DocumentCode
1884807
Title
Low-rate, flow-level periodicity detection
Author
Bartlett, Genevieve ; Heidemann, John ; Papadopoulos, Christos
Author_Institution
Inf. Sci. Inst., USC, Marina del Rey, CA, USA
fYear
2011
fDate
10-15 April 2011
Firstpage
804
Lastpage
809
Abstract
As desktops and servers become more complicated, they employ an increasing amount of automatic, non-user initiated communication. Such communication can be good (OS updates, RSS feed readers, and mail polling), bad (keyloggers, spyware, and botnet command-and-control), or ugly (adware or unauthorized peer-to-peer applications). Communication in these applications is often regular, but with very long periods, ranging from minutes to hours. This infrequent communication and the complexity of today´s systems makes these applications difficult for users to detect and diagnose. In this paper we present a new approach to identify low-rate periodic network traffic and changes in such regular communication. We employ signal-processing techniques, using discrete wavelets implemented as a fully decomposed, iterated filter bank. This approach not only detects low-rate periodicities, but also identifies approximate times when traffic changed. We implement a self-surveillance application that externally identifies changes to a user´s machine, such as interruption of periodic software updates, or an installation of a keylogger.
Keywords
channel bank filters; computer network security; peer-to-peer computing; signal processing; telecommunication traffic; OS updates; RSS feed readers; adware; automatic nonuser initiated communication; botnet command-and-control; discrete wavelets; iterated filter bank; keyloggers; low-rate flow-level periodicity detection; low-rate periodic network traffic identification; mail polling; signal-processing techniques; spyware; unauthorized peer-to-peer applications; Aggregates; Computers; Harmonic analysis; Malware; Noise; Time frequency analysis;
fLanguage
English
Publisher
ieee
Conference_Titel
Computer Communications Workshops (INFOCOM WKSHPS), 2011 IEEE Conference on
Conference_Location
Shanghai
Print_ISBN
978-1-4577-0249-5
Electronic_ISBN
978-1-4577-0248-8
Type
conf
DOI
10.1109/INFCOMW.2011.5928922
Filename
5928922
Link To Document