Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ENTCS
2006
2006
Observing Internet Worm and Virus Attacks with a Small Network Telescope
A network telescope is a portion of the IP address space which is devoted to observing inbound internet traffic. The purpose of a network telescope is to detect and log malicious traffic which originates from internet worms and viruses. In this paper, we investigate the statistical properties of observed traffic from a Class C telescope over a total of 3 months. We observe that only a few IP sources and destination ports are responsible for the majority of the traffic. We also demonstrate various ways to visualise the traffic profile from a telescope. We show that specific profiles can identify and distinguish portscans, hostscans and distributed denial-of-service (DDOS) attacks. Looking at the inter-arrival time of packets, the power spectrum and the detrended fluctuation analysis of the observed traffic, we show that there is very little sign of long range dependence. This is in stark contrast to other network traffic and presents exciting possibilities for identifying malicious tra...
Real-time Traffic| Added | 12 Dec 2010 |
| Updated | 12 Dec 2010 |
| Type | Journal |
| Year | 2006 |
| Where | ENTCS |
| Authors | Uli Harder, Matt W. Johnson, Jeremy T. Bradley, William J. Knottenbelt |
Comments (0)
Researcher Info
|
