Detection of malicious traffic on back-bone links via packet header analysis

Campus-Wide Information Systems

Volumn 25, Issue 5, 2008, Pages 342-358

  John, Wolfgang ^a   Olovsson, Tomas ^a  

^a CHALMERS UNIVERSITY OF TECHNOLOGY   (Sweden)

Author keywords

Computer networks; Control systems; Data security; Firewalls; Internet

Indexed keywords

EID: 57049097472     PISSN: 10650741     EISSN: None     Source Type: Journal    
DOI: 10.1108/10650740810921484     Document Type: Article

References (10)

1. Bykova, M., Ostermann, S., Tjaden, B. 2001 "Detecting network intrusions via a statistical analysis of network packet characteristics", Proceedings of the 33rd South-eastern Symposium on System Theory, Athens, OH, March 18-20, pp. 309-14
2. John, W., Tafvelin, S. 2006 "OC 192 traces, Fall 2006", DatCat, available at: http://imdc.datcat.org/collection/1-04HQ-3=SUNET+OC+192+Traces\ %2C+fall+2006 (accessed 22 July 2008)
3. John, W., Tafvelin, S. 2007 "Analysis of internet back-bone traffic and header anomalies observed", Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement, ACM, New York, NY, October 24-26, pp. 111-16
4. John, W., Tafvelin, S., Olovsson, T. Claypool, M., Uhlig, S. Trends and differences in connection behavior within classes of internet back-bone traffic 2008 Proceedings of the 9th Passive and Active Measurement Conference, Cleveland, OH, April 29-30, pp. 192-201
5. Mahoney, M., Chan, P. 2001 "PHAD: Packet Header Anomaly Detection for identifying hostile network traffic", Technical Report CS-2001-4, Florida Tech, Melbourne, FL
6. Newsham, T., Hoagland, J. 2006 "Windows Vista network attack surface analysis: a broad overview", Symantec Corporation, available at: www.symantec.com/avcenter/reference/Vistawork-Attack-Surface-RTM.pdf (accessed 22 July 2008)
7. SANS Institute 2008 "SANS intrusion detection FAQ", available at: www.sans.org/resources/idfaq/dns.php (accessed 22 July 2008)
8. Shannon, C., Moore, D., Claffy, K.C. Beyond folklore: observations on fragmented traffic IEEE/ACM Transactions on Networking 10 6 2002 709-20
9. Xu, J., Fan, J., Ammar, M., Moon, S.B. 2001 "On the design and performance of prefix-preserving IP traffic trace anonymization", Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, ACM, New York, NY, November 1-2, pp. 263-6
10. Zalewski, M. 2002 "Strange attractors and TCP/IP sequence number analysis - one year later", available at: http://lcamtuf.coredump.cx/ newtcp/ (accessed 22 July 2008)