Analysis of anomaly packet´s feature based on honeypot

Author

Xinliang, Wang ; Fang, Liu ; Luying, Chen ; Zhenming, Lei

Author_Institution

Sch. of Inf. & Commun. Eng., Beijing Univ. of Posts & Telecommun., Beijing, China

fYear

2009

fDate

18-20 Oct. 2009

Firstpage

271

Lastpage

275

Abstract

The deep study of anomaly feature based on the particular server was made in this paper. By continuously monitoring on the honeypot deployed in Internet Data Center for more than two months, the experimental results were summarized and some initial exploratory models were built. The models show that the number of attackers for the main attack types and ports can be described by normal distribution; meanwhile, the average packet number that each attacker generates per day can be described by log-normal distribution. This research aims to contribute to endeavor in the wider security research community to build methods and obtain some statistical models, grounded on strong empirical work, for assessment of the robustness of systems in hostile environments, and the anomaly traffic sampling, detection and classification on the backbone.

Keywords

Internet; computer centres; computer network management; log normal distribution; normal distribution; security of data; statistical analysis; Internet data center; anomaly traffic sampling; log-normal distribution; security research community; statistical model; Gaussian distribution; Internet; Log-normal distribution; Monitoring; Robustness; Sampling methods; Security; Spine; Traffic control; Web server; Anomaly detection; Anomaly feature; Heavy-tail; Honeypot;

fLanguage

English

Publisher

ieee

Conference_Titel

Broadband Network & Multimedia Technology, 2009. IC-BNMT '09. 2nd IEEE International Conference on

Conference_Location

Beijing

Print_ISBN

978-1-4244-4590-5

Electronic_ISBN

978-1-4244-4591-2

Type

conf

DOI

10.1109/ICBNMT.2009.5348493

Filename

5348493