Using of time characteristic in Netflow data for improvement of protocol detection

Authors

PISKAČ Pavel NOVOTNÝ Jiří

Year of publication 2010
Type R&D Presentation
MU Faculty or unit

Institute of Computer Science

Citation
Description Protocol detection is very important for network security applications. This information can be gathered from NetFlow data with method based on port numbers, but port numbers can be changed easily. This work brings an idea how to detect protocols using additional information about gaps between packets, which is different for each protocol. This property allows us to detect one specific situation - dictionary attack on SSH - so far.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.

More info