Paper Title
NSME: A Network Safety Management Engine to Spot and Filter Malicious IP Clusters
Abstract
Detecting and discriminating malicious and gentle nodes in the network is the most convolute task, which has
undistinguishable behaviors, and a set of nodes which has different behavior is often possible to be in a same cluster. Finding
the node behavior and clustering them in a malicious cluster based on the behavior analysis is a major research to enhance
the network security. We demonstrate that it is often possible to discover such clusters and finding optimal response to
thwart the further interruption by processing network logs collected at various network configurations. Obviously, not every
node and clusters exposed as malicious. Yet, we show that malicious clusters can accurately be distinguished from benign
ones by simply using episode segmentation and a predictive IP blacklist. In this paper, we first propose a novel network
safety management engine to spot and filter such malicious behavioral IP and IP clusters in the network. In this paper, we
concentrated on different types of malicious behaviors like service interruption, spreading spam, spoofing and misusing data
in the network etc., Based on the behavior analysis, behavior score is calculated and the score threshold determines the
predictive black list. Later the highly predictive blacklists are used to find the malicious cluster. Additionally, we performed
the counter measure selection for the node behavior and its behavioral score. We significantly get better results in terms of
precision and recall. Furthermore, we produced an episode detection process with event id and its sequence for fast behavior
analysis. The proposed malicious detection process and clustering process improves the precision and recall. Finally, we
demonstrate the efficacy of the proposed scheme using network log events which are captured from the trace files using the
NS2 tool.
Keywords - Malicious IP Cluster, Network Security, Botnet, DOS Attack, Countermeasure, Behavior Analysis