• DocumentCode
    3233743
  • Title

    The use of packet inter-arrival times for investigating unsolicited Internet traffic

  • Author

    Zimmermann, Jacob ; Clark, Andreew ; Mohay, George ; Pouget, Fabien ; Dacier, Mare

  • Author_Institution
    Inf. Security Inst., Queensland Univ. of Technol., Brisbane, Qld., Australia
  • fYear
    2005
  • fDate
    7-9 Nov. 2005
  • Firstpage
    89
  • Lastpage
    104
  • Abstract
    Monitoring the Internet reveals incessant activity, that has been referred to as background radiation. In this paper, we propose an original approach that makes use of packet inter-arrival times, or IATs, to analyse and identify such abnormal or unexpected network activity. Our study exploits a large set of data collected on a distributed network of honeypots during more than six months. Our main contribution in this paper is to demonstrate the usefulness of IAT analysis for network forensic purposes, and we illustrate this with examples in which we analyse particular IAT peak values. In addition, we pinpoint some network anomalies that we have been able to determine through such analysis.
  • Keywords
    Internet; security of data; telecommunication security; telecommunication traffic; unsolicited e-mail; distributed network; network forensic analysis; packet inter-arrival time; unsolicited Internet traffic; Conferences; Digital forensics; Internet;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Systematic Approaches to Digital Forensic Engineering, 2005. First International Workshop on
  • Print_ISBN
    0-7695-2478-8
  • Type

    conf

  • DOI
    10.1109/SADFE.2005.26
  • Filename
    1592524
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3233743