Algorithms for clustering data
Algorithms for clustering data
On ordered weighted averaging aggregation operators in multicriteria decisionmaking
IEEE Transactions on Systems, Man and Cybernetics
Internet intrusions: global characteristics and prevalence
SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Characteristics of internet background radiation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Direct Methods for Sparse Linear Systems (Fundamentals of Algorithms 2)
Direct Methods for Sparse Linear Systems (Fundamentals of Algorithms 2)
Using uncleanliness to predict future botnet addresses
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
SGNET: A Worldwide Deployable Framework to Support the Analysis of Malware Threat Models
EDCC-7 '08 Proceedings of the 2008 Seventh European Dependable Computing Conference
WISTDCS '08 Proceedings of the 2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing
Data Mining for Intelligence, Fraud & Criminal Detection: Advanced Analytics & Information Sharing Technologies
Aggregation Functions: A Guide for Practitioners
Aggregation Functions: A Guide for Practitioners
The WOMBAT Attack Attribution Method: Some Results
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
A new graph-theoretic approach to clustering and segmentation
CVPR'03 Proceedings of the 2003 IEEE computer society conference on Computer vision and pattern recognition
A strategic analysis of spam botnets operations
Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
Industrial espionage and targeted attacks: understanding the characteristics of an escalating threat
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
| Hi-index | 0.00 |
We present a multicriteria clustering approach that has been developed to address a problem known as attack attribution in the realm of investigative data mining. Our method can be applied to a broad range of security data sets in order to get a better understanding of the root causes of the underlying phenomena that may have produced the observed data. A key feature of this approach is the combination of cluster analysis with a component for multi-criteria decision analysis. As a result, multiple criteria of interest (or attack features) can be aggregated using different techniques, allowing one to unveil complex relationships resulting from phenomena with eventually dynamic behaviors. To illustrate the method, we provide some empirical results obtained from a data set made of attack traces collected in the Internet by a set of honeypots during two years. Thanks to the application of our attribution method, we are able to identify several large-scale phenomena composed of IP sources that are linked to the same root cause, which constitute a type of phenomenon that we have called Misbehaving cloud (MC). An in-depth analysis of two instances of such clouds demonstrates the utility and meaningfulness of the approach, as well as the kind of insights we can get into the behaviors of malicious sources involved in these clouds.