Show simple item record

dc.contributor.authorGrizzard, Julian B.
dc.contributor.authorSimpson, Charles Robert, Jr.
dc.contributor.authorKrasser, Sven
dc.contributor.authorOwen, Henry L., III
dc.contributor.authorRiley, George F.
dc.description©2005 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or distribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE. This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.en
dc.descriptionPresented at the Sixth Annual IEEE Systems, Man and Cybernetics (SMC) Information Assurance Workshop, 2005
dc.description.abstractWe conduct a flow based comparison of honeynet traffic, representing malicious traffic, and NETI@home traffic, representing typical end user traffic. We present a cumulative distribution function of the number of packets for a TCP flow and learn that a large portion of these flows in both datasets are failed and potentially malicious connection attempts. Next, we look at a histogram of TCP port activity over large time scales to gain insight into port scanning and worm activity. One key observation is that new worms can linger on for more than a year after the initial release date. Finally, we look at activity relative to the IP address space and observe that the sources of malicious traffic are spread across the allocated range.en
dc.format.extent1214423 bytes
dc.publisherGeorgia Institute of Technologyen
dc.subjectInvasive softwareen
dc.subjectPacket switchingen
dc.subjectTelecommunication network routingen
dc.subjectTelecommunication securityen
dc.subjectTelecommunication trafficen
dc.subjectTransport protocolsen
dc.titleFlow Based Observations from NETI@home and Honeynet Dataen
dc.contributor.corporatenameGeorgia Institute of Technology. School of Electrical and Computer Engineering
dc.publisher.originalInstitute of Electrical and Electronics Engineers, Inc., New York

Files in this item


This item appears in the following Collection(s)

  • MANIACS Publications [35]
    Papers, Pre/Post-Prints, and Presentations by Faculty and Students in the MANIACS program.

Show simple item record