Cargando…
Abnormal network flow detection based on application execution patterns from Web of Things (WoT) platforms
In this paper, we present a research work on a novel methodology of identifying abnormal behaviors at the underlying network monitor layer during runtime based on the execution patterns of Web of Things (WoT) applications. An execution pattern of a WoT application is a sequence of profiled time dela...
| Autores principales: | , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Public Library of Science
2018
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5774722/ https://www.ncbi.nlm.nih.gov/pubmed/29351324 http://dx.doi.org/10.1371/journal.pone.0191083 |
| _version_ | 1783293795379445760 |
|---|---|
| author | Yoon, Young Jung, Hyunwoo Lee, Hana |
| author_facet | Yoon, Young Jung, Hyunwoo Lee, Hana |
| author_sort | Yoon, Young |
| collection | PubMed |
| description | In this paper, we present a research work on a novel methodology of identifying abnormal behaviors at the underlying network monitor layer during runtime based on the execution patterns of Web of Things (WoT) applications. An execution pattern of a WoT application is a sequence of profiled time delays between the invocations of involved Web services, and it can be obtained from WoT platforms. We convert the execution pattern to a time sequence of network flows that are generated when the WoT applications are executed. We consider such time sequences as a whitelist. This whitelist reflects the valid application execution patterns. At the network monitor layer, our applied RETE algorithm examines whether any given runtime sequence of network flow instances does not conform to the whitelist. Through this approach, it is possible to interpret a sequence of network flows with regard to application logic. Given such contextual information, we believe that the administrators can detect and reason about any abnormal behaviors more effectively. Our empirical evaluation shows that our RETE-based algorithm outperforms the baseline algorithm in terms of memory usage. |
| format | Online Article Text |
| id | pubmed-5774722 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2018 |
| publisher | Public Library of Science |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-57747222018-02-05 Abnormal network flow detection based on application execution patterns from Web of Things (WoT) platforms Yoon, Young Jung, Hyunwoo Lee, Hana PLoS One Research Article In this paper, we present a research work on a novel methodology of identifying abnormal behaviors at the underlying network monitor layer during runtime based on the execution patterns of Web of Things (WoT) applications. An execution pattern of a WoT application is a sequence of profiled time delays between the invocations of involved Web services, and it can be obtained from WoT platforms. We convert the execution pattern to a time sequence of network flows that are generated when the WoT applications are executed. We consider such time sequences as a whitelist. This whitelist reflects the valid application execution patterns. At the network monitor layer, our applied RETE algorithm examines whether any given runtime sequence of network flow instances does not conform to the whitelist. Through this approach, it is possible to interpret a sequence of network flows with regard to application logic. Given such contextual information, we believe that the administrators can detect and reason about any abnormal behaviors more effectively. Our empirical evaluation shows that our RETE-based algorithm outperforms the baseline algorithm in terms of memory usage. Public Library of Science 2018-01-19 /pmc/articles/PMC5774722/ /pubmed/29351324 http://dx.doi.org/10.1371/journal.pone.0191083 Text en © 2018 Yoon et al http://creativecommons.org/licenses/by/4.0/ This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/) , which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited. |
| spellingShingle | Research Article Yoon, Young Jung, Hyunwoo Lee, Hana Abnormal network flow detection based on application execution patterns from Web of Things (WoT) platforms |
| title | Abnormal network flow detection based on application execution patterns from Web of Things (WoT) platforms |
| title_full | Abnormal network flow detection based on application execution patterns from Web of Things (WoT) platforms |
| title_fullStr | Abnormal network flow detection based on application execution patterns from Web of Things (WoT) platforms |
| title_full_unstemmed | Abnormal network flow detection based on application execution patterns from Web of Things (WoT) platforms |
| title_short | Abnormal network flow detection based on application execution patterns from Web of Things (WoT) platforms |
| title_sort | abnormal network flow detection based on application execution patterns from web of things (wot) platforms |
| topic | Research Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5774722/ https://www.ncbi.nlm.nih.gov/pubmed/29351324 http://dx.doi.org/10.1371/journal.pone.0191083 |
| work_keys_str_mv | AT yoonyoung abnormalnetworkflowdetectionbasedonapplicationexecutionpatternsfromwebofthingswotplatforms AT junghyunwoo abnormalnetworkflowdetectionbasedonapplicationexecutionpatternsfromwebofthingswotplatforms AT leehana abnormalnetworkflowdetectionbasedonapplicationexecutionpatternsfromwebofthingswotplatforms |