PAPERS
To return to the "Published Papers" main page, click here.
THE EIGHTH INTERNATIONAL CONFERENCE ON FORENSIC COMPUTER SCIENCE - ICoFCS 2013
Print ISBN 978-85-65069-09-9, pages 46-51
DOI: 10.5769/C2013007 and http://dx.doi.org/10.5769/C2013007
Greatest Eigenvalue Time Vector Approach for Blind Detection of Malicious Traffic
By Danilo Fernandes Tenório, João Paulo C. L. da Costa, and Rafael Timóteo de Souza Júnior
To download this paper, click here.
Print ISBN 978-85-65069-09-9, pages 46-51
DOI: 10.5769/C2013007 and http://dx.doi.org/10.5769/C2013007
Greatest Eigenvalue Time Vector Approach for Blind Detection of Malicious Traffic
By Danilo Fernandes Tenório, João Paulo C. L. da Costa, and Rafael Timóteo de Souza Júnior
To download this paper, click here.
ABSTRACT
Recently, blind techniques have been applied to detect malicious traffic and attacks in honeypots. The honeypot traffic can be divided into legitimate and malicious traffic, where the legitimate traffic corresponds to DHCP, broadcasting, and synchronization. In practice, other servers connected to the network may be also targets for attacks and malicious traffic. Therefore, it is crucial to develop detection techniques for malicious traffic for such computers. In this paper, we propose a solution that blindly detects malicious traffic for any computer connected to the network. We validate our proposed solution considering two types of malicious traffic: synflood and portscan.
KEYWORDS
Eigenvalue Decomposition; Model Order Selection; Detection.
Recently, blind techniques have been applied to detect malicious traffic and attacks in honeypots. The honeypot traffic can be divided into legitimate and malicious traffic, where the legitimate traffic corresponds to DHCP, broadcasting, and synchronization. In practice, other servers connected to the network may be also targets for attacks and malicious traffic. Therefore, it is crucial to develop detection techniques for malicious traffic for such computers. In this paper, we propose a solution that blindly detects malicious traffic for any computer connected to the network. We validate our proposed solution considering two types of malicious traffic: synflood and portscan.
KEYWORDS
Eigenvalue Decomposition; Model Order Selection; Detection.
