TY - CHAP
T1 - Enhancing Enterprise Security through Cost-Effective and Highly Customizable Network Monitoring
AU - Regenold, Joshua
AU - Wang, Kai
AU - Smith, Gary
AU - Liu, Quingzhong
AU - Chen, Lei
AU - Liu, Qingzhong
N1 - Publisher Copyright:
Copyright © 2017 EAI.
PY - 2017/7/13
Y1 - 2017/7/13
N2 - Network monitoring and network traffic analysis software are common tools used in an enterprise, giving IT administrators valuable insight into the status of their servers and network devices. Limited research has been done to highlight the security benefits of low-level network traffic logging and analysis, though much of it involves testing the network activity of malicious software in lab environments, using cost-prohibitive software to analyze traffic for a pre-determined amount of time. This is a useful way to isolate network activity to only the malicious software, but it also eliminates valuable baseline traffic information for an enterprise network. There are significant security benefits to be gained from analyzing how malware reacts in – or alters – an enterprise network. This paper provides techniques for getting a baseline of enterprise network traffic and analyzes how different types of malware can affect this baseline. Using only low- and no-cost software and services, we analyze the storage requirements for historical network traffic data and present techniques to filter out much of the noise, significantly reducing the amount of data that must be stored and analyzed. The results of our technique are compared against traditional antimalware and network traffic analysis methods, revealing our approach to be a cost-effective, highly customizable and effective layer of a complete defense-in-depth security strategy.
AB - Network monitoring and network traffic analysis software are common tools used in an enterprise, giving IT administrators valuable insight into the status of their servers and network devices. Limited research has been done to highlight the security benefits of low-level network traffic logging and analysis, though much of it involves testing the network activity of malicious software in lab environments, using cost-prohibitive software to analyze traffic for a pre-determined amount of time. This is a useful way to isolate network activity to only the malicious software, but it also eliminates valuable baseline traffic information for an enterprise network. There are significant security benefits to be gained from analyzing how malware reacts in – or alters – an enterprise network. This paper provides techniques for getting a baseline of enterprise network traffic and analyzes how different types of malware can affect this baseline. Using only low- and no-cost software and services, we analyze the storage requirements for historical network traffic data and present techniques to filter out much of the noise, significantly reducing the amount of data that must be stored and analyzed. The results of our technique are compared against traditional antimalware and network traffic analysis methods, revealing our approach to be a cost-effective, highly customizable and effective layer of a complete defense-in-depth security strategy.
KW - enterprise security
KW - cost-effective
KW - customization
KW - network monitoring
UR - https://digitalcommons.georgiasouthern.edu/information-tech-facpubs/57
UR - https://doi.org/10.4108/eai.13-7-2017.2270274
UR - http://www.scopus.com/inward/record.url?scp=85052572748&partnerID=8YFLogxK
U2 - 10.4108/eai.13-7-2017.2270274
DO - 10.4108/eai.13-7-2017.2270274
M3 - Chapter
SN - 9781631901560
T3 - 2413-094X
SP - 133
EP - 142
BT - MOBIMEDIA 2017: Proceedings of the 10th EAI International Conference on Mobile Multimedia Communications
A2 - Wang, Honggang
A2 - Chen, Qianbin
A2 - Liu, Yanbing
A2 - Wu, Dapeng
A2 - Ansari, Nirwan
A2 - Chen, Lei
A2 - Wu, Dalei
PB - ICST
T2 - 10th EAI International Conference on Mobile Multimedia Communications, MOBIMEDIA 2017
Y2 - 13 July 2017 through 14 July 2017
ER -