Behavioral complexity analysis of networked systems to identify malware attacks
| dc.contributor.author | Haefner, Kyle, author | |
| dc.contributor.author | Ray, Indrakshi, advisor | |
| dc.contributor.author | Ben-Hur, Asa, committee member | |
| dc.contributor.author | Gersch, Joe, committee member | |
| dc.contributor.author | Hayne, Stephen, committee member | |
| dc.contributor.author | Ray, Indrajit, committee member | |
| dc.date.accessioned | 2021-01-11T11:20:55Z | |
| dc.date.available | 2021-01-11T11:20:55Z | |
| dc.date.issued | 2020 | |
| dc.description | Zip file contains supplementary images. | |
| dc.description.abstract | Internet of Things (IoT) environments are often composed of a diverse set of devices that span a broad range of functionality, making them a challenge to secure. This diversity of function leads to a commensurate diversity in network traffic, some devices have simple network footprints and some devices have complex network footprints. This network-complexity in a device's traffic provides a differentiator that can be used by the network to distinguish which devices are most effectively managed autonomously and which devices are not. This study proposes an informed autonomous learning method by quantifying the complexity of a device based on historic traffic and applies this complexity metric to build a probabilistic model of the device's normal behavior using a Gaussian Mixture Model (GMM). This method results in an anomaly detection classifier with inlier probability thresholds customized to the complexity of each device without requiring labeled data. The model efficacy is then evaluated using seven common types of real malware traffic and across four device datasets of network traffic: one residential-based, two from labs, and one consisting of commercial automation devices. The results of the analysis of over 100 devices and 800 experiments show that the model leads to highly accurate representations of the devices and a strong correlation between the measured complexity of a device and the accuracy to which its network behavior can be modeled. | |
| dc.format.medium | born digital | |
| dc.format.medium | doctoral dissertations | |
| dc.format.medium | ZIP | |
| dc.format.medium | PNG | |
| dc.format.medium | ||
| dc.identifier | Haefner_colostate_0053A_16292.pdf | |
| dc.identifier.uri | https://hdl.handle.net/10217/219593 | |
| dc.language | English | |
| dc.language.iso | eng | |
| dc.publisher | Colorado State University. Libraries | |
| dc.relation.ispartof | 2020- | |
| dc.rights | Copyright and other restrictions may apply. User is responsible for compliance with all applicable laws. For information about copyright law, please see https://libguides.colostate.edu/copyright. | |
| dc.subject | cyber-security | |
| dc.subject | anomaly-detection | |
| dc.subject | IoT | |
| dc.title | Behavioral complexity analysis of networked systems to identify malware attacks | |
| dc.type | Text | |
| dcterms.rights.dpla | This Item is protected by copyright and/or related rights (https://rightsstatements.org/vocab/InC/1.0/). You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s). | |
| thesis.degree.discipline | Computer Science | |
| thesis.degree.grantor | Colorado State University | |
| thesis.degree.level | Doctoral | |
| thesis.degree.name | Doctor of Philosophy (Ph.D.) |