Filtering automated polling traffic in computer network flow data

File Description SizeFormat 
polling_paper.pdfAccepted version200.13 kBAdobe PDFView/Open
Title: Filtering automated polling traffic in computer network flow data
Authors: Heard, N
Rubin-Delanchy, P
Lawson, D
Item Type: Conference Paper
Abstract: Detecting polling behaviour in a computer network has two important applications. First, the polling can be indicative of malware beaconing, where an undetected software virus sends regular communications to a controller. Second, the cause of the polling may not be malicious, since it may correspond to regular automated update requests permitted by the client, to build models of normal host behaviour for signature-free anomaly detection, this polling behaviour needs to be understood. This article presents a simple Fourier analysis technique for identifying regular polling, and focuses on the second application: modelling the normal behaviour of a host, using real data collected from the computer network of Imperial College London.
Issue Date: 8-Dec-2014
Date of Acceptance: 24-Sep-2014
URI: http://hdl.handle.net/10044/1/54202
DOI: https://dx.doi.org/10.1109/JISIC.2014.52
Publisher: IEEE
Start Page: 268
End Page: 271
Journal / Book Title: Intelligence and Security Informatics Conference (JISIC), 2014 IEEE Joint
Copyright Statement: © 2014 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Conference Name: IEEE Joint Intelligence and Security Informatics Conference (JISIC 2014)
Keywords: Science & Technology
Technology
Computer Science, Information Systems
Computer Science, Interdisciplinary Applications
Computer Science, Theory & Methods
Computer Science
Science & Technology
Technology
Computer Science, Information Systems
Computer Science, Interdisciplinary Applications
Computer Science, Theory & Methods
Computer Science
Publication Status: Published
Start Date: 2014-09-24
Finish Date: 2014-09-26
Conference Place: Hague, NETHERLANDS
Appears in Collections:Mathematics
Statistics
Faculty of Natural Sciences



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

Creative Commonsx