Detection of Malcodes by Packet Classification

In this paper, we propose an anomaly detection approach that classifies packets into code-type and data-type. Our objective is to detect a packet containing codes flowing into a network port, which normally expects data packets only. The proposed approach can detect potentially malicious packets suc...

Full description

Saved in:
Bibliographic Details
Main Authors: Ahmed, Irfan, Lhee, Kyung-suk
Format: Conference Proceeding
Language:English
Subjects:
Availability
Communication system security
Data security
Face detection
Frequency
Information analysis
Information security
Intrusion detection
Payloads
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In this paper, we propose an anomaly detection approach that classifies packets into code-type and data-type. Our objective is to detect a packet containing codes flowing into a network port, which normally expects data packets only. The proposed approach can detect potentially malicious packets such as worms, viruses, and shellcodes. We propose a time-efficient algorithm and show the results of our initial experiments.
DOI:10.1109/ARES.2008.100