Paper Title
NSME: A Network Safety Management Engine to Spot and Filter Malicious IP Clusters

Detecting and discriminating malicious and gentle nodes in the network is the most convolute task, which has undistinguishable behaviors, and a set of nodes which has different behavior is often possible to be in a same cluster. Finding the node behavior and clustering them in a malicious cluster based on the behavior analysis is a major research to enhance the network security. We demonstrate that it is often possible to discover such clusters and finding optimal response to thwart the further interruption by processing network logs collected at various network configurations. Obviously, not every node and clusters exposed as malicious. Yet, we show that malicious clusters can accurately be distinguished from benign ones by simply using episode segmentation and a predictive IP blacklist. In this paper, we first propose a novel network safety management engine to spot and filter such malicious behavioral IP and IP clusters in the network. In this paper, we concentrated on different types of malicious behaviors like service interruption, spreading spam, spoofing and misusing data in the network etc., Based on the behavior analysis, behavior score is calculated and the score threshold determines the predictive black list. Later the highly predictive blacklists are used to find the malicious cluster. Additionally, we performed the counter measure selection for the node behavior and its behavioral score. We significantly get better results in terms of precision and recall. Furthermore, we produced an episode detection process with event id and its sequence for fast behavior analysis. The proposed malicious detection process and clustering process improves the precision and recall. Finally, we demonstrate the efficacy of the proposed scheme using network log events which are captured from the trace files using the NS2 tool. Keywords - Malicious IP Cluster, Network Security, Botnet, DOS Attack, Countermeasure, Behavior Analysis