Network surveillance for detecting intrusions

Makoto Iguchi, Shigeki Goto

    研究成果: Conference contribution

    4 引用 (Scopus)

    抄録

    The paper proposes a network surveillance method for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network traffic, we try to detect this anomalous traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with an idea of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires a small amount of calculation, they exhibit high stability and robustness. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.

    元の言語English
    ホスト出版物のタイトル1999 Internet Workshop, IWS 1999
    出版者Institute of Electrical and Electronics Engineers Inc.
    ページ99-106
    ページ数8
    ISBN(電子版)0780359259, 9780780359253
    DOI
    出版物ステータスPublished - 1999 1 1
    イベント1999 Internet Workshop, IWS 1999 - Suita, Osaka, Japan
    継続期間: 1999 2 181999 2 20

    Other

    Other1999 Internet Workshop, IWS 1999
    Japan
    Suita, Osaka
    期間99/2/1899/2/20

    Fingerprint

    Surveillance
    Trigger
    Robustness
    Profiling
    Exploitation

    ASJC Scopus subject areas

    • Information Systems and Management
    • Hardware and Architecture
    • Computer Networks and Communications

    これを引用

    Iguchi, M., & Goto, S. (1999). Network surveillance for detecting intrusions. : 1999 Internet Workshop, IWS 1999 (pp. 99-106). [810999] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/IWS.1999.810999

    Network surveillance for detecting intrusions. / Iguchi, Makoto; Goto, Shigeki.

    1999 Internet Workshop, IWS 1999. Institute of Electrical and Electronics Engineers Inc., 1999. p. 99-106 810999.

    研究成果: Conference contribution

    Iguchi, M & Goto, S 1999, Network surveillance for detecting intrusions. : 1999 Internet Workshop, IWS 1999., 810999, Institute of Electrical and Electronics Engineers Inc., pp. 99-106, 1999 Internet Workshop, IWS 1999, Suita, Osaka, Japan, 99/2/18. https://doi.org/10.1109/IWS.1999.810999
    Iguchi M, Goto S. Network surveillance for detecting intrusions. : 1999 Internet Workshop, IWS 1999. Institute of Electrical and Electronics Engineers Inc. 1999. p. 99-106. 810999 https://doi.org/10.1109/IWS.1999.810999
    Iguchi, Makoto ; Goto, Shigeki. / Network surveillance for detecting intrusions. 1999 Internet Workshop, IWS 1999. Institute of Electrical and Electronics Engineers Inc., 1999. pp. 99-106
    @inproceedings{326e4952f4b44f64a2cac47b165621fe,
    title = "Network surveillance for detecting intrusions",
    abstract = "The paper proposes a network surveillance method for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network traffic, we try to detect this anomalous traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with an idea of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires a small amount of calculation, they exhibit high stability and robustness. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.",
    author = "Makoto Iguchi and Shigeki Goto",
    year = "1999",
    month = "1",
    day = "1",
    doi = "10.1109/IWS.1999.810999",
    language = "English",
    pages = "99--106",
    booktitle = "1999 Internet Workshop, IWS 1999",
    publisher = "Institute of Electrical and Electronics Engineers Inc.",

    }

    TY - GEN

    T1 - Network surveillance for detecting intrusions

    AU - Iguchi, Makoto

    AU - Goto, Shigeki

    PY - 1999/1/1

    Y1 - 1999/1/1

    N2 - The paper proposes a network surveillance method for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network traffic, we try to detect this anomalous traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with an idea of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires a small amount of calculation, they exhibit high stability and robustness. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.

    AB - The paper proposes a network surveillance method for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network traffic, we try to detect this anomalous traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with an idea of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires a small amount of calculation, they exhibit high stability and robustness. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.

    UR - http://www.scopus.com/inward/record.url?scp=33745434604&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=33745434604&partnerID=8YFLogxK

    U2 - 10.1109/IWS.1999.810999

    DO - 10.1109/IWS.1999.810999

    M3 - Conference contribution

    AN - SCOPUS:33745434604

    SP - 99

    EP - 106

    BT - 1999 Internet Workshop, IWS 1999

    PB - Institute of Electrical and Electronics Engineers Inc.

    ER -