An evaluation of connection characteristics for separating network attacks Online publication date: Mon, 23-Feb-2009
by Robin Berthier, Michel Cukier
International Journal of Security and Networks (IJSN), Vol. 4, No. 1/2, 2009
Abstract: The goal of this paper is to evaluate the efficiency of connection characteristics to separate different attack families that target a single TCP port. Identifying the most relevant characteristics might allow statistically separating attack families without systematically using forensics. This study is based on a dataset collected over 117 days using a test-bed of two high interaction honeypots. The results indicated that to separate unsuccessful from successful attacks in malicious traffic: the number of bytes is a relevant characteristic; time-based characteristics are poor characteristics; using combinations of characteristics does not improve the efficiency of separating attacks.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Security and Networks (IJSN):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com
Our Blog 
Follow us on Twitter 
Visit us on Facebook