Filtering Automated Polling Traffic in Computer Network Flow Data
作者: Nick Heard , Patrick Rubin-Delanchy , Daniel J. Lawson
关键词: Software 、 SIMPLE (military communications protocol) 、 Controller (computing) 、 Host (network) 、 Computer network 、 Computer science 、 Malware 、 Anomaly detection 、 Polling 、 Server
摘要: Detecting polling behaviour in a computer network has two important applications. First, the can be indicative of malware beaconing, where an undetected software virus sends regular communications to controller. Second, cause may not malicious, since it correspond automated update requests permitted by client, build models normal host for signature-free anomaly detection, this needs understood. This article presents simple Fourier analysis technique identifying polling, and focuses on second application: modelling host, using real data collected from Imperial College London.
imperial.ac.uk
bristol.ac.uk
sci-hub.se 参考文章(1)
David M. Halliday, Jay R. Rosenberg, Time and Frequency Domain Analysis of Spike Train and Time Series Data Modern Techniques in Neuroscience Research. pp. 503- 543 ,(1999) , 10.1007/978-3-642-58552-4_18