Download now Free registration required
The authors propose a new methodology for comparing network traces. This methodology is based on the use of multiple statistical measures on the set of network characteristics, and the correlations between those characteristics. For the present, they focus on the features present in IP networks and some of its higher layers such as TCP, UDP, and ICMP; however, the methodology is general and applicable to any packet network such as ATM or NetBIOS. Such a methodology would be useful beyond the intrusion detection research community. Computer network forensics personnel could use it to compare different attack traces to ascertain the similarity between the attacks, aiding in attack attribution. Network managers could use the methodology to determine how the network is evolving over time.
- Format: PDF
- Size: 2723.84 KB