A practical approach for clustering large data flows of malicious URLs

A practical approach for clustering large data flows of malicious URLs

Over the last couple of years there has been a substantial increase of malicious attacks that are using the Internet as an infection vector. One solution to counter this problem is to implement a filter at the network connection level. Due to the large amount of data that has to be filtered in real-...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Journal of computer virology and hacking techniques 2016-02, Vol.12 (1), p.37-47
Hauptverfasser: Popescu, Adrian-Ştefan, Gavriluţ, Dragoş-Teodor, Irimia, Daniel-Ionuţ
Format: Artikel
Sprache:eng
Schlagworte:
Computer Science
Original Paper
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Over the last couple of years there has been a substantial increase of malicious attacks that are using the Internet as an infection vector. One solution to counter this problem is to implement a filter at the network connection level. Due to the large amount of data that has to be filtered in real-time, any practical approach has to consider both memory usage and performance limitations in order to deliver a fast response time. This paper presents a cloud-based mechanism that can be used to filter large amounts of network traffic with respect to both memory and response time limitations. The algorithms have been tested on data flows of more than 750 million of URLs/day. We will address different practical problems, such as storage, computation time and large data flow clustering. In the end we will also present different statistical results that we obtained over a period of 2 months.
ISSN:2263-8733
2263-8733
DOI:10.1007/s11416-015-0239-x