Some of the most serious threats to network security involve malware. One common way to detect malware-infected machines in a network is by monitoring communications based on blacklists. However, such detection is problematic because (1) no blacklist is completely reliable, and (2) blacklists do not provide the sufficient evidence to allow administrators to determine the validity and accuracy of the detection results. In this paper, we propose a malicious DNS query clustering approach for blacklist-based detection. Unlike conventional classification, our cause-based classification can efficiently analyze malware communications, allowing infected machines in the network to be addressed swiftly.

Online and realtime traffic summarization is a challenge as, except for the routine cases, aggregation parameters or, the flows that need to be observed are not known a priori. Dynamic adaptive aggregation algorithms adapt to the network traffic to detect the important flows. But present day algorithms are inadequate as they often produce inaccurate or meaningless aggregates. In this work we propose a Dynamic Constrained Adaptive Aggregation algorithm that does not produce the meaningless aggregates by using information about the network's configuration. We compare the performance of this algorithm with the erstwhile Dynamic (Unconstrained) Adaptive Aggregation algorithm and show its efficacy. Further we use the network map context that shows the network flows in an intuitive manner. Several applications of the algorithm and network map based visualization are discussed.

The advent of mobile IP communication has opened up several new areas of mission critical communication applications. But the bandwidth and reliability constraints coupled with handover latency are posing some hurdles which need to be overcome before real world mobile IP applications, with low tolerance for data loss, can be deployed. In this paper, we analyze the unreliability of existing information collection methods in the real-world MobileIP environment. We focus on this problem and propose a novel network management model that anticipates the wireless mobile entities and uses SNMP. The key idea of this model is the introduction of a store-and-forward type Managed Object (MO). During the period of unreachability between the Manager and the agent, the data is cached at the agent until the connectivity recovers. In our experiment we used a prototype implementation in real-world wireless communication field, and showed the effectiveness of our proposed method.