ANALYSIS OF ANOMALY PACKET’S FEATURE BASED ON HONEYPOT
The deep study of anomaly feature based on the particular server was made in this paper. By continuously monitoring on the honeypot deployed in Internet Data Center for more than two months, the experimental results were summarized and some initial exploratory models were built. The models show that the number of attackers for the main attack types and ports can be described by normal distribution; meanwhile, the average packet number that each attacker generates per day can be described by log-normal distribution. This research aims to contribute to endeavor in the wider security research community to build methods and obtain some statistical models, grounded on strong empirical work, for assessment of the robustness of systems in hostile environments, and the anomaly traffic sampling, detection and classification on the backbone.
Honeypot Heavy-tail Anomaly feature Anomaly detection
Wang Xinliang Liu Fang Chen Luying Lei Zhenming
School of Information and Communication Engineering,Beijing University of Posts and Telecommunications, Beijing
国际会议
北京
英文
271-275
2009-10-18(万方平台首次上网日期,不代表论文的发表时间)