• DocumentCode
    175408
  • Title

    Filtering Automated Polling Traffic in Computer Network Flow Data

  • Author

    Heard, Nick ; Rubin-Delanchy, Patrick ; Lawson, Daniel

  • Author_Institution
    Imperial Coll. London, London, UK
  • fYear
    2014
  • fDate
    24-26 Sept. 2014
  • Firstpage
    268
  • Lastpage
    271
  • Abstract
    Detecting polling behaviour in a computer network has two important applications. First, the polling can be indicative of malware beaconing, where an undetected software virus sends regular communications to a controller. Second, the cause of the polling may not be malicious, since it may correspond to regular automated update requests permitted by the client, to build models of normal host behaviour for signature-free anomaly detection, this polling behaviour needs to be understood. This article presents a simple Fourier analysis technique for identifying regular polling, and focuses on the second application: modelling the normal behaviour of a host, using real data collected from the computer network of Imperial College London.
  • Keywords
    Fourier analysis; computer network security; system monitoring; Fourier analysis technique; Imperial College London; automated polling traffic filtering; computer network flow data; regular automated update requests; signature-free anomaly detection; Computational modeling; Educational institutions; IP networks; Malware; Monitoring; Servers;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Intelligence and Security Informatics Conference (JISIC), 2014 IEEE Joint
  • Conference_Location
    The Hague
  • Print_ISBN
    978-1-4799-6363-8
  • Type

    conf

  • DOI
    10.1109/JISIC.2014.52
  • Filename
    6975589
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=175408