Detecting malicious activities through port profiling

Makoto Iguchi*, Shigeki Goto


    研究成果: Article査読

    9 被引用数 (Scopus)


    This paper presents a network surveillance technique for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network pattern, we try to detect this anomalous network traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with a concept of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires the minimum calculation and memory, they exhibit high stability and robustness. Each port profile retains the patterns of the corresponding connections precisely, even if the connections demonstrate multi-modal characteristics. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.

    ジャーナルIEICE Transactions on Information and Systems
    出版ステータスPublished - 1999

    ASJC Scopus subject areas

    • 情報システム
    • コンピュータ グラフィックスおよびコンピュータ支援設計
    • ソフトウェア


    「Detecting malicious activities through port profiling」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。