Detecting malicious activities through port profiling

Makoto Iguchi, Shigeki Goto

    Research output: Contribution to journalArticle

    9 Citations (Scopus)

    Abstract

    This paper presents a network surveillance technique for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network pattern, we try to detect this anomalous network traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with a concept of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires the minimum calculation and memory, they exhibit high stability and robustness. Each port profile retains the patterns of the corresponding connections precisely, even if the connections demonstrate multi-modal characteristics. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.

    Original languageEnglish
    Pages (from-to)784-792
    Number of pages9
    JournalIEICE Transactions on Information and Systems
    VolumeE82-D
    Issue number4
    Publication statusPublished - 1999

    Fingerprint

    Data storage equipment

    Keywords

    • Auditing
    • Intrusion detection
    • Network surveillance
    • Profiling

    ASJC Scopus subject areas

    • Information Systems
    • Computer Graphics and Computer-Aided Design
    • Software

    Cite this

    Detecting malicious activities through port profiling. / Iguchi, Makoto; Goto, Shigeki.

    In: IEICE Transactions on Information and Systems, Vol. E82-D, No. 4, 1999, p. 784-792.

    Research output: Contribution to journalArticle

    Iguchi, M & Goto, S 1999, 'Detecting malicious activities through port profiling', IEICE Transactions on Information and Systems, vol. E82-D, no. 4, pp. 784-792.
    Iguchi M, Goto S. Detecting malicious activities through port profiling. IEICE Transactions on Information and Systems. 1999;E82-D(4):784-792.
    Iguchi, Makoto ; Goto, Shigeki. / Detecting malicious activities through port profiling. In: IEICE Transactions on Information and Systems. 1999 ; Vol. E82-D, No. 4. pp. 784-792.
    @article{4dfc52f9e16f4423a3fad4793e326500,
    title = "Detecting malicious activities through port profiling",
    abstract = "This paper presents a network surveillance technique for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network pattern, we try to detect this anomalous network traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with a concept of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires the minimum calculation and memory, they exhibit high stability and robustness. Each port profile retains the patterns of the corresponding connections precisely, even if the connections demonstrate multi-modal characteristics. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.",
    keywords = "Auditing, Intrusion detection, Network surveillance, Profiling",
    author = "Makoto Iguchi and Shigeki Goto",
    year = "1999",
    language = "English",
    volume = "E82-D",
    pages = "784--792",
    journal = "IEICE Transactions on Information and Systems",
    issn = "0916-8532",
    publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",
    number = "4",

    }

    TY - JOUR

    T1 - Detecting malicious activities through port profiling

    AU - Iguchi, Makoto

    AU - Goto, Shigeki

    PY - 1999

    Y1 - 1999

    N2 - This paper presents a network surveillance technique for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network pattern, we try to detect this anomalous network traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with a concept of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires the minimum calculation and memory, they exhibit high stability and robustness. Each port profile retains the patterns of the corresponding connections precisely, even if the connections demonstrate multi-modal characteristics. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.

    AB - This paper presents a network surveillance technique for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network pattern, we try to detect this anomalous network traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with a concept of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires the minimum calculation and memory, they exhibit high stability and robustness. Each port profile retains the patterns of the corresponding connections precisely, even if the connections demonstrate multi-modal characteristics. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.

    KW - Auditing

    KW - Intrusion detection

    KW - Network surveillance

    KW - Profiling

    UR - http://www.scopus.com/inward/record.url?scp=0033329099&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=0033329099&partnerID=8YFLogxK

    M3 - Article

    AN - SCOPUS:0033329099

    VL - E82-D

    SP - 784

    EP - 792

    JO - IEICE Transactions on Information and Systems

    JF - IEICE Transactions on Information and Systems

    SN - 0916-8532

    IS - 4

    ER -

    Access to Document