Abstract
The paper proposes a network surveillance method for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network traffic, we try to detect this anomalous traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with an idea of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires a small amount of calculation, they exhibit high stability and robustness. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.
| Original language | English |
|---|---|
| Title of host publication | 1999 Internet Workshop, IWS 1999 |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| Pages | 99-106 |
| Number of pages | 8 |
| ISBN (Electronic) | 0780359259, 9780780359253 |
| DOIs | |
| Publication status | Published - 1999 Jan 1 |
| Event | 1999 Internet Workshop, IWS 1999 - Suita, Osaka, Japan Duration: 1999 Feb 18 → 1999 Feb 20 |
Other
| Other | 1999 Internet Workshop, IWS 1999 |
|---|---|
| Country/Territory | Japan |
| City | Suita, Osaka |
| Period | 99/2/18 → 99/2/20 |
ASJC Scopus subject areas
- Information Systems and Management
- Hardware and Architecture
- Computer Networks and Communications