Skip to Main Content
Frequently Asked Questions
Submit an ETD
Global Search Box
Need Help?
Keyword Search
Participating Institutions
Advanced Search
School Logo
Files
File List
Dae Wook Kim-Dissertation.pdf (3.95 MB)
ETD Abstract Container
Abstract Header
Data-Driven Network-Centric Threat Assessment
Author Info
Kim, Dae Wook
ORCID® Identifier
http://orcid.org/0000-0003-3262-4881
Permalink:
http://rave.ohiolink.edu/etdc/view?acc_num=wright1495191891086814
Abstract Details
Year and Degree
2017, Doctor of Philosophy (PhD), Wright State University, Computer Science and Engineering PhD.
Abstract
As the Internet has grown increasingly popular as a communication and information sharing platform, it has given rise to two major types of Internet security threats related to two primary entities: end-users and network services. First, information leakages from networks can reveal sensitive information about end-users. Second, end-users systems can be compromised through attacks on network services, such as scanning-and-exploit attacks, spamming, drive-by downloads, and fake anti-virus software. Designing threat assessments to detect these threats is, therefore, of great importance, and a number of the detection systems have been proposed. However, these existing threat assessment systems face significant challenges in terms of i) behavioral diversity, ii) data heterogeneity, and iii) large data volume. To address the challenges of the two major threat types, this dissertation offers three unique contributions. First, we built a new system to identify network users via Domain Name System (DNS) traffic, which is one of the most important behavior-based tracking methods for addressing privacy threats. The goal of our system is to boost the effectiveness of existing user identification systems by designing effective fingerprint patterns based on semantically limited DNS queries that are missed by existing tracking efforts. Second, we built a novel system to detect fake anti-virus (AV) attacks, which represent an active trend in the distribution of Internet-based malware. Our system aims to boost the effectiveness of existing fake AV attack detection by detecting fake AV attacks in three challenging scenarios: i) fake AV webpages that require user interaction to install malware, instead of using malicious content to run automatic exploitation without users consent (e.g., shellcode); ii) fake AV webpages designed to impersonate real webpages using a few representative elements, such as the names and icons of anti-virus products from authentic anti-virus webpages; and iii) fake AV webpages that offer up-to-date solutions (e.g.,product versions and threat names) to emerging threats. Finally, we built a novel system to detect malicious online social network (OSN) accounts that participate in online promotion events. The goal of our work is to boost the effectiveness of existing detection methods, such as spammer detection and fraud detection. To achieve our goal, our framework that systematically integrates features that characterize malicious OSN accounts based on three of their characteristics: their general behaviors, their recharging patterns, and their currency usage, and then leverages statistical classifier for detection.
Committee
Junjie Zhang, Ph.D. (Advisor)
Adam Robert Bryant, Ph.D. (Committee Member)
Bin Wang, Ph.D. (Committee Member)
Xuetao Wei, Ph.D. (Committee Member)
Pages
113 p.
Subject Headings
Computer Science
Keywords
network security
;
fake anti-virus software
;
intrusion detection
;
web document analysis
;
statistical classification
;
Domain Name System
;
behavioral fingerprints
;
privacy
;
online social networks
;
virtual currency
;
malicious accounts
Recommended Citations
Refworks
EndNote
RIS
Mendeley
Citations
Kim, D. W. (2017).
Data-Driven Network-Centric Threat Assessment
[Doctoral dissertation, Wright State University]. OhioLINK Electronic Theses and Dissertations Center. http://rave.ohiolink.edu/etdc/view?acc_num=wright1495191891086814
APA Style (7th edition)
Kim, Dae Wook.
Data-Driven Network-Centric Threat Assessment.
2017. Wright State University, Doctoral dissertation.
OhioLINK Electronic Theses and Dissertations Center
, http://rave.ohiolink.edu/etdc/view?acc_num=wright1495191891086814.
MLA Style (8th edition)
Kim, Dae Wook. "Data-Driven Network-Centric Threat Assessment." Doctoral dissertation, Wright State University, 2017. http://rave.ohiolink.edu/etdc/view?acc_num=wright1495191891086814
Chicago Manual of Style (17th edition)
Abstract Footer
Document number:
wright1495191891086814
Download Count:
714
Copyright Info
© 2017, all rights reserved.
This open access ETD is published by Wright State University and OhioLINK.