An Approach to Detect and Prevent Cybercrime in Large Complex Networks

Andre Sorensen; Maxime Jerome Remy; Nicolaj Kjettrup; Rasmi Vlad Mahmoud; Jens Myrup Pedersen

doi:10.1109/CyberSecPODS.2018.8560687

An Approach to Detect and Prevent Cybercrime in Large Complex Networks

Andre Sorensen, Maxime Jerome Remy, Nicolaj Kjettrup, Rasmi Vlad Mahmoud, Jens Myrup Pedersen

Publikation: Bidrag til bog/antologi/rapport/konference proceeding › Konferenceartikel i proceeding › Forskning › peer review

Abstract

Recently, the Danish defense department announced that research institutions are prominent targets for cybercrime. To better protect these organizations, an approach to prevent and detect cybercrime in large complex computer networks is needed. This paper contributes by a proof of concept of such an approach, based on a combination of Penetration test (Pen test) and Domain Name System (DNS) analysis. Pen test is a method to assess a network's current security state, by detecting vulnerabilities and misconfigurations before they are being abused. On the other hand, DNS traffic analysis can be used to detect ongoing cybercriminal/suspicious activities. The combination of the Pen test and DNS analysis can give an administrator a crucial overview of the vulnerabilities present in the system as well as already compromised parts. The methods were tested on the network of Aalborg University, and they were both able to identify ongoing cybercrime or vulnerabilities. While the feasibility was demonstrated, further developments are needed before it can be implemented on a larger scale.

Originalsprog	Engelsk
Titel	2018 International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2018
Antal sider	8
Forlag	IEEE
Publikationsdato	4 dec. 2018
Artikelnummer	8560687
ISBN (Trykt)	978-1-5386-4684-7
ISBN (Elektronisk)	978-1-5386-4683-0
DOI	https://doi.org/10.1109/CyberSecPODS.2018.8560687
Status	Udgivet - 4 dec. 2018
Begivenhed	4th International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2018 - Glasgow, Scotland, Storbritannien Varighed: 11 jun. 2018 → 12 jun. 2018

Konference

Konference	4th International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2018
Land/Område	Storbritannien
By	Glasgow, Scotland
Periode	11/06/2018 → 12/06/2018
Sponsor	Secudit

Navn	International Conference On Cyber Security And Protection Of Digital Services (Cyber Security). Proceedings.

Adgang til dokumentet

10.1109/CyberSecPODS.2018.8560687

AUB Link

Søg efter materialet i Aalborg Universitetsbiblioteks søgemaskine

Andre filer og links

http://www.scopus.com/inward/record.url?scp=85060487557&partnerID=8YFLogxK

Citationsformater

@inproceedings{41c22873e9474a989788a6c9c5233cc3,

title = "An Approach to Detect and Prevent Cybercrime in Large Complex Networks",

abstract = "Recently, the Danish defense department announced that research institutions are prominent targets for cybercrime. To better protect these organizations, an approach to prevent and detect cybercrime in large complex computer networks is needed. This paper contributes by a proof of concept of such an approach, based on a combination of Penetration test (Pen test) and Domain Name System (DNS) analysis. Pen test is a method to assess a network's current security state, by detecting vulnerabilities and misconfigurations before they are being abused. On the other hand, DNS traffic analysis can be used to detect ongoing cybercriminal/suspicious activities. The combination of the Pen test and DNS analysis can give an administrator a crucial overview of the vulnerabilities present in the system as well as already compromised parts. The methods were tested on the network of Aalborg University, and they were both able to identify ongoing cybercrime or vulnerabilities. While the feasibility was demonstrated, further developments are needed before it can be implemented on a larger scale.",

keywords = "Blacklist, Cybercrime, Detection, DNS Analysis, Failed DNS Requests, Penetration Testing, Prevention",

author = "Andre Sorensen and Remy, {Maxime Jerome} and Nicolaj Kjettrup and Mahmoud, {Rasmi Vlad} and Pedersen, {Jens Myrup}",

year = "2018",

month = dec,

day = "4",

doi = "10.1109/CyberSecPODS.2018.8560687",

language = "English",

isbn = "978-1-5386-4684-7",

series = "International Conference On Cyber Security And Protection Of Digital Services (Cyber Security). Proceedings.",

publisher = "IEEE",

booktitle = "2018 International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2018",

address = "United States",

note = "4th International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2018 ; Conference date: 11-06-2018 Through 12-06-2018",

