CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Detection of malicious Traffic on Backbone links via Packet Header Analysis

Wolfgang John (Institutionen för data- och informationsteknik, Nätverk och system (Chalmers) ) ; Tomas Olovsson (Institutionen för data- och informationsteknik, Nätverk och system (Chalmers) )
Campus-Wide Information Systems (1065-0741). Vol. 25 (2008), 5, p. 342 - 358 .
[Artikel, refereegranskad vetenskaplig]

Purpose – This study seeks to investigate modern internet back-bone traffic in order to study occurrences of malicious activities and potential security problems within internet packet headers. Design/methodology/approach – Contemporary and highly aggregated back-bone data have been analyzed regarding consistency of network and transport layer headers (i.e. IP, TCP, UDP and ICMP). Possible security implications of each anomaly observed are discussed. Findings – A systematic listing of packet header anomalies, together with their frequencies as seen “in the wild”, is provided. Inconsistencies in protocol headers have been found within almost every aspect analyzed, including incorrect or incomplete series of IP fragments, IP address anomalies and other kinds of header fields not following internet standards. Internet traffic was shown to contain many erroneous packets; some are the result of software and hardware errors, others the result of intentional and malicious activities. Practical implications – The study not only presents occurrences of header anomalies as observed in today's internet traffic, but also provides detailed discussions about possible causes for the inconsistencies and their security implications for networked devices. Originality/value – The results are relevant for researchers as well as practitioners, and form a valuable input for intrusion detection systems, firewalls and the design of all kinds of networked applications exposed to network attacks.

Nyckelord: Computer networks, Control systems, Data security, Firewalls, Internet

Denna post skapades 2008-11-21. Senast ändrad 2015-12-17.
CPL Pubid: 78549


Läs direkt!

Länk till annan sajt (kan kräva inloggning)

Institutioner (Chalmers)

Institutionen för data- och informationsteknik, Nätverk och system (Chalmers)



Chalmers infrastruktur

Relaterade publikationer

Denna publikation ingår i:

Characterization and Classification of Internet Backbone Traffic