An evaluation of connection characteristics for separating network attacks
作者: Robin Berthier , Michel Cukier
关键词:
摘要: The goal of this paper is to evaluate the efficiency connection characteristics separate different attack families that target a single TCP port. Identifying most relevant might allow statistically separating without systematically using forensics. This study based on dataset collected over 117 days test-bed two high interaction honeypots. results indicated unsuccessful from successful attacks in malicious traffic: number bytes characteristic; time-based are poor characteristics; combinations does not improve attacks.
sci-hub.se 参考文章(26)
Wei Lu, Issa Traore, A New Unsupervised Anomaly Detection Framework for Detecting Network Attacks in Real-Time Cryptology and Network Security. pp. 96- 109 ,(2005) , 10.1007/11599371_9
Xuxian Jiang, Dongyan Xu, Behavioral Footprinting: A New Dimension to Characterize Self-Propagating Worms ,(2005)
Christopher Hertel, Implementing CIFS: The Common Internet File System ,(2003)
E Eskin, Andrew Arnold, Michael Prerau, Leonid Portnoy, Sal Stolfo, A GEOMETRIC FRAMEWORK FOR UNSUPERVISED ANOMALY DETECTION: DETECTING INTRUSIONS IN UNLABELED DATA APPLICATIONS OF DATA MINING IN COMPUTER SECURITY. pp. 0- 0 ,(2002) , 10.7916/D8D50TQT
Fabien Pouget, Marc Dacier, Honeypot-based forensics ,(2004)
Levent Ertoz, Aleksandar Lazarevic, Paul Dokas, Pang-Ning Tan, Vipin Kumar, Jaideep Srivastava, Data Mining for Network Intrusion Detection ,(2002)
John McHugh, Testing Intrusion detection systems ACM Transactions on Information and System Security. ,vol. 3, pp. 262- 294 ,(2000) , 10.1145/382912.382923
Christian Kreibich, Jon Crowcroft, Honeycomb: creating intrusion detection signatures using honeypots acm special interest group on data communication. ,vol. 34, pp. 51- 56 ,(2004) , 10.1145/972374.972384
Carol Taylor, Jim Alves-Foss, An empirical analysis of NATE Proceedings of the 2002 workshop on New security paradigms - NSPW '02. pp. 18- 26 ,(2002) , 10.1145/844102.844106
I. Arce, E. Levy, An analysis of the Slapper worm ieee symposium on security and privacy. ,vol. 1, pp. 82- 87 ,(2003) , 10.1109/MSECP.2003.1177002