An Analysis on Distribution of Malicious Packets and Threats over the Internet
Internet worms pose great threats for computer systems connected to the Internet. Malicious packets sent by Internet worms or port-scan activities can be captured by monitoring ports of IP addresses where any network service is provided. We present an analysis of distribution of malicious packets over the Internet and show evaluation of Internet threats.Several methods have been proposed for detecting threats over the Internet based on monitoring malicious packets. Most of these methods apply statistical methods to time-series frequencies of malicious packets. We proposes a method for evaluating threats on the Internet based on graph defined by the sources and destinations of monitored malicious packets. In order to evaluate threats, we formulate two relationships between threats of the worms and vulnerability of ports of network services and apply Eigenvalue problem to derive threat levels of network ports. We applied our method to working examples monitored during the period of worm outbreaks to show the effectiveness of our method.
Internet Monitoring Computer Worms Internet Threat Malicious Packets
Masaki Ishiguro Shigeki Goto Hironobu Suzuki Ichiro Murase
Mitsubishi Research Institute 3-6 Otemachi 2-Chome,Chiyoda-ku, Tokyo, Japan Waseda University 3-4-1 Okubo Shinjuku-ku, Tokyo, Japan
国际会议
APAN Network Research Workshop 2007(第24届亚太高速网络会议)
西安
英文
9-16
2007-08-27(万方平台首次上网日期,不代表论文的发表时间)