Nonlinear component analysis as a kernel eigenvalue problem
Neural Computation
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
NetSTAT: a network-based intrusion detection system
Journal of Computer Security
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
A high-level programming environment for packet trace anonymization and transformation
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Non-negative Matrix Factorization with Sparseness Constraints
The Journal of Machine Learning Research
Manifold learning visualization of network traffic data
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
ScriptGen: an automated script generation tool for honeyd
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Replayer: automatic protocol replay by binary analysis
Proceedings of the 13th ACM conference on Computer and communications security
Sensitivity of PCA for traffic anomaly detection
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Discoverer: automatic protocol reverse engineering from network traces
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Multi-document summarization via sentence-level semantic analysis and symmetric matrix factorization
Proceedings of the 31st annual international ACM SIGIR conference on Research and development in information retrieval
Linear-Time Computation of Similarity Measures for Sequential Data
The Journal of Machine Learning Research
The Contact Surface: A Technique for Exploring Internet Scale Emergent Behaviors
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Leveraging User Interactions for In-Depth Testing of Web Applications
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Fast intrusion detection based on a non-negative matrix factorization model
Journal of Network and Computer Applications
Prospex: Protocol Specification Extraction
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Constructing attribute weights from computer audit data for effective intrusion detection
Journal of Systems and Software
TokDoc: a self-healing web application firewall
Proceedings of the 2010 ACM Symposium on Applied Computing
Botzilla: detecting the "phoning home" of malicious software
Proceedings of the 2010 ACM Symposium on Applied Computing
Detecting unknown network attacks using language models
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
The nepenthes platform: an efficient approach to collect malware
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Learning stateful models for network honeypots
Proceedings of the 5th ACM workshop on Security and artificial intelligence
Hi-index | 0.01 |
Automatic inspection of network payloads is a prerequisite for effective analysis of network communication. Security research has largely focused on network analysis using protocol specifications, for example for intrusion detection, fuzz testing and forensic analysis. The specification of a protocol alone, however, is often not sufficient for accurate analysis of communication, as it fails to reflect individual semantics of network applications. We propose a framework for semantics-aware analysis of network payloads which automatically extracts semanticsaware components from recorded network traffic. Our method proceeds by mapping network payloads to a vector space and identifying communication templates corresponding to base directions in the vector space. We demonstrate the efficacy of semantics-aware analysis in different security applications: automatic discovery of patterns in honeypot data, analysis of malware communication and network intrusion detection.