Enhancing enterprise security through cost-effective and highly customizable network monitoring

Joshua Regenold; Kai Wang; Gary Smith; Quingzhong Liu; Lei Chen; Qingzhong Liu

doi:10.4108/eai.13-7-2017.2270274

Enhancing enterprise security through cost-effective and highly customizable network monitoring

Joshua Regenold, Kai Wang, Gary Smith, Quingzhong Liu, Lei Chen, Qingzhong Liu

Research output: Contribution to book or proceeding › Conference article › peer-review

2 Scopus citations

Abstract

Network monitoring and network traffic analysis software are common tools used in an enterprise, giving IT administrators valuable insight into the status of their servers and network devices. Limited research has been done to highlight the security benefits of low-level network traffic logging and analysis, though much of it involves testing the network activity of malicious software in lab environments, using cost-prohibitive software to analyze traffic for a pre-determined amount of time. This is a useful way to isolate network activity to only the malicious software, but it also eliminates valuable baseline traffic information for an enterprise network. There are significant security benefits to be gained from analyzing how malware reacts in - or alters - an enterprise network. This paper provides techniques for getting a baseline of enterprise network traffic and analyzes how different types of malware can affect this baseline. Using only low- and no-cost software and services, we analyze the storage requirements for historical network traffic data and present techniques to filter out much of the noise, significantly reducing the amount of data that must be stored and analyzed. The results of our technique are compared against traditional anti-malware and network traffic analysis methods, revealing our approach to be a cost-effective, highly customizable and effective.

Original language	English
Title of host publication	MOBIMEDIA 2017 - 10th EAI International Conference on Mobile Multimedia Communications
Editors	Honggang Wang, Qianbin Chen, Yanbing Liu, Dapeng Wu, Nirwan Ansari, Lei Chen, Dalei Wu
Publisher	ICST
Pages	133-142
Number of pages	10
ISBN (Print)	9781631901560
DOIs	https://doi.org/10.4108/eai.13-7-2017.2270274
State	Published - 2017
Event	EAI International Conference on Mobile Multimedia Communications - Chongqing, China Duration: Jul 13 2017 → Jul 14 2017 Conference number: 10 https://eudl.eu/proceedings/mobimedia/2017

Publication series

Name	International Conference on Mobile Multimedia Communications (MobiMedia)
Volume	2017-July
ISSN (Electronic)	2413-094X

Conference

Conference	EAI International Conference on Mobile Multimedia Communications
Abbreviated title	EAI MOBIMEDIA
Country/Territory	China
City	Chongqing
Period	07/13/17 → 07/14/17
Internet address	https://eudl.eu/proceedings/mobimedia/2017

Scopus Subject Areas

Computer Networks and Communications
Computer Science Applications
Emergency Medicine
Media Technology
Modeling and Simulation

Access to Document

10.4108/eai.13-7-2017.2270274

Cite this

Regenold, J., Wang, K., Smith, G., Liu, Q., Chen, L., & Liu, Q. (2017). Enhancing enterprise security through cost-effective and highly customizable network monitoring. In H. Wang, Q. Chen, Y. Liu, D. Wu, N. Ansari, L. Chen, & D. Wu (Eds.), MOBIMEDIA 2017 - 10th EAI International Conference on Mobile Multimedia Communications (pp. 133-142). (International Conference on Mobile Multimedia Communications (MobiMedia); Vol. 2017-July). ICST. https://doi.org/10.4108/eai.13-7-2017.2270274

Regenold, Joshua ; Wang, Kai ; Smith, Gary et al. / Enhancing enterprise security through cost-effective and highly customizable network monitoring. MOBIMEDIA 2017 - 10th EAI International Conference on Mobile Multimedia Communications. editor / Honggang Wang ; Qianbin Chen ; Yanbing Liu ; Dapeng Wu ; Nirwan Ansari ; Lei Chen ; Dalei Wu. ICST, 2017. pp. 133-142 (International Conference on Mobile Multimedia Communications (MobiMedia)).

@inproceedings{e1481d0584964d2094b83a2c898b4809,

title = "Enhancing enterprise security through cost-effective and highly customizable network monitoring",

abstract = "Network monitoring and network traffic analysis software are common tools used in an enterprise, giving IT administrators valuable insight into the status of their servers and network devices. Limited research has been done to highlight the security benefits of low-level network traffic logging and analysis, though much of it involves testing the network activity of malicious software in lab environments, using cost-prohibitive software to analyze traffic for a pre-determined amount of time. This is a useful way to isolate network activity to only the malicious software, but it also eliminates valuable baseline traffic information for an enterprise network. There are significant security benefits to be gained from analyzing how malware reacts in - or alters - an enterprise network. This paper provides techniques for getting a baseline of enterprise network traffic and analyzes how different types of malware can affect this baseline. Using only low- and no-cost software and services, we analyze the storage requirements for historical network traffic data and present techniques to filter out much of the noise, significantly reducing the amount of data that must be stored and analyzed. The results of our technique are compared against traditional anti-malware and network traffic analysis methods, revealing our approach to be a cost-effective, highly customizable and effective.",

author = "Joshua Regenold and Kai Wang and Gary Smith and Quingzhong Liu and Lei Chen and Qingzhong Liu",

note = "Publisher Copyright: Copyright {\textcopyright} 2017 EAI.; EAI International Conference on Mobile Multimedia Communications ; Conference date: 13-07-2017 Through 14-07-2017",

year = "2017",

doi = "10.4108/eai.13-7-2017.2270274",

language = "English",

isbn = "9781631901560",

series = "International Conference on Mobile Multimedia Communications (MobiMedia)",

