Title :
A Comparison between Internal and External Malicious Traffic
Author :
Cukier, Michel ; Panjwani, Susmit
Author_Institution :
Univ. of Maryland, College Park
Abstract :
This paper empirically compares malicious traffic originating inside an organization (i.e., internal traffic) with malicious traffic originating outside an organization (i.e., external traffic). Two honeypot target computers were deployed to collect malicious traffic data over a period of fifteen weeks. In the first study we showed that there was a weak correlation between internal and external traffic based on the number of malicious connections. Since the type of malicious activity is linked to the port that was targeted, we focused on the most frequently targeted ports. We observed that internal malicious traffic often contained different malicious content compared to that of external traffic. In the third study, we discovered that the volume of malicious traffic was linked to the day of the week. We showed that internal and external malicious activities differ: where the external malicious activity is quite stable over the week, the internal traffic varied as a function of the users´ activity profile.
Keywords :
computer networks; data analysis; security of data; external traffic; honeypot target computers; internal traffic; malicious traffic data; user activity profile; Backscatter; Bridges; Computer architecture; Information filtering; Information filters; Internet; Protocols; Software reliability; Telecommunication traffic; Testing;
Conference_Titel :
Software Reliability, 2007. ISSRE '07. The 18th IEEE International Symposium on
Conference_Location :
Trollhattan
Print_ISBN :
978-0-7695-3024-6
DOI :
10.1109/ISSRE.2007.32
