Effective network security monitoring: from attribution to target-centric monitoring

Siraj Ahmed Shaikh*, Harsha Kumara Kalutarage

*Corresponding author for this work

Research output: Contribution to journalArticle

3 Citations (Scopus)

Abstract

Network security monitoring remains a challenge. As global networks scale up, in terms of traffic, volume and speed, effective attribution of cyber attacks is increasingly difficult. The problem is compounded by a combination of other factors, including the architecture of the Internet, multi-stage attacks and increasing volumes of nonproductive traffic. This paper proposes to shift the focus of security monitoring from the source to the target. Simply put, resources devoted to detection and attribution should be redeployed to efficiently monitor for targeting and prevention of attacks. The effort of detection should aim to determine whether a node is under attack, and if so, effectively prevent the attack. This paper contributes by systematically reviewing the structural, operational and legal reasons underlying this argument, and presents empirical evidence to support a shift away from attribution to favour of a target-centric monitoring approach. A carefully deployed set of experiments are presented and a detailed analysis of the results is achieved.

Original languageEnglish
Pages (from-to)167-178
Number of pages12
JournalTelecommunication Systems
Volume62
Issue number1
Early online date06 Jun 2015
DOIs
Publication statusPublished - 01 May 2016

    Fingerprint

Keywords

  • Attribution
  • Bayesian statistics
  • Communication networks
  • Network security
  • Scalable monitoring

Cite this