Effective network security monitoring: from attribution to target-centric monitoring

Siraj Ahmed Shaikh, Harsha Kalutarage

    Research output: Contribution to journalArticle

    3 Citations (Scopus)
    96 Downloads (Pure)

    Abstract

    Network security monitoring remains a challenge. As global networks scale up, in terms of traffic, volume and speed, effective attribution of cyber attacks is increasingly difficult. The problem is compounded by a combination of other factors, including the architecture of the Internet, multi-stage attacks and increasing volumes of nonproductive traffic. This paper proposes to shift the focus of security monitoring from the source to the target. Simply put, resources devoted to detection and attribution should be redeployed to efficiently monitor for targeting and prevention of attacks. The effort of detection should aim to determine whether a node is under attack, and if so, effectively prevent the attack. This paper contributes by systematically reviewing the structural, operational and legal reasons underlying this argument, and presents empirical evidence to support a shift away from attribution to favour of a target-centric monitoring approach. A carefully deployed set of experiments are presented and a detailed analysis of the results is achieved.
    Original languageEnglish
    Pages (from-to)167-178
    JournalTelecommunication Systems
    Volume62
    Issue number1
    DOIs
    Publication statusPublished - Jun 2015

    Bibliographical note

    The final publication is available at Springer via http://dx.doi.org/10.1007/s11235-015-0071-0 .

    Keywords

    • IT in Business
    • Computer Communication Networks
    • Artificial Intelligence (incl. Robotics)
    • Probability Theory and Stochastic Processes

    Fingerprint Dive into the research topics of 'Effective network security monitoring: from attribution to target-centric monitoring'. Together they form a unique fingerprint.

  • Cite this