs prevent themselves from being de-peered by hiding behind other ASs, which do not host the malware themselves but simply provide transit service for malware. This paper presents a new method for detecting ASs that provide transit service for malware hosters, without being malicious themselves. A formal definition of the problem and the metrics are determined by using the AS graph. The PageRank algorithm is applied to improve the scalability and the completeness of the approach. The method is assessed on real and publicly available datasets, showing promising results. [less ▲]

Detailed reference viewed: 51 (1 UL)
Full Text
Peer Reviewed
See detailSemantic Exploration of DNS
Marchal, Samuel UL; François, Jérôme UL; Wagner, Cynthia UL et al

in Proceedings of the 11th International IFIP TC 6 Networking Conference, Prague, Czech Republic, May 21-25 2012 (2012, May)

The DNS structure discloses useful information about the organization and the operation of an enterprise network, which can be used for designing attacks as well as monitoring domains supporting malicious ... [more ▼]

The DNS structure discloses useful information about the organization and the operation of an enterprise network, which can be used for designing attacks as well as monitoring domains supporting malicious activities. Thus, this paper introduces a new method for exploring the DNS domains. Although our previous work described a tool to generate existing DNS names accurately in order to probe a domain automatically, the approach is extended by leveraging semantic analysis of domain names. In particular, the semantic distributional similarity and relatedness of sub-domains are considered as well as sequential patterns. The evaluation shows that the discovery is highly improved while the overhead remains low, comparing with non semantic DNS probing tools including ours and others. [less ▲]

Detailed reference viewed: 93 (0 UL)
Full Text
Peer Reviewed
See detailDNSSM: A large-scale Passive DNS Security Monitoring Framework
Marchal, Samuel UL; François, Jérôme UL; Wagner, Cynthia UL et al

in IEEE/IFIP Network Operations and Management Symposium (2012, April)

We present a monitoring approach and the supporting software architecture for passive DNS traffic. Monitoring DNS traffic can reveal essential network and system level activity profiles. Worm infected and ... [more ▼]

We present a monitoring approach and the supporting software architecture for passive DNS traffic. Monitoring DNS traffic can reveal essential network and system level activity profiles. Worm infected and botnet participating hosts can be identified and malicious backdoor communications can be detected. Any passive DNS monitoring solution needs to address several challenges that range from architectural approaches for dealing with large volumes of data up to specific Data Mining approaches for this purpose. We describe a framework that leverages state of the art distributed processing facilities with clustering techniques in order to detect anomalies in both online and offline DNS traffic. This framework entitled DSNSM is implemented and operational on several networks. We validate the framework against two large trace sets. [less ▲]

Detailed reference viewed: 157 (1 UL)
Full Text
See detailSecurity and Network monitoring based on Internet flow measurements
Wagner, Cynthia UL

Doctoral thesis (2012)

Today's networks face continuously arising new threats, making analysis of network data for the detection of anomalies in current operational networks essential. Network operators have to deal with the ... [more ▼]

Today's networks face continuously arising new threats, making analysis of network data for the detection of anomalies in current operational networks essential. Network operators have to deal with the analysis of huge volumes of data. To counter this main issue, dealing with IP flows (also known as Netflows) records is common in network management. However in modern networks, even Netflow records still represent a high volume of data. Interest in traffic classification as well as attack and anomaly detection in network monitoring and security related activities has become very strong. This thesis addresses the topic of Netflow record analysis by introducing simple mechanisms for the evaluation of large quantities of data. The mechanisms are based on spatially aggregated Netflow records. These records are evaluated by the use of a kernel function. This similarity function analyses aggregated data on quantitative and topological pattern changes. By the use of machine learning techniques the aim is to use the aggregated data and classify it into benign traffic and anomalies. Besides the detection of anomalies in network traffic, traffic is analyzed from the perspective of an attacker and a network operator by using a game-theoretical model in order to define strategies for attack and defence. To extend the evaluation models, information from the application layer has been analyzed. An occurring problem with application flows is that in some cases, network flows cannot be clearly attributed to sessions or users, as for example in anonymous overlay networks. A model for the attribution of flows to sessions or users has been defined and related to this, the behaviour of attack and defence mechanisms is studied in the framework of a game. [less ▲]

Detailed reference viewed: 141 (13 UL)
Peer Reviewed
See detailSymbolic Computing with Incremental Mind-maps to Manage and Mine Data Streams - Some Applications
Brucks, Claudine UL; Hilker, Michael UL; Schommer, Christoph UL et al

in Abstract book of 4th International Workshop on Neural-Symbolic Learning and Reasoning (NeSy'08). ECAI 2008. (2008)

Detailed reference viewed: 40 (6 UL)
Peer Reviewed
See detailSemi-automated Content Zoning of Spam Emails
Brucks, Claudine UL; Hilker, Michael UL; Schommer, Christoph UL et al

in Proceedings "WebIst" (2007)

Detailed reference viewed: 69 (3 UL)
Peer Reviewed
See detailSemi-automated Content Zoning of Spam Emails
Brucks, Claudine UL; Hilker, Michael UL; Schommer, Christoph UL et al

in Lecture Notes on Business Information Processing. Web Information Systems and Technologies (2007)

Detailed reference viewed: 71 (2 UL)