Network surveillance for detecting intrusions

Makoto Iguchi, Shigeki Goto

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    4 Citations (Scopus)

    Abstract

    The paper proposes a network surveillance method for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network traffic, we try to detect this anomalous traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with an idea of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires a small amount of calculation, they exhibit high stability and robustness. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.

    Original languageEnglish
    Title of host publication1999 Internet Workshop, IWS 1999
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    Pages99-106
    Number of pages8
    ISBN (Electronic)0780359259, 9780780359253
    DOIs
    Publication statusPublished - 1999 Jan 1
    Event1999 Internet Workshop, IWS 1999 - Suita, Osaka, Japan
    Duration: 1999 Feb 181999 Feb 20

    Other

    Other1999 Internet Workshop, IWS 1999
    CountryJapan
    CitySuita, Osaka
    Period99/2/1899/2/20

    Fingerprint

    Surveillance
    Trigger
    Robustness
    Profiling
    Exploitation

    ASJC Scopus subject areas

    • Information Systems and Management
    • Hardware and Architecture
    • Computer Networks and Communications

    Cite this

    Iguchi, M., & Goto, S. (1999). Network surveillance for detecting intrusions. In 1999 Internet Workshop, IWS 1999 (pp. 99-106). [810999] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/IWS.1999.810999

    Network surveillance for detecting intrusions. / Iguchi, Makoto; Goto, Shigeki.

    1999 Internet Workshop, IWS 1999. Institute of Electrical and Electronics Engineers Inc., 1999. p. 99-106 810999.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Iguchi, M & Goto, S 1999, Network surveillance for detecting intrusions. in 1999 Internet Workshop, IWS 1999., 810999, Institute of Electrical and Electronics Engineers Inc., pp. 99-106, 1999 Internet Workshop, IWS 1999, Suita, Osaka, Japan, 99/2/18. https://doi.org/10.1109/IWS.1999.810999
    Iguchi M, Goto S. Network surveillance for detecting intrusions. In 1999 Internet Workshop, IWS 1999. Institute of Electrical and Electronics Engineers Inc. 1999. p. 99-106. 810999 https://doi.org/10.1109/IWS.1999.810999
    Iguchi, Makoto ; Goto, Shigeki. / Network surveillance for detecting intrusions. 1999 Internet Workshop, IWS 1999. Institute of Electrical and Electronics Engineers Inc., 1999. pp. 99-106
    @inproceedings{326e4952f4b44f64a2cac47b165621fe,
    title = "Network surveillance for detecting intrusions",
    abstract = "The paper proposes a network surveillance method for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network traffic, we try to detect this anomalous traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with an idea of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires a small amount of calculation, they exhibit high stability and robustness. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.",
    author = "Makoto Iguchi and Shigeki Goto",
    year = "1999",
    month = "1",
    day = "1",
    doi = "10.1109/IWS.1999.810999",
    language = "English",
    pages = "99--106",
    booktitle = "1999 Internet Workshop, IWS 1999",
    publisher = "Institute of Electrical and Electronics Engineers Inc.",

    }

    TY - GEN

    T1 - Network surveillance for detecting intrusions

    AU - Iguchi, Makoto

    AU - Goto, Shigeki

    PY - 1999/1/1

    Y1 - 1999/1/1

    N2 - The paper proposes a network surveillance method for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network traffic, we try to detect this anomalous traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with an idea of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires a small amount of calculation, they exhibit high stability and robustness. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.

    AB - The paper proposes a network surveillance method for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network traffic, we try to detect this anomalous traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with an idea of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires a small amount of calculation, they exhibit high stability and robustness. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.

    UR - http://www.scopus.com/inward/record.url?scp=33745434604&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=33745434604&partnerID=8YFLogxK

    U2 - 10.1109/IWS.1999.810999

    DO - 10.1109/IWS.1999.810999

    M3 - Conference contribution

    SP - 99

    EP - 106

    BT - 1999 Internet Workshop, IWS 1999

    PB - Institute of Electrical and Electronics Engineers Inc.

    ER -