Geodesic
Hidden Markov model for malicious hosts detection in a computer network
Journal of the Belarusian State University. Mathematics and Informatics, Tome 3 (2020), pp. 73-79.

Voir la notice de l'article provenant de la source Math-Net.Ru

The problem of malicious host detection in a computer network is reviewed. Activity of computer network hosts is tracking by a noisy detector. The paper suggests method for detection malicious hosts using activity timeseries classification. The approach is based on hidden Markov chain model that analyses timeseries and consecutive search of the most probable final state of the model. Efficiency of the approach is based on assumption that advanced persisted threats are localised in time, therefore malicious hosts in a computer network can be detected by virtue of activity comparison with reliable safe hosts.
Keywords: hidden Markov model; computer network; advanced persisted threat; timeseries classification. 
@article{BGUMI_2020_3_a6,
     author = {Ya. V. Bubnov and N. N. Ivanov},
     title = {Hidden {Markov} model for malicious hosts detection in a computer network},
     journal = {Journal of the Belarusian State University. Mathematics and Informatics},
     pages = {73--79},
     publisher = {mathdoc},
     volume = {3},
     year = {2020},
     language = {en},
     url = {http://geodesic.mathdoc.fr/item/BGUMI_2020_3_a6/}
}
TY  - JOUR
AU  - Ya. V. Bubnov
AU  - N. N. Ivanov
TI  - Hidden Markov model for malicious hosts detection in a computer network
JO  - Journal of the Belarusian State University. Mathematics and Informatics
PY  - 2020
SP  - 73
EP  - 79
VL  - 3
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/BGUMI_2020_3_a6/
LA  - en
ID  - BGUMI_2020_3_a6
ER  - 
%0 Journal Article
%A Ya. V. Bubnov
%A N. N. Ivanov
%T Hidden Markov model for malicious hosts detection in a computer network
%J Journal of the Belarusian State University. Mathematics and Informatics
%D 2020
%P 73-79
%V 3
%I mathdoc
%U http://geodesic.mathdoc.fr/item/BGUMI_2020_3_a6/
%G en
%F BGUMI_2020_3_a6
Ya. V. Bubnov; N. N. Ivanov. Hidden Markov model for malicious hosts detection in a computer network. Journal of the Belarusian State University. Mathematics and Informatics, Tome 3 (2020), pp. 73-79. http://geodesic.mathdoc.fr/item/BGUMI_2020_3_a6/

[1] C. Qi, X. Chen, C. Xu, J. Shi, P. Liu, “A bigram based real time DNS tunnel detection approach”, Procedia Computer Science, 17 (2013), 852–860 | DOI

[2] A. Souri, R. Hosseini, “A state-of-the-art survey of malware detection approaches using data mining techniques”, Human-Centric Computing and Information Sciences, 8(1) (2018), 2–22 | DOI

[3] P. Skvortsov, D. Hoppe, A. Tenschert, M. Geinger, “Monitoring in the clouds: comparison of ECO2Clouds and EXCESS monitoring approaches”, 2016, arXiv: http://dx.doi.org/https://arxiv.org/abs/1601.07355

[4] K. Rong, P. Bailis, “ASAP: prioritizing attention via time series smoothing”, Proceedings of the Very Large Data Bases Endowment, 10(11) (2017), 1358–1369 | DOI

[5] D. E. Knuth, “A generalization of Dijkstra’s algorithm”, Information Processing Letters, 6(1) (1977), 1–5 | DOI | MR | Zbl

[6] C. J. Deitrich, C. Rossow, F. C. Freiling, H. Bos, Steen. van, N. Pohlmann, “On botnets that use DNS for command and control”, 7th European Conference on Computer Network Defense (Gotheburg, Sweden), 2011, 9–16, Piscataway: IEEE | DOI

[7] D. Tatang, F. Quinket, N. Dolecki, T. Holz, “A study of newly observed hostnames and DNS tunneling in the wild”, 2019, arXiv: https://arxiv.org/abs/1902.08454

[8] Y. Bubnov, “DNS tunneling queries for binary classification”, Mendeley Data [Internet{https://data.mendeley.com/datasets/mzn9hvdcxg/1}], 2019 | DOI

[9] Y. Bubnov, “DNS tunneling detection using feedforward neural network”, European Journal of Engineering Research and Science, 3(11) (2018), 16–19 | DOI