The Use of Packet Inter-Arrival Times for Investigating Unsolicited Internet Traffic

, , , Pouget, Fabien, & Dacier, Marc (2005) The Use of Packet Inter-Arrival Times for Investigating Unsolicited Internet Traffic. In Huang, M Y (Ed.) Proceedings, First International Workshop on Systematic Approaches to Digital Forensic Engineering - SADFE 2005. IEEE Computer Society, United States of America, pp. 89-104.

[img]
Preview
 		Published Version (PDF 757kB)
zimmermann2005sadfe.pdf.

View at publisher

Description

Monitoring the Internet reveals incessant activity, that has been referred to as background radiation. In this paper, we propose an original approach that makes use of packet inter-arrival times, or IATs, to analyse and identify such abnormal or unexpected network activity. Our study exploits a large set of data collected on a distributed network of honeypots during more than six months. Our main contribution in this paper is to demonstrate the usefulness of IAT analysis for network forensic purposes, and we illustrate this with examples in which we analyse particular IAT peak values. In addition, we pinpoint some network anomalies that we have been able to determine through such analysis.

Impact and interest:

11 citations in Scopus
5 citations in Web of Science®
Search Google Scholar™

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

Full-text downloads:

258 since deposited on 02 Jun 2009
19 in the past twelve months

Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.

More statistics...
ID Code: 20865
Item Type: Chapter in Book, Report or Conference volume (Conference contribution)
Measurements or Duration: 16 pages
Keywords: Attacks Detection, Computer Atacks, Honeypots, Packet Training
DOI: 10.1109/SADFE.2005.26
ISBN: 0-7695-2478-8
Pure ID: 34246699
Divisions: ?? 16 ??
Past > Institutes > Information Security Institute
Copyright Owner: Consult author(s) regarding copyright matters
Copyright Statement: This work is covered by copyright. Unless the document is being made available under a Creative Commons Licence, you must assume that re-use is limited to personal use and that permission from the copyright owner must be obtained for all other uses. If the document is available under a Creative Commons License (or other specified license) then refer to the Licence for details of permitted re-use. It is a condition of access that users recognise and abide by the legal requirements associated with these rights. If you believe that this work infringes copyright please provide details by email to qut.copyright@qut.edu.au
Deposited On: 02 Jun 2009 04:32
Last Modified: 03 Mar 2024 11:49

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page

CORE (COnnecting REpositories)