ROOK: Multi-session Based Network Security Event Detector

13 years 11 months ago

Download www.sfc.wide.ad.jp

We have implemented Multi-Session based Network Security Event Detector: ROOK to detect botnet activity and P2P ﬁle sharing trafﬁc and our results show that our method is less false positives than existing network security event detectors (e.g. IDS). We proposed a network security event detection method by analyzing correlation among multiple sessions. Our method can recognize hosts behaviors by rules that describe multi-session correlations: a rule includes the order of starting sessions and information exchange between sessions. By this method, ROOK detected DNS and IRC activities of bots in the experiment.

Masayoshi Mizutani, Shin Shirahata, Masaki Minami,

Real-time Traffic

Internet Technology | Multi-session Based Network | Network Security Event | SAINT 2008 | Security Event Detectors |

claim paper

» Detecting Network Anomalies Using CUSUM and EM Clustering

» System approach to intrusion detection using hidden Markov model

Post Info
More Details (n/a)

Added	01 Jun 2010
Updated	01 Jun 2010
Type	Conference
Year	2008
Where	SAINT
Authors	Masayoshi Mizutani, Shin Shirahata, Masaki Minami, Jun Murai

Comments (0)

Sciweavers

ROOK: Multi-session Based Network Security Event Detector

Internet Technology | Multi-session Based Network | Network Security Event | SAINT 2008 | Security Event Detectors |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers