Detecting malicious activities through port profiling

IEICE Transactions on Information and Systems

Volumn E82-D, Issue 4, 1999, Pages 784-792

  Iguchi, Makoto ^a   Goto, Shigeki ^a  

^a WASEDA UNIVERSITY   (Japan)

Author keywords

Auditing; Intrusion detection; Network surveillance; Profiling

Indexed keywords

INTERNET PROTOCOL; INTRUSION DETECTION; NETWORK SECURITY MONITOR; NETWORK SURVEILLANCE; PORT PROFILING; TRANSMISSION CONTROL PROTOCOL;

COMPUTER NETWORKS; FORMAL LOGIC; INTERNET; PACKET NETWORKS; TELECOMMUNICATION TRAFFIC;

NETWORK PROTOCOLS;

EID: 0033329099     PISSN: 09168532     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Article

References (22)

1. J. Postel, "Transmission Control Protocol," RFC793, 1981.
2. S. Garfinkel and G. Spafford, "Practical UNIX and Internet Security," O'Reilly & Associates, Inc., California, 1996.
3. S.M. Bellovin, "Security problem in the TCP/IP protocol suite," Comput. Commun., vol.19, no.2, pp.32-48, April 1989.
4. "IP Spoofing Attack and Hijacked Terminal Connections," CERT Advisory CA-95:01, Jan. 23, 1995.
5. "UDP Service Denial," CERT Advisory CA-96:01, Feb. 1996.
6. "TCP SYN flooding," CERT Advisory CA-96:21, Sept. 19, 1996.
7. D.B. Chapman, "Network (in) security through IP packet filtering," Proc. 3rd USENIX Unix Security Symposium, Baltimore, MD, Sept. 1992.
8. D.E. Martin, Jr. and S. Rajagopalan, "Blocking JAVA applets at the firewall," Proc. ISOC Symposium on Network and Distributed System Security, pp. 16-26, 1997.
9. M. Asaka, "Information-gathering with mobile agents for intrusion detection system," IEICE Trans., vol.J81-D-I, no.5, pp.532-539, May 1998.
10. "Computer Hacker Information Available on the Internet," The United States General Accounting Office: http://www.gao.gov/AIndexFY96/abstracts/ai96108t.htm
11. "A Survey on the Current Security Measures Taken at Corporations and Universities," The National Police Agency: http://www.npa.go.jp/soumu3/index.htm
12. B. Mukherjee, L.T. Heberlein, and K.N. Levitt, "Network intrusion detection," IEEE Network, vol.8, no.3, pp.26-41, May/June 1994.
13. L.T. Heberlein, G. Dias, K.N. Levitt, B. Mukherjee, J. Wood, and D. Wolber, "A network security monitor," Proc. 1990 Symposium on Research in Security and Privacy, pp.296-303, California, May 1990.
14. S.R. Snapp, J. Brentano, G. Dias, T.L. Goan, L.T. Heberlein, C.L. Ho, K.N. Levitt, B. Mukherjee, T. Grance, D.M. Teal, and D. Mansur, "DIDS (distributed intrusion detection system) - motivation, architecture, and an early prototype," Proc. 14th National Computer Security Conference, pp.167-176, Washington D.C., Oct. 1991.
15. P.A. Porras and P.G. Neumann, "EMERALD: Event monitoring enabling responses to anomalous live disturbances," Proc. National Information System Security Conference, pp.353-365, Maryland, Oct. 1997.
16. D.E. Denning, "An intrusion-detection model," IEEE Trans. Software Eng., vol.SE-13, no.2, pp.222-232, Feb. 1987.
17. U.S. Javitz and A. Valdes, "The NIDES Statistical Component: Description and Justification," Technical Report, SRI International, California, March 1994.
18. E.J. Dudewicz and S.N. Mishra, "Modern Mathematical Statistics," John Wiley & Sons, New York, 1988.
19. Argus 1.7 - IP Transaction Network Auditing Tool, ftp://ftp.sei.cmu.edu/pub/argus/
20. "FTP Bounce," CERT Advisory CA-97:27, Dec. 10, 1997.
21. "Problems with the FTP PORT Command," CERT Technical Tips, Feb. 13, 1998.
22. W.R. Stevens, "TCP/IP Illustrated, Volume 1," Addison-Wesley, 1994.