Presentation | 2006-01-20 Analyzing traffic directed to unused IP address blocks Kazuya SUZUKI, Shunsuke BABA, Hiroki TAKAKURA, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | In network security, it is very important to detect a security incident such as scanning activity, which often is a precursor to a DoS attack. We have developed a network monitoring system whose sensors are deployed at the endpoints of a network. To provide an understanding of the monitored network traffic, we classify various events by parameters observed from packets comprising a given event. For example, we use the Δt between packets, the number of unique source IPs, destination IPs as well as source and destination ports. In addition we also determine whether or not multiple source/destination IPs/ports occur in a sequence or appear randomly. Using this method we are able to quickly divide events into two primary classes, known events for which pre-defined actions may be taken and/or warnings issued and, suspicious events that may or may not be hostile but in ether case require further analysis. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | |
Paper # | IA2005-23 |
Date of Issue |
Conference Information | |
Committee | IA |
---|---|
Conference Date | 2006/1/12(1days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | |
Chair | |
Vice Chair | |
Secretary | |
Assistant |
Paper Information | |
Registration To | Internet Architecture(IA) |
---|---|
Language | JPN |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | Analyzing traffic directed to unused IP address blocks |
Sub Title (in English) | |
Keyword(1) | |
1st Author's Name | Kazuya SUZUKI |
1st Author's Affiliation | Yokogawa Electric Corporation Security Project() |
2nd Author's Name | Shunsuke BABA |
2nd Author's Affiliation | Yokogawa Electric Corporation Security Project |
3rd Author's Name | Hiroki TAKAKURA |
3rd Author's Affiliation | Academic Center for Computing and Media Studies Kyoto University |
Date | 2006-01-20 |
Paper # | IA2005-23 |
Volume (vol) | vol.105 |
Number (no) | 530 |
Page | pp.pp.- |
#Pages | 6 |
Date of Issue |