Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
NOMS
2010
IEEE
2010
IEEE
Packet sampling for worm and botnet detection in TCP connections
—Malware and botnets pose a steady and growing threat to network security. Therefore, packet analysis systems examine network traffic to detect active botnets and spreading worms. However, with the advent of multi-gigabit link speeds, capturing and analysing header and payload of every packet requires enormous amounts of computational resources and is therefore not feasible in many situations. We address this problem by presenting an efficient packet sampling algorithm that picks a small number of packets from the beginning of every TCP connection. Bloom filters are used to store the required connection state information with constant amount of memory. Our analysis of worm and botnet traffic shows that the large majority of attack signatures is actually found in these packets. Thus, our sampling algorithm can be deployed in front of a detection system to reduce the amount of inspected packets without degrading the detection results significantly.
Real-time Traffic| Added | 29 Jan 2011 |
| Updated | 29 Jan 2011 |
| Type | Journal |
| Year | 2010 |
| Where | NOMS |
| Authors | Lothar Braun, Gerhard Münz, Georg Carle |
Comments (0)
Researcher Info
|
