The use of packet inter-arrival times for investigating unsolicited Internet traffic
Zimmermann, Jacob, Clark, Andrew J., Mohay, George M., Pouget, Fabien, & Dacier, Marc (2005) The use of packet inter-arrival times for investigating unsolicited Internet traffic. In The First International Workshop on Systematic Approaches to Digital Forensic Engineering, 7-9 November, Taipei, Taiwan.
![[img]](http://eprints.qut.edu.au/style/images/fileicons/application_pdf.png)
Abstract
Monitoring the Internet reveals incessant activity, that has been referred to as background radiation. In this paper, we propose an original approach that makes use of packet inter-arrival times, or IATs, to analyse and identify such abnormal or unexpected network activity. Our study exploits a large set of data collected on a distributed network of honeypots during more than six months. Our main contribution in this paper is to demonstrate the usefulness of IAT analysis for network forensic purposes, and we illustrate this with examples in which we analyse particular IAT peak values. In addition, we pinpoint some network anomalies that we have been able to determine through such analysis.
Citations:
Citation countsare sourced monthly from Scopus and Web of Science citation databases.
These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science generally from 1980 onwards.
Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.
Full-text downloads:
Full-text downloadsdisplays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.
| ID Code: | 20865 |
|---|---|
| Item Type: | Conference Paper |
| Additional URLs: | |
| Keywords: | internet monitoring, honeypots, packet timing |
| DOI: | 10.1109/SADFE.2005.26 |
| ISBN: | 0769524788 |
| Subjects: | Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303) |
| Divisions: | Past > QUT Faculties & Divisions > Faculty of Science and Technology Past > Institutes > Information Security Institute |
| Copyright Owner: | Copyright 2005 IEEE Computer Society |
| Deposited On: | 02 Jun 2009 14:32 |
| Last Modified: | 30 Mar 2012 14:05 |
Export: EndNote | Dublin Core | BibTeX
Repository Staff Only: item control page