Title :
Network surveillance for detecting intrusions
Author :
Iguchi, Makoto ; Goto, Shigeki
Author_Institution :
Sch. of Sci. & Eng., Waseda Univ., Tokyo, Japan
Abstract :
The paper proposes a network surveillance method for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network traffic, we try to detect this anomalous traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with an idea of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires a small amount of calculation, they exhibit high stability and robustness. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected
Keywords :
Internet; security of data; surveillance; telecommunication security; telecommunication traffic recording; abnormal network traffic; anomalous traffic pattern; compromising backdoors; expected behavior; intrusion detection; intrusive activities; live traffic; malicious activities; network surveillance method; network traffic pattern; port profiling; suspicious activities; system exploitation; trojan programs; unusual conducts; Computer networks; Filtering; Intrusion detection; Monitoring; Pattern analysis; Protocols; Robust stability; Surveillance; TCPIP; Telecommunication traffic;
Conference_Titel :
Internet Workshop, 1999. IWS 99
Conference_Location :
Osaka
Print_ISBN :
0-7803-5925-9
DOI :
10.1109/IWS.1999.810999
