Title :
Identification of source applications for enhanced traffic analysis and anomaly detection
Author :
Zúquete, André ; Rocha, Miguel
Author_Institution :
Dept. of Electron., Telecommun. & Inf., Univ. of Aveiro, Aveiro, Portugal
Abstract :
This article presents an architecture for managing the identification of applications responsible for generating traffic in a network. The identification is to be explored by network auditing systems, which cooperate with surveyed systems to get the relevant information about the source applications. The ultimate goal of the system is to provide network auditors, such as NIDS, enough information about the exact sources of network traffic. This way, auditors are able to detect unauthorized applications or to detect anomalies in the traffic created by known applications, possibly as a consequence of the action of some malware in the source application or host.
Keywords :
computer network management; computer network security; invasive software; telecommunication traffic; NIDS; anomaly detection; enhanced traffic analysis; malware; network auditing systems; network intrusion detection systems; network management; network traffic; source identification; Cryptography; Databases; IP networks; Malware; Servers; Tagging;
Conference_Titel :
Communications (ICC), 2012 IEEE International Conference on
Conference_Location :
Ottawa, ON
Print_ISBN :
978-1-4577-2052-9
Electronic_ISBN :
1550-3607
DOI :
10.1109/ICC.2012.6364951
