• DocumentCode
    1884807
  • Title

    Low-rate, flow-level periodicity detection

  • Author

    Bartlett, Genevieve ; Heidemann, John ; Papadopoulos, Christos

  • Author_Institution
    Inf. Sci. Inst., USC, Marina del Rey, CA, USA
  • fYear
    2011
  • fDate
    10-15 April 2011
  • Firstpage
    804
  • Lastpage
    809
  • Abstract
    As desktops and servers become more complicated, they employ an increasing amount of automatic, non-user initiated communication. Such communication can be good (OS updates, RSS feed readers, and mail polling), bad (keyloggers, spyware, and botnet command-and-control), or ugly (adware or unauthorized peer-to-peer applications). Communication in these applications is often regular, but with very long periods, ranging from minutes to hours. This infrequent communication and the complexity of today´s systems makes these applications difficult for users to detect and diagnose. In this paper we present a new approach to identify low-rate periodic network traffic and changes in such regular communication. We employ signal-processing techniques, using discrete wavelets implemented as a fully decomposed, iterated filter bank. This approach not only detects low-rate periodicities, but also identifies approximate times when traffic changed. We implement a self-surveillance application that externally identifies changes to a user´s machine, such as interruption of periodic software updates, or an installation of a keylogger.
  • Keywords
    channel bank filters; computer network security; peer-to-peer computing; signal processing; telecommunication traffic; OS updates; RSS feed readers; adware; automatic nonuser initiated communication; botnet command-and-control; discrete wavelets; iterated filter bank; keyloggers; low-rate flow-level periodicity detection; low-rate periodic network traffic identification; mail polling; signal-processing techniques; spyware; unauthorized peer-to-peer applications; Aggregates; Computers; Harmonic analysis; Malware; Noise; Time frequency analysis;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Communications Workshops (INFOCOM WKSHPS), 2011 IEEE Conference on
  • Conference_Location
    Shanghai
  • Print_ISBN
    978-1-4577-0249-5
  • Electronic_ISBN
    978-1-4577-0248-8
  • Type

    conf

  • DOI
    10.1109/INFCOMW.2011.5928922
  • Filename
    5928922