Using of time characteristic in Netflow data for improvement of protocol detection
Authors | |
---|---|
Year of publication | 2010 |
Type | R&D Presentation |
MU Faculty or unit | |
Citation | |
Description | Protocol detection is very important for network security applications. This information can be gathered from NetFlow data with method based on port numbers, but port numbers can be changed easily. This work brings an idea how to detect protocols using additional information about gaps between packets, which is different for each protocol. This property allows us to detect one specific situation - dictionary attack on SSH - so far. |
Related projects: |