The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Este artigo apresenta uma técnica de vigilância de rede para detectar atividades maliciosas. Com base na hipótese de que condutas incomuns, como a exploração do sistema, desencadearão um padrão de rede anormal, tentamos detectar esse padrão de tráfego de rede anômalo como um sinal de atividades maliciosas ou, pelo menos, suspeitas. A captura e análise de um padrão de tráfego de rede é implementada com um conceito de perfil de porta, onde medidas que representam diversas características das conexões são monitoradas e registradas para cada porta. Embora a geração dos perfis de porta exija cálculo e memória mínimos, eles apresentam alta estabilidade e robustez. Cada perfil de porta retém com precisão os padrões das conexões correspondentes, mesmo que as conexões demonstrem características multimodais. Ao comparar o padrão exibido pelo tráfego ao vivo com o comportamento esperado registrado no perfil, atividades intrusivas, como comprometimento de backdoors ou invocação de programas de trojan, são detectadas com sucesso.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Makoto IGUCHI, Shigeki GOTO, "Detecting Malicious Activities through Port Profiling" in IEICE TRANSACTIONS on Information,
vol. E82-D, no. 4, pp. 784-792, April 1999, doi: .
Abstract: This paper presents a network surveillance technique for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network pattern, we try to detect this anomalous network traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with a concept of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires the minimum calculation and memory, they exhibit high stability and robustness. Each port profile retains the patterns of the corresponding connections precisely, even if the connections demonstrate multi-modal characteristics. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.
URL: https://global.ieice.org/en_transactions/information/10.1587/e82-d_4_784/_p
Copiar
@ARTICLE{e82-d_4_784,
author={Makoto IGUCHI, Shigeki GOTO, },
journal={IEICE TRANSACTIONS on Information},
title={Detecting Malicious Activities through Port Profiling},
year={1999},
volume={E82-D},
number={4},
pages={784-792},
abstract={This paper presents a network surveillance technique for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network pattern, we try to detect this anomalous network traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with a concept of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires the minimum calculation and memory, they exhibit high stability and robustness. Each port profile retains the patterns of the corresponding connections precisely, even if the connections demonstrate multi-modal characteristics. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.},
keywords={},
doi={},
ISSN={},
month={April},}
Copiar
TY - JOUR
TI - Detecting Malicious Activities through Port Profiling
T2 - IEICE TRANSACTIONS on Information
SP - 784
EP - 792
AU - Makoto IGUCHI
AU - Shigeki GOTO
PY - 1999
DO -
JO - IEICE TRANSACTIONS on Information
SN -
VL - E82-D
IS - 4
JA - IEICE TRANSACTIONS on Information
Y1 - April 1999
AB - This paper presents a network surveillance technique for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network pattern, we try to detect this anomalous network traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with a concept of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires the minimum calculation and memory, they exhibit high stability and robustness. Each port profile retains the patterns of the corresponding connections precisely, even if the connections demonstrate multi-modal characteristics. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.
ER -