Network surveillance for detecting intrusions

Author

Iguchi, Makoto ; Goto, Shigeki

Author_Institution

Sch. of Sci. & Eng., Waseda Univ., Tokyo, Japan

fYear

1999

fDate

1999

Firstpage

99

Lastpage

106

Abstract

The paper proposes a network surveillance method for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network traffic, we try to detect this anomalous traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with an idea of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires a small amount of calculation, they exhibit high stability and robustness. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected

Keywords

Internet; security of data; surveillance; telecommunication security; telecommunication traffic recording; abnormal network traffic; anomalous traffic pattern; compromising backdoors; expected behavior; intrusion detection; intrusive activities; live traffic; malicious activities; network surveillance method; network traffic pattern; port profiling; suspicious activities; system exploitation; trojan programs; unusual conducts; Computer networks; Filtering; Intrusion detection; Monitoring; Pattern analysis; Protocols; Robust stability; Surveillance; TCPIP; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Internet Workshop, 1999. IWS 99

Conference_Location

Osaka

Print_ISBN

0-7803-5925-9

Type

conf

DOI

10.1109/IWS.1999.810999

Filename

810999