PASCAL - Pattern Analysis, Statistical Modelling and Computational Learning

ASAP: Automatic Semantics-Aware Analysis of Network Payloads
Tammo Krüger, Nicole Krämer and Konrad Rieck
European Conference on Machine Learning, Workshop on Privacy and Security Issues in Data Mining and Machine Learning 2011.

Abstract

Automatic inspection of network payloads is a prerequisite for effective analysis of network communication. Security research has largely focused on network analysis using protocol specifications, for example for intrusion detection, fuzz testing and forensic analysis. The specification of a protocol alone, however, is often not sufficient for accurate analysis of communication, as it fails to reflect individual semantics of network applications. We propose a framework for semantics-aware analysis of network payloads which automaticylly extracts semantic components from recorded network traffic. Our method proceeds by mapping network payloads to a vector space and identifying semantic templates corresponding to base directions in the vector space. We demonstrate the efficacy of semantics-aware analysis in different security applications: automatic discovery of patterns in honeypot data, analysis of malware communication and network intrusion detection.

PDF - Requires Adobe Acrobat Reader or other PDF viewer.
EPrint Type:Article
Project Keyword:Project Keyword UNSPECIFIED
Subjects:Theory & Algorithms
Information Retrieval & Textual Information Access
ID Code:7374
Deposited By:Nicole Krämer
Deposited On:17 March 2011