Detecting network intrusions via a statistical analysis of network packet characteristics

Author

Bykova, Marina ; Ostermann, Shawn ; Tjaden, Brett

Author_Institution

Sch. of Electr. Eng. & Comput. Sci., Ohio State Univ., Columbus, OH, USA

fYear

2001

fDate

36951

Firstpage

309

Lastpage

314

Abstract

With the growing threat of abuse of network resources, it becomes increasingly important to be able to detect malformed packets on a network and estimate the damage they fan cause. In this paper, we collect and analyze all of the IP and TCP packets seen on a network that either violate existing standards or should not appear in modern internets. Our goal is to determine what these suspicions packets mean and evaluate what proportion of such packets can cause actual damage. Thus, we divide unusual packets obtained during our experiments into several categories depending on the severity of their consequences, including indirect consequences as a result of information gathering, and show the results. The traces analyzed were gathered at Ohio University´s main Internet link, providing a massive amount of statistical data

Keywords

Internet; computer network reliability; data privacy; statistical analysis; transport protocols; IP TCP packets; Internet; network intrusion detection; network monitoring; network packet characteristics; packet header analysis; statistical analysis; suspicious activity; Computer crashes; Computer science; Data analysis; IP networks; Intrusion detection; Modems; Monitoring; Performance analysis; Statistical analysis; TCPIP;

fLanguage

English

Publisher

ieee

Conference_Titel

System Theory, 2001. Proceedings of the 33rd Southeastern Symposium on

Conference_Location

Athens, OH

Print_ISBN

0-7803-6661-1

Type

conf

DOI

10.1109/SSST.2001.918537

Filename

918537