Title :
ROOK: Multi-session Based Network Security Event Detector
Author :
Mizutani, Masayoshi ; Shirahata, Shin ; Minami, Masaki ; Murai, Jun
Author_Institution :
Grad. Sch. of Media & Governance, Keio Univ., Fujisawa
fDate :
July 28 2008-Aug. 1 2008
Abstract :
We have implemented Multi-Session based Network Security Event Detector: ROOK to detect botnet activity and P2P file sharing traffic and our results show that our method is less false positives than existing network security event detectors (e.g. IDS). We proposed a network security event detection method by analyzing correlation among multiple sessions. Our method can recognize hosts behaviors by rules that describe multi-session correlations: a rule includes the order of starting sessions and information exchange between sessions. By this method, ROOK detected DNS and IRC activities of bots in the experiment.
Keywords :
peer-to-peer computing; telecommunication security; telecommunication traffic; P2P file sharing traffic; ROOK; botnet activity; multisession based network security event detector; Computer security; Cryptography; Detectors; Event detection; IP networks; Information security; Intrusion detection; Peer to peer computing; Scalability; Telecommunication traffic; Bot; Internet; Intrusion Detection; Security;
Conference_Titel :
Applications and the Internet, 2008. SAINT 2008. International Symposium on
Conference_Location :
Turku
Print_ISBN :
978-0-7695-3297-4
DOI :
10.1109/SAINT.2008.110
