Title :
Flow based observations from NETI@home and honeynet data
Author :
Grizzard, Julian B. ; Simpson, Charles R., Jr. ; Krasser, Sven ; Owen, Henry L. ; Riley, George F.
Author_Institution :
Sch. of Electr. & Comput. Eng., Georgia Inst. of Technol. Atlanta, USA
Abstract :
We conduct a flow based comparison of honeynet traffic, representing malicious traffic, and NETI@home traffic, representing typical end user traffic. We present a cumulative distribution function of the number of packets for a TCP flow and learn that a large portion of these flows in both datasets are failed and potentially malicious connection attempts. Next, we look at a histogram of TCP port activity over large time scales to gain insight into port scanning and worm activity. One key observation is that new worms can linger on for more than a year after the initial release date. Finally, we look at activity relative to the IP address space and observe that the sources of malicious traffic are spread across the allocated range.
Keywords :
Internet; invasive software; packet switching; telecommunication network routing; telecommunication security; telecommunication traffic; transport protocols; IP address; Internet; NETI@home data; NETI@home traffic; TCP flow; TCP port activity; computer worms; cumulative distribution function; end user traffic; flow based observations; honeynet data; honeynet traffic; malicious connection attempts; malicious traffic; packets; port scanning; worm activity; Computer worms; Distribution functions; Histograms; IP networks; Internet; Software packages; Space technology; Statistics; TCPIP; Telecommunication traffic;
Conference_Titel :
Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC
Print_ISBN :
0-7803-9290-6
DOI :
10.1109/IAW.2005.1495959