publisher = "ICST",

pages = "133--142",

editor = "Honggang Wang and Qianbin Chen and Yanbing Liu and Dapeng Wu and Nirwan Ansari and Lei Chen and Dalei Wu",

booktitle = "MOBIMEDIA 2017 - 10th EAI International Conference on Mobile Multimedia Communications",

url = "https://eudl.eu/proceedings/mobimedia/2017",

}

Regenold, J, Wang, K, Smith, G, Liu, Q, Chen, L & Liu, Q 2017, Enhancing enterprise security through cost-effective and highly customizable network monitoring. in H Wang, Q Chen, Y Liu, D Wu, N Ansari, L Chen & D Wu (eds), MOBIMEDIA 2017 - 10th EAI International Conference on Mobile Multimedia Communications. International Conference on Mobile Multimedia Communications (MobiMedia), vol. 2017-July, ICST, pp. 133-142, EAI International Conference on Mobile Multimedia Communications, Chongqing, China, 07/13/17. https://doi.org/10.4108/eai.13-7-2017.2270274

Enhancing enterprise security through cost-effective and highly customizable network monitoring. / Regenold, Joshua; Wang, Kai; Smith, Gary et al.
MOBIMEDIA 2017 - 10th EAI International Conference on Mobile Multimedia Communications. ed. / Honggang Wang; Qianbin Chen; Yanbing Liu; Dapeng Wu; Nirwan Ansari; Lei Chen; Dalei Wu. ICST, 2017. p. 133-142 (International Conference on Mobile Multimedia Communications (MobiMedia); Vol. 2017-July).

Research output: Contribution to book or proceeding › Conference article › peer-review

TY - GEN

T1 - Enhancing enterprise security through cost-effective and highly customizable network monitoring

AU - Regenold, Joshua

AU - Wang, Kai

AU - Smith, Gary

AU - Liu, Quingzhong

AU - Chen, Lei

AU - Liu, Qingzhong

N1 - Conference code: 10

PY - 2017

Y1 - 2017

N2 - Network monitoring and network traffic analysis software are common tools used in an enterprise, giving IT administrators valuable insight into the status of their servers and network devices. Limited research has been done to highlight the security benefits of low-level network traffic logging and analysis, though much of it involves testing the network activity of malicious software in lab environments, using cost-prohibitive software to analyze traffic for a pre-determined amount of time. This is a useful way to isolate network activity to only the malicious software, but it also eliminates valuable baseline traffic information for an enterprise network. There are significant security benefits to be gained from analyzing how malware reacts in - or alters - an enterprise network. This paper provides techniques for getting a baseline of enterprise network traffic and analyzes how different types of malware can affect this baseline. Using only low- and no-cost software and services, we analyze the storage requirements for historical network traffic data and present techniques to filter out much of the noise, significantly reducing the amount of data that must be stored and analyzed. The results of our technique are compared against traditional anti-malware and network traffic analysis methods, revealing our approach to be a cost-effective, highly customizable and effective.

AB - Network monitoring and network traffic analysis software are common tools used in an enterprise, giving IT administrators valuable insight into the status of their servers and network devices. Limited research has been done to highlight the security benefits of low-level network traffic logging and analysis, though much of it involves testing the network activity of malicious software in lab environments, using cost-prohibitive software to analyze traffic for a pre-determined amount of time. This is a useful way to isolate network activity to only the malicious software, but it also eliminates valuable baseline traffic information for an enterprise network. There are significant security benefits to be gained from analyzing how malware reacts in - or alters - an enterprise network. This paper provides techniques for getting a baseline of enterprise network traffic and analyzes how different types of malware can affect this baseline. Using only low- and no-cost software and services, we analyze the storage requirements for historical network traffic data and present techniques to filter out much of the noise, significantly reducing the amount of data that must be stored and analyzed. The results of our technique are compared against traditional anti-malware and network traffic analysis methods, revealing our approach to be a cost-effective, highly customizable and effective.

UR - http://www.scopus.com/inward/record.url?scp=85052572748&partnerID=8YFLogxK

U2 - 10.4108/eai.13-7-2017.2270274

DO - 10.4108/eai.13-7-2017.2270274

M3 - Conference article

SN - 9781631901560

T3 - International Conference on Mobile Multimedia Communications (MobiMedia)

SP - 133

EP - 142

BT - MOBIMEDIA 2017 - 10th EAI International Conference on Mobile Multimedia Communications

A2 - Wang, Honggang

A2 - Chen, Qianbin

A2 - Liu, Yanbing

A2 - Wu, Dapeng

A2 - Ansari, Nirwan

A2 - Chen, Lei

A2 - Wu, Dalei

PB - ICST

T2 - EAI International Conference on Mobile Multimedia Communications

Y2 - 13 July 2017 through 14 July 2017

ER -

Regenold J, Wang K, Smith G, Liu Q, Chen L, Liu Q. Enhancing enterprise security through cost-effective and highly customizable network monitoring. In Wang H, Chen Q, Liu Y, Wu D, Ansari N, Chen L, Wu D, editors, MOBIMEDIA 2017 - 10th EAI International Conference on Mobile Multimedia Communications. ICST. 2017. p. 133-142. (International Conference on Mobile Multimedia Communications (MobiMedia)). doi: 10.4108/eai.13-7-2017.2270274

Enhancing enterprise security through cost-effective and highly customizable network monitoring

Abstract

Publication series

Conference

Scopus Subject Areas

Access to Document

Other files and links

Fingerprint

Cite this