The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Cet article présente une technique de surveillance de réseau pour détecter les activités malveillantes. En partant de l’hypothèse selon laquelle des comportements inhabituels, comme l’exploitation du système, déclencheraient un modèle de réseau anormal, nous essayons de détecter ce modèle de trafic réseau anormal comme le signe d’activités malveillantes, ou du moins suspectes. La capture et l'analyse d'un modèle de trafic réseau sont mises en œuvre avec un concept de profilage de port, dans lequel des mesures représentant diverses caractéristiques des connexions sont surveillées et enregistrées pour chaque port. Bien que la génération des profils de port nécessite un minimum de calcul et de mémoire, ils présentent une stabilité et une robustesse élevées. Chaque profil de port conserve précisément les modèles des connexions correspondantes, même si les connexions présentent des caractéristiques multimodales. En comparant le modèle présenté par le trafic en direct avec le comportement attendu enregistré dans le profil, les activités intrusives telles que la compromission des portes dérobées ou l'invocation de programmes chevaux de Troie sont détectées avec succès.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copier
Makoto IGUCHI, Shigeki GOTO, "Detecting Malicious Activities through Port Profiling" in IEICE TRANSACTIONS on Information,
vol. E82-D, no. 4, pp. 784-792, April 1999, doi: .
Abstract: This paper presents a network surveillance technique for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network pattern, we try to detect this anomalous network traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with a concept of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires the minimum calculation and memory, they exhibit high stability and robustness. Each port profile retains the patterns of the corresponding connections precisely, even if the connections demonstrate multi-modal characteristics. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.
URL: https://global.ieice.org/en_transactions/information/10.1587/e82-d_4_784/_p
Copier
@ARTICLE{e82-d_4_784,
author={Makoto IGUCHI, Shigeki GOTO, },
journal={IEICE TRANSACTIONS on Information},
title={Detecting Malicious Activities through Port Profiling},
year={1999},
volume={E82-D},
number={4},
pages={784-792},
abstract={This paper presents a network surveillance technique for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network pattern, we try to detect this anomalous network traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with a concept of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires the minimum calculation and memory, they exhibit high stability and robustness. Each port profile retains the patterns of the corresponding connections precisely, even if the connections demonstrate multi-modal characteristics. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.},
keywords={},
doi={},
ISSN={},
month={April},}
Copier
TY - JOUR
TI - Detecting Malicious Activities through Port Profiling
T2 - IEICE TRANSACTIONS on Information
SP - 784
EP - 792
AU - Makoto IGUCHI
AU - Shigeki GOTO
PY - 1999
DO -
JO - IEICE TRANSACTIONS on Information
SN -
VL - E82-D
IS - 4
JA - IEICE TRANSACTIONS on Information
Y1 - April 1999
AB - This paper presents a network surveillance technique for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network pattern, we try to detect this anomalous network traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with a concept of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires the minimum calculation and memory, they exhibit high stability and robustness. Each port profile retains the patterns of the corresponding connections precisely, even if the connections demonstrate multi-modal characteristics. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.
ER -