Abstract
This paper presents a network surveillance technique for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network pattern, we try to detect this anomalous network traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with a concept of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires the minimum calculation and memory, they exhibit high stability and robustness. Each port profile retains the patterns of the corresponding connections precisely, even if the connections demonstrate multi-modal characteristics. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.
| Original language | English |
|---|---|
| Pages (from-to) | 784-792 |
| Number of pages | 9 |
| Journal | IEICE Transactions on Information and Systems |
| Volume | E82-D |
| Issue number | 4 |
| Publication status | Published - 1999 |
Fingerprint
Keywords
- Auditing
- Intrusion detection
- Network surveillance
- Profiling
ASJC Scopus subject areas
- Information Systems
- Computer Graphics and Computer-Aided Design
- Software
Cite this
Detecting malicious activities through port profiling. / Iguchi, Makoto; Goto, Shigeki.
In: IEICE Transactions on Information and Systems, Vol. E82-D, No. 4, 1999, p. 784-792.Research output: Contribution to journal › Article
}
TY - JOUR
T1 - Detecting malicious activities through port profiling
AU - Iguchi, Makoto
AU - Goto, Shigeki
PY - 1999
Y1 - 1999
N2 - This paper presents a network surveillance technique for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network pattern, we try to detect this anomalous network traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with a concept of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires the minimum calculation and memory, they exhibit high stability and robustness. Each port profile retains the patterns of the corresponding connections precisely, even if the connections demonstrate multi-modal characteristics. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.
AB - This paper presents a network surveillance technique for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network pattern, we try to detect this anomalous network traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with a concept of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires the minimum calculation and memory, they exhibit high stability and robustness. Each port profile retains the patterns of the corresponding connections precisely, even if the connections demonstrate multi-modal characteristics. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.
KW - Auditing
KW - Intrusion detection
KW - Network surveillance
KW - Profiling
UR - http://www.scopus.com/inward/record.url?scp=0033329099&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=0033329099&partnerID=8YFLogxK
M3 - Article
VL - E82-D
SP - 784
EP - 792
JO - IEICE Transactions on Information and Systems
JF - IEICE Transactions on Information and Systems
SN - 0916-8532
IS - 4
ER -