}

Sorensen, A, Remy, MJ, Kjettrup, N, Mahmoud, RV & Pedersen, JM 2018, An Approach to Detect and Prevent Cybercrime in Large Complex Networks. i 2018 International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2018., 8560687, IEEE, International Conference On Cyber Security And Protection Of Digital Services (Cyber Security). Proceedings., 4th International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2018, Glasgow, Scotland, Storbritannien, 11/06/2018. https://doi.org/10.1109/CyberSecPODS.2018.8560687

An Approach to Detect and Prevent Cybercrime in Large Complex Networks. / Sorensen, Andre; Remy, Maxime Jerome; Kjettrup, Nicolaj et al.
2018 International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2018. IEEE, 2018. 8560687 (International Conference On Cyber Security And Protection Of Digital Services (Cyber Security). Proceedings.).

Publikation: Bidrag til bog/antologi/rapport/konference proceeding › Konferenceartikel i proceeding › Forskning › peer review

TY - GEN

T1 - An Approach to Detect and Prevent Cybercrime in Large Complex Networks

AU - Sorensen, Andre

AU - Remy, Maxime Jerome

AU - Kjettrup, Nicolaj

AU - Mahmoud, Rasmi Vlad

AU - Pedersen, Jens Myrup

PY - 2018/12/4

Y1 - 2018/12/4

N2 - Recently, the Danish defense department announced that research institutions are prominent targets for cybercrime. To better protect these organizations, an approach to prevent and detect cybercrime in large complex computer networks is needed. This paper contributes by a proof of concept of such an approach, based on a combination of Penetration test (Pen test) and Domain Name System (DNS) analysis. Pen test is a method to assess a network's current security state, by detecting vulnerabilities and misconfigurations before they are being abused. On the other hand, DNS traffic analysis can be used to detect ongoing cybercriminal/suspicious activities. The combination of the Pen test and DNS analysis can give an administrator a crucial overview of the vulnerabilities present in the system as well as already compromised parts. The methods were tested on the network of Aalborg University, and they were both able to identify ongoing cybercrime or vulnerabilities. While the feasibility was demonstrated, further developments are needed before it can be implemented on a larger scale.

AB - Recently, the Danish defense department announced that research institutions are prominent targets for cybercrime. To better protect these organizations, an approach to prevent and detect cybercrime in large complex computer networks is needed. This paper contributes by a proof of concept of such an approach, based on a combination of Penetration test (Pen test) and Domain Name System (DNS) analysis. Pen test is a method to assess a network's current security state, by detecting vulnerabilities and misconfigurations before they are being abused. On the other hand, DNS traffic analysis can be used to detect ongoing cybercriminal/suspicious activities. The combination of the Pen test and DNS analysis can give an administrator a crucial overview of the vulnerabilities present in the system as well as already compromised parts. The methods were tested on the network of Aalborg University, and they were both able to identify ongoing cybercrime or vulnerabilities. While the feasibility was demonstrated, further developments are needed before it can be implemented on a larger scale.

KW - Blacklist

KW - Cybercrime

KW - Detection

KW - DNS Analysis

KW - Failed DNS Requests

KW - Penetration Testing

KW - Prevention

UR - http://www.scopus.com/inward/record.url?scp=85060487557&partnerID=8YFLogxK

U2 - 10.1109/CyberSecPODS.2018.8560687

DO - 10.1109/CyberSecPODS.2018.8560687

M3 - Article in proceeding

AN - SCOPUS:85060487557

SN - 978-1-5386-4684-7

T3 - International Conference On Cyber Security And Protection Of Digital Services (Cyber Security). Proceedings.

BT - 2018 International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2018

PB - IEEE

T2 - 4th International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2018

Y2 - 11 June 2018 through 12 June 2018

ER -

Sorensen A, Remy MJ, Kjettrup N, Mahmoud RV, Pedersen JM. An Approach to Detect and Prevent Cybercrime in Large Complex Networks. I 2018 International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2018. IEEE. 2018. 8560687. (International Conference On Cyber Security And Protection Of Digital Services (Cyber Security). Proceedings.). doi: 10.1109/CyberSecPODS.2018.8560687

An Approach to Detect and Prevent Cybercrime in Large Complex Networks

Abstract

Konference

Adgang til dokumentet

AUB Link

Andre filer og links

Fingeraftryk

Citationsformater