Passive visual fingerprinting of network attack tools

12 years 1 months ago
Passive visual fingerprinting of network attack tools
This paper examines the dramatic visual fingerprints left by a wide variety of popular network attack tools in order to better understand the specific methodologies used by attackers as well as the identifiable characteristics of the tools themselves. The techniques used are entirely passive in nature and virtually undetectable by the attackers. While much work has been done on active and passive operating systems detection, little has been done on fingerprinting the specific tools used by attackers. This research explores the application of several visualization techniques and their usefulness toward identification of attack tools, without the typical automated intrusion detection system’s signatures and statistical anomalies. These visualizations were tested using a wide range of popular network security tools and the results show that in many cases, the specific tool can be identified and provides intuition that many classes of zero-day attacks can be rapidly detected and analyze...
Gregory J. Conti, Kulsoom Abdullah
Added 02 Jul 2010
Updated 02 Jul 2010
Type Conference
Year 2004
Authors Gregory J. Conti, Kulsoom Abdullah
Comments (0)