The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Kertas kerja ini membentangkan teknik pengawasan rangkaian untuk mengesan aktiviti berniat jahat. Berdasarkan hipotesis bahawa kelakuan luar biasa seperti eksploitasi sistem akan mencetuskan corak rangkaian yang tidak normal, kami cuba mengesan corak trafik rangkaian anomali ini sebagai tanda aktiviti berniat jahat atau sekurang-kurangnya mencurigakan. Menangkap dan menganalisis corak trafik rangkaian dilaksanakan dengan konsep pemprofilan port, di mana langkah-langkah yang mewakili pelbagai ciri sambungan dipantau dan direkodkan untuk setiap port. Walaupun penjanaan profil port memerlukan pengiraan dan ingatan minimum, ia mempamerkan kestabilan dan keteguhan yang tinggi. Setiap profil port mengekalkan corak sambungan yang sepadan dengan tepat, walaupun sambungan menunjukkan ciri berbilang modal. Dengan membandingkan corak yang dipamerkan oleh trafik langsung dengan tingkah laku yang dijangka direkodkan dalam profil, aktiviti mengganggu seperti menjejaskan pintu belakang atau menggunakan program trojan berjaya dikesan.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Salinan
Makoto IGUCHI, Shigeki GOTO, "Detecting Malicious Activities through Port Profiling" in IEICE TRANSACTIONS on Information,
vol. E82-D, no. 4, pp. 784-792, April 1999, doi: .
Abstract: This paper presents a network surveillance technique for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network pattern, we try to detect this anomalous network traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with a concept of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires the minimum calculation and memory, they exhibit high stability and robustness. Each port profile retains the patterns of the corresponding connections precisely, even if the connections demonstrate multi-modal characteristics. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.
URL: https://global.ieice.org/en_transactions/information/10.1587/e82-d_4_784/_p
Salinan
@ARTICLE{e82-d_4_784,
author={Makoto IGUCHI, Shigeki GOTO, },
journal={IEICE TRANSACTIONS on Information},
title={Detecting Malicious Activities through Port Profiling},
year={1999},
volume={E82-D},
number={4},
pages={784-792},
abstract={This paper presents a network surveillance technique for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network pattern, we try to detect this anomalous network traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with a concept of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires the minimum calculation and memory, they exhibit high stability and robustness. Each port profile retains the patterns of the corresponding connections precisely, even if the connections demonstrate multi-modal characteristics. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.},
keywords={},
doi={},
ISSN={},
month={April},}
Salinan
TY - JOUR
TI - Detecting Malicious Activities through Port Profiling
T2 - IEICE TRANSACTIONS on Information
SP - 784
EP - 792
AU - Makoto IGUCHI
AU - Shigeki GOTO
PY - 1999
DO -
JO - IEICE TRANSACTIONS on Information
SN -
VL - E82-D
IS - 4
JA - IEICE TRANSACTIONS on Information
Y1 - April 1999
AB - This paper presents a network surveillance technique for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network pattern, we try to detect this anomalous network traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with a concept of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires the minimum calculation and memory, they exhibit high stability and robustness. Each port profile retains the patterns of the corresponding connections precisely, even if the connections demonstrate multi-modal characteristics. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.
ER -