Presentation	2012-03-09 Discriminating malcious packets using TTL in the IP header Ryo YAMADA, Kazuhiro TOBE, Shigeki GOTO,
PDF Download Page	PDF download Page Link
Abstract(in Japanese)	(See Japanese page)
Abstract(in English)	It is known that an IP packet passes through less than 30 routers before it reaches the destination host. According to our observation, some IP packets have an abnormal Time-To-Live (TTL) value that is decreased more than 30 from the initial TTL. These packets are likely to be generated by special software. We assume that IP packets with a strange TTL value are malicious. This paper investigates this conjecture through several experiments. As a result, we show that it is possible to discriminate malicious packets from legitimate ones only by observing TTL values.
Keyword(in Japanese)	(See Japanese page)
Keyword(in English)	TTL / hop count / malicious traffic / network security
Paper #	IN2011-176
Date of Issue

Conference Information
Committee	IN
Conference Date	2012/3/1(1days)
Place (in Japanese)	(See Japanese page)
Place (in English)
Topics (in Japanese)	(See Japanese page)
Topics (in English)
Chair
Vice Chair
Secretary
Assistant

Paper Information
Registration To	Information Networks (IN)
Language	JPN
Title (in Japanese)	(See Japanese page)
Sub Title (in Japanese)	(See Japanese page)
Title (in English)	Discriminating malcious packets using TTL in the IP header
Sub Title (in English)
Keyword(1)	TTL
Keyword(2)	hop count
Keyword(3)	malicious traffic
Keyword(4)	network security
1st Author's Name	Ryo YAMADA
1st Author's Affiliation	Faculty of Science and Engineering, Waseda University()
2nd Author's Name	Kazuhiro TOBE
2nd Author's Affiliation	Faculty of Science and Engineering, Waseda University
3rd Author's Name	Shigeki GOTO
3rd Author's Affiliation	Faculty of Science and Engineering, Waseda University
Date	2012-03-09
Paper #	IN2011-176
Volume (vol)	vol.111
Number (no)	469
Page	pp.pp.-
#Pages	6
Date of Issue